Cyber-attacks are a continued and growing threat for all businesses. Small businesses, like agricultural and rural businesses should not think they are immune to this threat: obscurity is not security. Small businesses may even be more at risk, because they tend to have fewer practices in place to prevent a cyber-attack. While attackers may prefer bigger, wealthier targets, they are also practical and may find multiple, small-scale attacks to be easier and less risky for them to complete (Alton, 2021). Make sure your business is prepared by implementing the best practices we have included here and educate yourself using resources to which we have linked.
Types of Cyber-Attacks
The two most common types of attacks against small businesses today come from ransomware and malware. Ransomware attacks occur when login credentials are stolen by phishing, or a device or machine used in the business gets malware and the information is collected unknowingly. Attackers use this information to encrypt data on the computer or network and a pop-up box stating the price of the ransom to get access appears on the monitor. When this happens, access to networked systems is locked which can eliminate your ability to access files and communicate both internally and externally. Some of these systems include email, ordering systems (e-commerce), backup access, production systems, etc. Predatory attackers spend time tracking your online habits, so they know exactly when and how to cripple your ability to do business.
Malware is used to gather data from computers using a digital program called a keylogger which records every keystroke entered onto a machine. From this information, access/login codes can be collected which is often a preliminary step to a larger-scale attack. This attack can be on your business or possibly to target a different business to which you provide a service (and vice versa).
A thesis study from the University of Florida (Felton, 2021) interviewed small business owners about cybersecurity practices and found that 1) small businesses perceived they had less of a security issue because of the size of the business, 2) they didn’t perceive their business’ data was valuable and, 3) they had limited education about cyber threats.
A survey from the Small Business Association indicated that 88% of small businesses were concerned about a cyber-attack, but they lacked resources for technology support and/or lacked time and education related to cybersecurity (SBA, n.d).
It is of the utmost importance, for the continued viability of your business, to protect your internet-connected systems from cyber-attacks. It only takes one un-updated device or careless employee to open a window for attackers.
We have compiled the 7 best practices from across popular and research-based information on cybersecurity:
- Have a cybersecurity plan
- Taking time to plan for a possible cyber-attack can save you a lot of trouble in the future. Once a compromised system has been detected, a rapid response can be key to limiting or preventing the loss of your data.
- Cybersecurity can be complicated, but the Federal Communications Commission has a planning guide specific to small businesses. Take some time to read it and create a plan for your business.
- Educate yourself and your employees about cybersecurity
- Gather your employees for an initial discussion about the importance of cybersecurity and how you plan to address it.
- Make it everyone’s job to be a part of the cybersecurity planning and process. This may require a shift in culture for your business if this hasn’t been a priority before. Like any culture change, this will take time, but it is an important part of making your business secure from cyber-threats.
- Use anti-malware software and keep it updated
- There are many options available online. Explore your options and make sure you have anti-malware software on all work devices. Make sure you have all computers set to update the software automatically.
- Store or backup your data using cloud storage
- Reputable cloud storage vendors have high security standards and built-in safeguards to protect your data from loss due to a cyber-attack.
- Cloud storage is often more affordable for small businesses than investing in your own hardware to store and backup your business’ data.
- Cloud storage solutions (like Dropbox or OneDrive) also include tools that make file sharing and collaboration easier.
- If file sharing and collaboration are not needed, there are affordable cloud backup services that can maintain online backups of your data in case of catastrophic loss.
- Passwords matter!
- Access to all computers and Wi-Fi networks should require a password.
- Passwords should be a minimum of 8 characters in length, and complex enough that it would be difficult for an attacker to guess or otherwise discover them. (Grassi et al., 2017).
- Learn more about creating strong passwords at https://www.businessnewsdaily.com/5597-create-strong-passwords.html
- Commit to regular updates & upgrades of software, computers, and malware protection
- When updates or patches to existing software are released, it is often in response to known bugs or a newly identified security threat.
- While older versions of software may remain functional for your business, they may not receive security updates from the vendor.
- Make time in your and your employee’s schedules to regularly update software. Updates to software and operating systems can often be scheduled to occur outside of active business hours.
- Protect your data
- Evaluate who needs access to information. If someone does not REQUIRE access to all data to do their job, then limit their access to what they actually need.
- Check with your bank and/or credit card processor to make sure you have the most up-to-date anti-fraud services
- If possible, have a dedicated device that collects payments. Ideally this device would not be one you use to search the Web.
While protecting your business from cybersecurity threats may not seem like an urgent need amid the tasks of your agricultural business, it grows increasingly more so in our highly connected society and business environment. Well-managed systems do not guarantee safety, but preparation and well-trained staff are essential to protecting your business and getting back up to speed in a minimal amount of time. Be prepared and, hopefully, you’ll never experience a regrettable cyber-attack.
References & Resources
Alton, L. (2021). The 8 Best Cybersecurity Strategies for Small Businesses in 2021 Even small businesses can be targeted. Here’s how to protect yours from cyber threats. INC.com. https://www.inc.com/larry-alton/the-8-best-cybersecurity-strategies-for-small-businesses-in-2021.html
Federal Communications Commission. Cyber Security Planning Guide. https://transition.fcc.gov/cyber/cyberplanner.pdf
Felton, J. H., Jr. (2021). Cyber resilience of small business owners (Order No. 28318819). Available from ProQuest Dissertations & Theses Global. (2504819573). Retrieved from https://login.lp.hscl.ufl.edu/login?url=https://www.proquest.com/dissertations-theses/cyber-resilience-small-business-owners/docview/2504819573/se-2?accountid=10920
Grassi, P.A., J.L. Fenton, E.M. Newton, R.A. Perlner, A.R. Regenscheid, W.E. Burr, J.P. Picher, N.B. Lefkovitz, J.M. Danker, Y-Y Choong, K.K. Greene, and M.F. Theofanos. (2017). Digital identity guidelines: Authentication and lifecycle management. U.S. Department of Commerce National Institute of Standards and Technology, Special Publication 800-63B. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
US Small Businesses Association (SBA). Stay safe from cybersecurity threats. https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats