The internet has been a boon to farm businesses. Whether it’s ordering farm supplies online, hosting an online store, problem solving, communicating with the farm team and other farmers, accessing detailed weather forecasts or marketing info, the list of the ways we rely on the internet every day is long.
Unfortunately, as the internet has become increasingly indispensible, the frequency of cybercrimes has also risen.
The risks associated with phishing scams, malware and ransomware attacks are real, and small businesses can be at greater risk than ever because many cybercriminals know they are so vulnerable, says Jason Besner.
Besner is director of partnerships at the Canadian Centre for Cyber Security, which leads the federal government’s response to cybersecurity, and he says cybercriminals are looking to gain access to data about customers, suppliers and employees, with a focus on banking and credit card information and payment systems.
Cybersecurity incidents don’t just affect data; these incidents can also result in reputational damage, productivity loss, intellectual property theft, operational disruptions and financial loss due to large recovery costs.
But the biggest risk of all is being unprepared, says Besner. Too often companies take steps to protect themselves only after they have been a victim of a cyber incident.
Being proactive will save you time, money and a great deal of stress, agrees Steve Brown, manager of cybersecurity practice at BDO Canada LLP in Toronto. “The cost of resolution is much more than prevention,” he says.
Country Guide reached out to Besner and Brown for tips on how to protect your business from cybercriminals.
Assign at least one person to be responsible for your business’s cybersecurity, says Besner. Ensure the person understands the breadth of their responsibility and stays up-to-date with emerging cyberthreats.
Ensure all employees understand the importance of cybersecurity and are trained to use the internet safely and to recognize potential threats, says Besner.
It’s essential to have policies and procedures in place for safe use of email and the internet, says Brown. In the event of a cyberincident, everyone needs to know who to contact and what steps to take to minimize damage.
One of the most common threats is phishing, the use of deceptive emails to trick individuals into disclosing information or to trick people into downloading malicious software (malware) onto their computers, says Brown. Employees need “to take the extra minute to verify the source of an email,” he says. “Too often we are working on autopilot.”
Increasingly common, smishing is a form of phishing using text messages.
Whaling, says Besner, is a type of phishing where an employee with authority to issue large payments receives a message, which appears to be legitimate, urging them to direct funds to an account controlled by a cybercriminal, resulting in major financial losses.
Brown also warns against using free WIFI at coffee shops or elsewhere. “Bad actors can jump on that,” he says. “There’s a high risk of being intercepted. They can get usernames and passwords… they can get everything.” Instead, he recommends using your cell phone’s Hot Spot.
Doing an end-to-end cybersecurity threat risk assessment of all internet-connected devices will pinpoint any weaknesses in your system, says Besner. Some of the less obvious weak spots include:
- When possible, software should be set to update automatically so that all security fixes are up to date. When that’s not possible, manual updates should be scheduled regularly.
- Older versions of software that are no longer getting security patches from the developer are a potential risk, says Brown.
- Point-of-sale terminals and other internet-connected devices with operating systems are often overlooked, says Besner. “These devices are often not thought of as something to update and keep secure because they don’t look like computers,” he says. According to the Canadian Centre for Cyber Security, “by targeting out-of-date IT systems, cyberthreat actors can install malware that steals customer information, interferes with business operations, makes fraudulent purchases, manipulates pricing and causes other forms of disruption.”
- The security of any device should be considered before connecting it to the internet, continues Besner. All default usernames and passwords should be changed from the factory settings.
- A password policy should be part of your overall cybersecurity plan, says Brown. These are rules around how passwords are created and changed. (See “TIPS” below for more information on creating strong passwords.)
- Ransomware attacks that prevent you from using your computers until you pay a ransom are becoming increasingly common, says Brown. Having up-to-date backups in multiple locations can assist with data recovery.
When it comes to cybersecurity, putting the effort into securing your system through employee training, assessing your vulnerabilities and following best management practices will save you time, money and headaches.
The federal government’s Canadian Centre for Cyber Security has many free resources to help businesses and individuals protect themselves from cyberthreats.
These include a 46-page guide, Cybersafe Guide for Small and Medium Businesses which has a “Cyber Security Status Self-Assessment.”
TIPS for small and medium businesses*
Implementing anti-malware software and a firewall is a great first step toward strengthening your business’s cyber security. Malicious software (malware) is any software created and distributed to cause harm or steal information. Malware exists for desktop computers, laptops, smartphones and tablets.
Always be suspicious of phone calls, emails or other communications from an unknown source. Before providing personal information to anyone, verify that they are a trusted source.
Only visit legitimate and trusted websites while using business computers or working with business information. Hovering your cursor over a link will display the actual destination URL. Try this before clicking on a link. When in doubt, copy and paste the URL into a search engine to identify the site without visiting it.
Never remove or disable security safeguards put in place on business networks and computers (such as anti-virus software).
Implement a site-rating tool as an extension to the browser on user computers. This will help identify safe websites.
Illegally copied software is not supported by developers, which means your business cannot expect any sort of technical support if you experience problems.
Clear your browsing history or cache after online banking and shopping.
If a website or browser asks to keep you signed in, unclick that option and take the time to re-enter your password each time.
(* from the Canadian Centre for Cyber Security)