Each October, Cybersecurity Awareness Month raises awareness about the importance of cybersecurity across our nation, ensuring that all Americans have the resources they need to be safer and more secure online.
Our company, ZAG Technical Services, Inc., BB #:365534 is frequently called into a cybersecurity-related situation – as often as every 1.5 months – ranging from companies that have been hacked without damage occurring to full-on ransomware attacks.
Remaining vigilant and protecting your systems from attack should be a focus every day.
As many agriculture-based businesses make budgeting decisions for 2022, start with these areas that can help boost protection from cyberattacks:
Implement multi-factor authentication
One of the easiest ways for hackers to gain access to your network is through compromised usernames and passwords.
• Implement MFA across all technology systems and devices to add an extra layer of protection
• Create passwords that use a phrase that’s easy to remember but impossible for others to guess, such as phrases of randomly strung together words (for example: BrownP1cture&HogTied582)
• Avoid writing your passwords down or storing them in the built-in browser repository, which are completely insecure
INVESTMENT: If there is one thing we’d like you to take away from this article, it’s to deploy MFA everywhere. If “everywhere” is a little too much, too soon, start by securing your key applications (e.g., Microsoft 365), along with all remote access.
Secure your email systems
Common targets for hackers and cybercriminals include infiltrating employee emails or sending over links that can compromise the network.
• Implement Domain-based Message Authenticating, Reporting and Conformance (DMARC), which is an email authentication protocol that monitors fraudulent emails that are pretending to come from within the organization.
• Implement and enforce strong financial policies that require verbal confirmation of ACH changes from suppliers and other sensitive areas.
INVESTMENT: DMARC is relatively straightforward to deploy, and there’s no excuse for it not being in place. We recommend you invest the rest of your time on end-user training.
Prepare for disaster
In the threat landscape businesses operate within, it’s not if you’ll be compromised, but when.
• The criminals will try to delete your backups, which is why they must be “air gapped” from Active Directory to ensure that the backups you have in place are recoverable. Going further, the use of snapshots can be better than backups, as they are quicker to recover, but this will be determined by the needs of your organization.
• Have a disaster recovery plan in place and test it at least annually. Documentation of this process should ensure everything works when it is supposed to, which can help protect you from a disaster that can cripple your business.
• Go beyond disaster recovery to incident response planning and business continuity.
INVESTMENT: Starting with backups, calculate your recovery time objective (RTO) and confirm with IT that backup frequency is aligned with this. We recommend investments in incident response and disaster recovery planning. These are company-wide exercises that go well beyond the IT function alone.
Involve your vendors
A single cybersecurity incident can affect a vendor and cause a ripple effect across the supply chain.
• Engage in a risk assessment to determine whether your vendors are engaging in safe and secure technology practices.
• Address the risks with an actionable risk management plan for your supply chain vendors. It’s one thing to identify a problem, and it’s another to solve it using expert advice.
INVESTMENT: Hire an external firm to run a security review on your network, both externally (to “see what hackers see”), and internally to understand fully if and where any vulnerabilities exist. Depending on scope, this could cost as little as $3,500 or as much as $35,000 or more.
Through ongoing training, best practices, incident response planning and disaster recovery, and risk management, your business can be better prepared when the unthinkable occurs. With ongoing vigilance and incremental changes, cybersecurity can be made more manageable and can mean all the difference.