As farmers and rural communities’ transition towards greater reliance upon online technologies, the need to protect both their personal and organisational data is paramount.
Farming and agriculture organisations must be aware of and protect themselves against the many cyber risks that come with both the standard organisational aspects (emails and accounting software), as well as technological advancements, including the use of GPS, remote sensing and automated machinery, equipment and vehicles. The more dependent the organisation or individual is on online services, the greater the risk of experiencing a cyber attack.
To put forth a strong cyber security defence, it is recommended the following are implemented:
- Patching devices – ensuring all devices in use (particularly those connected to the internet) are set up to automatically install the latest updates for both operating systems and software. Some software may also require the updates to be performed manually, which should be completed as soon as possible. It is also important to ensure the operating systems in use are still supported by the vendor (such as Microsoft Windows, Apple macOS and iOS, Google Chrome OS, and Android, otherwise the device and/or operating system will need to be replaced).
- Backing up data – ensuring all data required for daily operations is backed up daily, or weekly depending on the data loss tolerance levels. The backup could be via online cloud storage or a separate hard drive. Ensure that a copy of the backup is kept separate to the primary work location to protect the loss of the backup in case of fire or theft.
- Secure devices – ensuring all devices in use have password protection enabled, via a passphrase, PIN or biometrics. Consider enabling an encryption product such as BitLocker (Windows) or FileVault (macOS) to further protect both personal and organisational data.
- Using Anti-Virus software (AV) – ensuring that AV is in use and up to date for all devices (including mobile phones). For Windows, Virus and Threat Protection can be enabled by accessing the device settings.
- Firewall Activation – ensuring that there is a defence between your network and the internet by enabling the firewall. This can be enabled by accessing the Network and Security settings on the device.
When securing devices, it is not enough to ensure that each device has password protection enabled. As cyber-attacks are becoming more sophisticated, there is a greater exploration of data when passwords are repeated, often across both personal and organisational accounts.
To ensure greater protection from unauthorised access, consider the following:
- Changing the default password for every new device – this includes the default Wifi password.
- Using strong passwords – avoiding the use of commonly used words, or information that can be easily guessed, such as a list of numbers, birth dates, family names, sport teams, street names, pet names etc.
- Do not repeat passwords – have a different password for each online account, especially those which enable access to personal or organisational data. Consider the use of a password manager tool to avoid writing down the passwords.
- Enabling two-factor-authentication (2FA) or multi-factor authentication (MFA) – which can often be easily activated in the application settings via a one-time code sent to a mobile number. This should be enabled for emails, social media, banking and other accounts accessing personal or organisational data.
It is also important for farmers and those in the agricultural industry to be well informed about how to be safe online. Cyber security and online safety training is essential as a primary defence against cyber attacks and should be provided to all employees at least annually.
The training will enable individuals to be cautious about their online presence, as well as how to detect scam calls, text messages and emails and report them to the appropriate authorities within the organisation before an incident occurs. Prevention is always better than a cure.
HOW CAN RSM HELP?
Do you need assistance with maturing your cyber security practices, or an independent cyber security assessment? Contact Darren Booth.
This article was adapted from the ‘Cyber Security for Farmers’ guide published by the UK National Cyber Security Centre on 22 December 2020.