Cybersecurity Thoughts – Ryan Taylor, Partner

About two months ago, the FBI’s cyber division issued an alert for the food and agriculture sector stating that, “ransomware actors may be more likely to attack agricultural cooperatives during the critical planting and harvest seasons” like the early spring and fall. Were you aware of this alert? Are you prepared to handle a cyberattack event during the two busiest seasons for your cooperative? Unfortunately, it is a matter of when we will be attacked–no one is immune to this threat whether it is in our business life or personal life.

Cybercriminals have all sorts of different methods they can use at their disposal to attack businesses. Some of the more likely causes of a cyber breach are:

+ Phishing/social engineering (also vishing and SMIShing)

+   Human error

+  Ransomware

+ Insider threat

While an organization cannot be 100% certain they are protected against a possible cyber incident, there are steps they can take to help mitigate the possibilities.

Some of these steps include the following:

+ Risk Assessments and Penetration Testing

+ Establish processes and compliance procedures with management and governance (how are we going to address an incident if one occurs and how will it be communicated internally and to the public?)

+ Regular testing of incident response scenarios or frequent exercises and drills

+ Maintain appropriate backups of data and IT infrastructure (identify a timeframe for getting back up operationally and determine the order of importance)

+ Restrict permissions or remove local administrator rights from end users and block application installation by standard users.

+ Deploy multi-factor authentication (MFA) whenever possible

+ Educate and train users (I would recommend KnowBe4 training for all users)

As I mentioned above, it is impossible to be 100% secure or protected. The role of management and IT staff is to identify the highest-risk areas and to allocate resources towards managing them based on the business appetite. Cyber threats are always changing, so a business needs to continually reassess what the risks are and how much they can tolerate in order to run the business.

Questions that you should be asking yourself should be:

+ Do we know what our risks are?

+ Are we appropriately allocating resources? Are we spending enough?

+ How are we doing compared to others?

Rather than:

+ How did this happen?

+ What went wrong?

We have some of the same concerns you may have in protecting our own data and our client’s data. We implemented internal training for our staff and have assessed our infrastructure. We are not experts in the field of cybersecurity, and like you, have to look for outside resources to provide some advice and assistance. If you would like some resources to contact, please don’t hesitate to reach out and we would be happy to put you in touch with them.