June 18, 2021
The recent hack of JBS’ computer systems is a reminder of just how vulnerable agribusinesses are to a cyberattack.
“We're seeing the ramifications of poor cybersecurity best practices in corporations,” says Michael Levin, CEO of the Center for Information Security Awareness. “We've got to do a better job of hardening the target. There's too many open doors on a lot of these systems.”
But farmers themselves are becoming more vulnerable, he says, as more things on the farm — tractors, combines, sprayers — are connected to the internet of things, opening up another avenue for cyberattacks.
The good news is that it doesn’t cost a lot of money, or even time, to become better protected from a cyberattack. But it does require a change in mindset.
“The problem is now, there is no one teaching U.S. citizens how to protect themselves,” Levin says. “They usually don't learn until they're victimized.”
Levin, who is a former Secret Service agent and former deputy director of the National Cyber Security Division of the Department of Homeland Security, works with law enforcement and private companies on how to create a culture where people are better educated and focused on cybersecurity. His clients include several farm credit financial companies and credit unions.
While cyberattacks have gotten more sophisticated, the way hackers get into a system hasn’t changed: They’ll choose the path of least resistance.
That means targeting people through emails by asking them to open a file, or clicking on a link, that looks official but is a way for hackers to get into the system.
"The No. 1 thing people have to do is slow down when they're opening email. It can be very dangerous,” Levin says. “We're training the employees not just how to be safe at work, but how to be safe at home. Ninety percent of the stuff I talk about is good for work and home.”
Anything that’s connected to the internet, including your iPhone or Android device, is a potential security breach, Levin says. The key to protecting yourself is making sure you’re aware of simple things that can reduce your risk.
“If I can just get you to stop clicking on every link or stop clicking on your emails, that can reduce your risk by sometimes 50%,” he says.
Update your system
The first thing to do is to make sure you have the latest version of your operating system installed.
Levin says that Microsoft and Apple often update their operating systems because of security vulnerabilities that have been discovered, so it’s important to keep your system updated even if it takes time to complete.
Read emails carefully
When it comes to reading emails, Levin says that people should view any message as a potential security risk.
If an email asks you to click on something or open an attachment that you don’t recognize, don’t do it. If your bank sends an official looking email asking you to click on something, don’t do it. Instead, open a browser and go directly to your bank’s website for information rather than clicking on a link to get there.
Attachments can be tricky. Levin says that hackers will come after email users through a process called spear phishing, where they’ll send official-looking emails from a company you’re known to do business with — only to get you to click on it, giving them a way to hack your system.
These kinds of attacks are becoming more sophisticated as hackers will often intercept email lists and send you emails from people you might know, only to dupe you into clicking on a link. It’s important to look at the email address itself to see if it’s coming from a legitimate source.
“You get the email looking like it’s from a friend,” Levin says. “Just a quick text or call to that friend, and you’ll find out it’s a scam. You have to be like an investigator now when opening up emails.”
Use strong passwords
It might sound simple, but having strong passwords is often the most important thing you can do to protect your system.
Passwords, Levin says, should be more than eight characters long and include numbers, letters and special characters. Don’t use a birthdate, Social Security number, or any other word or phrase that might be easily guessed.
“It’s crazy, but when we talk about the internet of things, the biggest weak link is password protection,” Levin says. “They’re using bad passwords. People have a tendency to get lazy and use bad passwords. One of the things I have organizations do is use a password manager.”
And if you’re being offered it, use two-factor authentication on your phone or computer. It’s just another layer of protection.
Test for issues and have backups
If you run a farm business with multiple employees, Levin recommends hiring a third-party penetration testing service to see where vulnerabilities in the system exist.
If you have a computer that’s three to four years old, it might be time to replace it.
“The prices have come way down,” Levin says. “There’s no reason to have a 7- or 8-year-old laptop anymore.”
It’s also crucial to back up your data, whether you’re in business for yourself or have employees. A backup could be as simple as just plugging in an external drive, backing up everything up on there, and then unplugging it when you’re done using your computer.
It’s also important to scan those backups to ensure they don’t have a virus on them, as hackers will often put something on the backup without you even knowing about it.
Dealing with ransomware
JBS confirmed that it paid $11 million to a Russian-speaking gang that’s been responsible for many large-scale ransomware attacks.
Ransomware, Levin says, is often the result of someone clicking on a phishing email by mistake leading to an infected computer and, eventually, an infected system.
In a ransomware attack, the computer or system is taken over by someone who asks for money in exchange for getting the data returned. Company or government computer systems are attractive targets, but people can be targeted, too.
If you get a pop-up message asking you to pay someone to get your data back, Levin says to shut the computer off and revert to the backup. Call a computer expert to help you out.
For more information, visit the Center for Information Security Awareness.
About the Author(s)
You May Also Like
Current Conditions for
New York, NY
Enter a zip code to see the weather conditions for a different location.