Farm business not immune to cyber security threats

ONTARIO – With the world becoming increasingly connected and digitized, cyber security is a growing concern. Criminals are targeting retailers, municipalities, healthcare providers and critical infrastructure – and as the agriculture sector increases its reliance on sensors, data collection and online connectivity, it is also becoming a target.

In fact, the agri-food industry can be particularly vulnerable, especially at the farm level where the sector consists of many small, independent businesses with limited IT resources – and cyber security often tends to be one of those things that most people don’t worry about until it happens to them or someone close to them.

That was certainly the case for us.Ìý

My family and I farm near the small town of Dashwood close to Lake Huron where we raise pigs and grow garlic and field crops.Ìý

An invoice email request that looked like it came from one of our suppliers turned out to be from a bad actor, and after several agricultural organizations were hit with ransomware attacks, it prompted us to take a serious look at both the risks to our farm business and how we could protect ourselves.

Ransomware is where hackers lock down a system by encrypting its data and essentially holding it hostage until a ransom has been paid.Ìý

Data breaches, where criminals steal customer, business or financial information, are also a common form of cyber attack.

In the agri-food sector, cyber security threats come from three main areas.

Opportunistic cyber criminals look for the so-called low-hanging fruit and choose targets that will get them the maximum return for the lowest time investment.Ìý

State-sponsored hacking teams from other countries actively work to compromise sensors and devices across the entire food supply chain, from farms to food processing and ports.Ìý

Activists resorted to cyber security tactics in Ontario for the first time in 2023 to target a farm.

On our farm, we ended up bringing in some IT expertise to conduct an audit of all our systems, which we’d been piecing together for close to 40 years.

It was an eye opening experience for us.

Even though we are a small business, to us, the impact of an attack would be devastating given how much we rely on the internet and digital connectivity on everything from accepting payments in our on-farm store to running and monitoring systems in our barn.

So we’ve taken action on several fronts, including backing up our data in multiple places and adding a guest wifi that is available to anyone coming to the farm but doesn’t connect them to our main network.

Other things we learned were to pay closer attention to emails or phone calls requesting financial details or passwords that appear legitimate but turn out not to be, and to never send credit card details by email, for example.

October is cyber security month, making it a great time to start thinking about how your business could be vulnerable and how you might be able to protect yourself.Ìý

There is no such thing as zero risk, but there are someÌýrelatively simple steps that can be taken right away to reduce that risk:

– Make sure your hardware and software are kept up to date and that you’re using strong passwords that aren’t shared between employees. Remove access from employees who no longer work for you;

– Back up your most important information regularly and store it in a safe place that is not connected to your main systems;

– Never use public wifi to check your on-farm systems when you’re away. Instead, buy and use a Virtual Private Network (VPN) or connect to your monitoring apps using the cellular data on your device;

– Don’t click on un-verified links in emails or text messages, even if they look legitimate, and never reveal sensitive business or personal information to unsolicited callers. It pays to be suspicious – always check back with a caller who says they are from a financial services provider; and

– Know which devices, sensors, computers, servers, mobile devices, automated equipment, environmental control systems, financial systems, and other hardware in your on-farm networks are connected and know who to call if something goes wrong.

Every farm business is different, and you will need a plan specific to your needs and your situation, but taking any kind of preventative action will reduce your risk in both the short and long-term.

* * *

Teresa Van Raay is an Ontario Federation of Agriculture director.Ìý

Teresa Van Raay