In recent years, technological innovation has improved productivity, efficiency and communications in all industries, and agriculture is no exception. The collection, analysis and storage of data allow ranchers and farmers to refine their processes, increase yields and comply with regulations as they evolve. Unfortunately, there is a downside. All these improvements create digital data, and protecting it is the function of cybersecurity. Given that the FBI has already identified agriculture as an industry with cyber risk, how are digital assets protected in an inexpensive manner?
Know Your Data
It may seem obvious, but the first step in protecting data is knowing where it is. Data is created in many forms, from emails and documents to process logs and sensor information. As farmers and ranchers become more reliant on digitized data, they become more vulnerable to cyberattacks. The size of your operation is irrelevant as hackers often infiltrate smaller operations to reach their larger objective. The Target hack is such an example, where hackers broke in via an HVAC client company, using a phishing email to install malware.
Therefore, it is important to know where data resides. For many, hard drives on desktops are common. Network storage, servers, portable devices (such as smartphones, laptops and tablets), and IoT (Internet of Things) devices are all possible. Of these, IoT devices and sensors are perhaps the most dangerous and need protection as compromising one of these can allow access to the entire network and the data stored on it. In smart farming or precision agriculture, it is crucial that the rancher or farmer understands the path data travels, whether it involves RFID tags, automated milking machines, soil sensors, GPS monitoring of crop growth using drones or any other agricultural activity or process, including those in the entire supply chain.
Some data may reside in the cloud. If so, how does your cloud service provider manage your data? Perhaps other third parties have access to data for analysis and visualization?
Know the Risks
Ignoring cybersecurity is not an option as the risks are many and varied. With each innovation or automated process comes additional cybersecurity risks. Data is valuable, and the use of Big Data at a farm or ranch level can allow hackers (or perhaps hacktivists protesting GMOs) to analyze data to predict market availability and pricing – an advantage on the future market. Hackers can also have disruptive motives, such as destroying data or holding it to ransom until financial compensation is received.
Cybersecurity on a Budget
Cybersecurity professionals often refer to best practices when recommending a strategy to protect their operations. For those with a primary focus on other areas, such as agriculture, this is confusing. Luckily, there are standards available that, if followed, allow businesses in all industries to protect their digital assets.
As there is no dedicated security standard for smart agriculture (although it is coming), agricultural operations can choose from several others. These include ISO 27001 and the NIST Cybersecurity framework, neither of which are mandatory but offer guidelines for reducing cybersecurity risk. If the business accepts credit cards as part of operations, then the PCI-DSS standard is often mandatory and helps protect cardholder data and payment processing.
Therefore, protecting your operation on a budget will require, but is not limited to, the following steps:
- Select and align with a cybersecurity and compliance standard. Even if the current budget only allows partial compliance, it means that any pending tasks can be worked on as additional budgets become available.
- Ensure that operations have a reliable backup and recovery strategy in case data is lost or corrupted. It is imperative to test the process rather than have it fail when needed.
- Security awareness is key for all employees, not just for those in management or office positions. Ensure that everyone is aware of the common ways hackers try to acquire data.
- Hire a cybersecurity professional familiar with your business. Such a person can determine areas of risk and protect against them. Many outsource these professionals rather than offering full-time employment.
- Ensure that you have a security software suite to block viruses, malware and other threats.
- Ensure that all software has the latest updates and security patches.
- Network monitoring software can also block potential threats by IP address or only allow specific ones. Those accessing data remotely should only do so over VPN. This software will also monitor when approved users access information.
- Change passwords from the default. This especially applies to email accounts, server accounts, router passwords etc. Passwords should never be easy to guess and, for maximum protection, should be changed every month.
- In terms of third parties, ensure all disclose their data protection methods including backup and recovery processes and that they align with your expectations.
None of the above require large capital investment and several only require a small amount of time each month. Once achieved, the business can then look at the next step in cybersecurity, proactive threat monitoring, alerting and even hunting.
Meet the Author
Erik Gillam, CPA
Aldrich CPAs + Advisors
Erik joined Aldrich in 2004 and has spent his entire career focused on providing assurance audits, reviews and compilations to agricultural and farming. Erik leads the agribusiness niche at Aldrich. As a leading agribusiness consultant, Erik has experience working with a range of agricultural-related clients from small family operated farms to large cooperative organizations that…
- Agriculture and farming
- Closely-held businesses
- Audit and assurance
- Certified Public Accountant