FARMERS CAN BE SITTING DUCKS
By Joyce Hunter
Cyber-attacks are in the news every day. Botnets, malware, ransomware, phishing, and sniffing attack pipelines, hospitals, and water plants daily.
Meat processors and cooperatives suffer attacks, too, and the more individual farmers and ranchers rely upon necessary information technology, these producers also become targets. But how can growers avoid being Sitting Ducks against cyber attacks?
Most ag producers don’t have an IT expert on call. Although security experts are almost everywhere, their recommendations often include so many mitigation tactics that users on the ground don’t know which ones matter most. Like water everywhere and not a drop to drink, the “flood,” i.e., all the hype and waves of endless information, tend to confuse – and overwhelm – people who really must protect themselves.
Here are tips to help prepare for a cyber-attack.
Email presents a massive opportunity for attackers to trick victims into downloading Malware. This tactic, called “phishing,” is how senders disguise themselves to sound like someone important to the victim. For farmers, attackers may pretend to be a cooperative, supplier, implement dealer – anyone critical to farmers’ businesses.
Phishing aims to get the email recipient to download and install malware onto the recipient’s computer. Attackers will either attach or link to the malware in the email.
The best way to identify phishing is to trust your instincts:
- If the email looks fishy, it probably is. Do not trust unfamiliar email addresses. If you suspect an email is a phishing email, do not click on any link or attachment. Delete the email.
Malware must install before damage can occur by:
- Getting the malware downloaded onto the computer;
- Tricking victims into installing, opening, and running the malware and;
- Collecting the bounty – data, money, passwords, etc. – from the malware.
A common way to trick people into downloading malware begins with a phishing email. The phishing email contains malware directing the potential victim to share login information to a website that tricks people into thinking they have found their account. The computer uses these logins to install the malware by opening the attachment or running the program as prompted by the website. For protection, remember:
- Red Flag: Any time a new program installs onto a computer, a message asks, “Do you want to run this program in pop-up windows?” This question protects users from common mistakes. A lack of disclosure is a Red Flag for malware.
- Solution: If malware is suspected, delete the email, attachment, and file. Installed malware will require a computer expert to solve the damage.
Authentication (passwords) used for social media and internet searches can make it easy for attackers to gather information. They use the data – to guess the passwords of targeted victims based on what they’ve learned. For example, they might try a pet’s name, favorite sports team, etc., if they’ve found this information on your social media.
One option is to create a strong password using the first letters of a phrase coupled with numbers, such as “I like to watch science fiction with my wife 16,” resulting in a password of “iltwsfwmw16.”
Password secrecy is also about not sharing your password.
- Avoid writing a PIN on an ATM card, a sticky note on the screen, or document on a computer.
- Use different passwords for different logins, e.g., email, bank, medical, and investments, where losing identity can be costly.
- Save passwords by hand-writing into a small notebook (not on a computer) in a safe place.
- Best! Download a password keeper program, like 1Password or Keepass. These programs manage passwords and keep them locked using a single, strong password, so you only need to remember one password.
Backups are like insurance for your data, offering protection but hoping never to use.
Everyone has data – often photos, that would be devastating to lose. To prevent losing this data, perform a periodic archive to secure storage. The point of backing up data to secure storage – the cloud – is to be able to recover the data later.
Another type of backup is the ongoing data backup on your computer via cloud storage or a USB device. Most operating systems start backing up when the removable drive is connected. Both cloud backup and USB drive backup are good options. The cloud supplies off-site backup, so you will still have the data backed up to the cloud.
- No legitimate organization will ever ask for your bank information, social security number, or password.
- Use multi-factor authentication.
- Consider cloud-based backup to protect from cyber-attacks and natural disasters.
- If you need a tech person’s help, many qualified people can help.
Joyce Hunter is the former Deputy CIO, Policy and Planning, for the U.S. Department of Agriculture and the Advisory Board Chair for CyberAg Supplying cybersecurity outreach, education, awareness, and access for the agriculture and food supply chain.