Best practices to improve your cyber resilience
There was a time when large organizations were the main targets of cyber criminals. Now, things are different.
Small- to medium-sized businesses, as well as individual farmers, face an increasingly diverse array of cyber threats. According to Joel Bouvier, director of cyber security and information technology with FCC, how people prepare for and prevent crises must also change.
Financial and political motivations
Hackers and other cyber criminals can be financially or politically motivated – or both.
Hackers and other cyber criminals can be financially or politically motivated – or both. Politically motivated cybercrime, Bouvier says, is a significant and growing challenge. Because farmers and agricultural businesses are part of Canada’s critical national food and trade infrastructure, the sector faces a higher threat from those trying to disrupt or compromise it.
“The threat landscape facing producers is growing ever wider and more diverse,” Bouvier says. He cites ransomware – software that blocks access to computer systems and demands payment – and phishing – using emails and other messages to trick people into revealing sensitive information – as persistent threats, and ones that perpetrators are finding creative new ways to employ. Phishing messages are commonly sent via email, text messages and voicemail.
“The challenge for small and medium businesses is understanding what’s out there and what practices they can use to protect themselves,” Bouvier says.
Training and crisis management planning
There is a myriad of ways individuals can protect themselves and their businesses against malicious cyber actors.
“Not updating devices, that’s where a lot of vulnerabilities come from. Update regularly and enable multi-factor authentication too,” Bouvier says, referring to the practice of requiring more than one method of account verification when logging in (a password plus text message confirmation, for example).
He adds another easy but often overlooked way to protect yourself is separating everyday use accounts for the family from those used only by administrators. If an attack occurs through an everyday use account, it may not gain access to the core functions of the device and thus can be isolated and managed.
“Take time to learn about phishing – what to look for in a message, what those suspicious indicators are.”
Many small businesses don’t have response plans, but Bouvier says they should consider preparing one. “Prepare for something to happen. Think about when, not if, it will happen. Develop an incident response plan instead of scrambling in the moment.”
Case Study
Ransomware hits family hog farm
In 2023, a politically motivated ransomware attack targeted a family hog farm in Ontario. The attackers claimed to possess incriminating evidence of animal abuse, including alleged footage from the farm’s compromised surveillance system. Instead of demanding money, the attackers insisted on a public admission of animal abuse from the business owners.
In reality, however, no such footage existed. In collaboration with IT experts from the University of Guelph, the family identified that the attack had not affected the entire computer system, enabling them to isolate and remove the threat.
There are many ways individuals and businesses can develop a response plan. Bouvier recommends consulting the Canadian Centre for Cyber Security, which has resources and tips tailored to different audiences with different needs.
For small and medium-sized businesses, there are also grants available through the Canadian Digital Adoption Program—up to $15,000—to help beef up network security.
“You can also pay a professional to come in and do an assessment of where you’re vulnerable and where you can tighten things up,” Bouvier says. He reiterates the agriculture sector as a whole must recognize how quickly digitization has occurred, and security needs to keep pace.
Improve your cyber resilience
Don’t delay the installation of software updates, which protect against evolving threats.
Ensure your anti-virus and security software is active to help identify and remove threats.
Use strong passwords with letters, numbers and special characters.
Use multi-factor authentication, such as a password as well as phone confirmation.
Don’t use the same password for multiple accounts and regularly change passwords.
Have separate systems and devices for your business and personal use.
Regularly back up information to additional devices or hard drives.
Understand what phishing is and avoid phishing attempts by clicking only trusted links.
Secure private networks by ensuring routers and Wi-Fi access are password protected.
Avoid open-access Wi-Fi networks when possible and don’t share sensitive information when using them.
Use a trusted Virtual Private Network (VPN) service whenever possible.
Map your digital network so you can more easily isolate problems if incidents occur.
Have a trusted IT provider and if an incident occurs, call them immediately.
From an AgriSuccess article by Matt McIntosh.