Agriculture is in the bull’s-eye for threat actors trying to access business information. But as Chris Sherman says: “Our keys in the visor mentality” has many farmers trusting too much and putting too much at risk.
Sherman is the founder of Tech Support Farm, an IT and cybersecurity consulting business who works with farmers, co-ops, custom harvesters and more ag businesses to shore up their systems, lock down their sensitive information and stay attuned to emerging risks.
The FBI has listed agriculture as a critical infrastructure for cybersecurity.
So where do most farmers leave themselves vulnerable to hackers? Sherman shares these:
1. Email
Sherman points to email as the No. 1 priority for farmers on where to start in taking cybersecurity seriously.
“The amount of information and data we are sending via email leaves every farmer at risk — from our FSA staff, agronomists, banks and more,” he says. “Emails can be intercepted, all contents can be exposed, and no one is the wiser. It would be like a rural mail carrier, and when he drops the mail someone stands there opening it, reading it and closing the envelope and putting it back in the mailbox. Foolhardy to be using the free email services such as Gmail, Yahoo and others.”
Here are four steps to shore up your email:
- Get a domain
- Get a commercial email provider
- Get a filtration software (which monitors what comes in)
- Get a DMARC compliance service (which manages outbound emails, so no one spoofs you and encryption is done properly)
As an example of why this should be prioritized, Sherman tells the story of a farm business working on a land deal.
“A dad and son were just about ready to sign, and the dad got an email from the bank, at least it appeared to be from the bank, but it was a spoof encouraging them to e-sign,” he says. “And everyone signed, and it drained the bank accounts and blew up the deal.”
2. Be aware of your personal information shared, and embrace “herd immunity”
All to often, farmers don’t have passcodes on their phones.
“That’s like leaving your credit card at the bar,” Sherman says. “For some reason in agriculture we are running multimillion dollar businesses on residential-grade infrastructure.”
He says by the nature of the business, enrolling in government programs, immigration workforce programs (such as H-2A) and more, make your address, phone number and email readily accessible.
“It’s a wealth of opportunity for threat actors. We can’t leave our doors and windows open,” Sherman says. “So you have to protect yourself, and encourage your friends, neighbors and business partners to do the same. If we are all reducing our individual risk, we are reducing the overall risk.”
3. Use high-quality passwords
Sherman says good passwords are must-have on all your accounts, including your Wi-Fi.
“Too often, farmers have their password just be a duplicate of the network name. Or if a farmer’s favorite tractor is a John Deere 4450, 4450 is his pin for everything,” he says. “When we are on the internet, it’s like being in the big city, and you have to act accordingly.”
