Make sure you are protecting yourself against cybercrime. Anne Hardie found 11 tips to keep you safe.
It can be as simple as clicking on a suspicious email and before you know it, a hacker has access to your farm computer system and can shut you out for a ransom.
FMG manager advice services Stephen Cantwell says the better technology gets, the more dependent we become on it and the greater the impact when hackers attack. That was highlighted by the recent ransomware attacks on the Waikato District Health Board and Australia’s largest meatworks, JBS, with the latter paying out more than $14 million to its attacker. At the farm level, farmers have found themselves unable to milk the cows after hackers shut them out of their own system.
It happens and Cantwell says there are probably more successful cyber attacks than just the reported cases because those who get hacked or scammed are often too embarrassed to admit it. They shouldn’t be, he says, because it can happen to anyone, especially as hackers become increasingly sophisticated.
Nearly 8000 reports of cyber security incidents were reported in New Zealand during 2020 – up 65% on the previous year – and $16.9 million was lost to attackers.
“It’s so easy when you get so many emails to click on something before even realising what it is.”
Many rural businesses have computer systems that are used for personal use as well and he says that increases the number of emails and type of emails for hackers to target.
Phishing emails and credential harvesting which is getting username and password combinations made up 46% of the cyber security incidents reported to CERT NZ for the first quarter of this year. Emails usually encourage you to take action such as clicking on a link or opening an attachment, leading to a virus or a hacker potentially taking control, stealing your data or holding you to ransom.
Cantwell says one dairy farmer was locked out of their computer system and all it controlled when a hacker managed to get control. In that case, the farmer had a reset button and backups to all the information that enabled them to continue milking and not pay the ransom.
He says it is really important to make sure those backups work by checking them regularly. There have been cases when people thought they had backups, but when they needed them, they weren’t working.
Paying a ransom is not a wise option, says CERT NZ incident response manager Nadia Yousef. There’s a high chance you still won’t get the data back after paying the ransom and the system may get reinfected.
Hackers are constantly scanning the internet for vulnerable systems and computers and grab any opportunity, she says. For that reason, it’s vital to keep software and devices up to date. It may be annoying every time an update pops up on the computer requesting a response, but it is the most important thing you can do to protect your system from cyber attacks. Those updates are designed to fix problems and she says it’s important to click yes.
Ensuring you have backups to your information via say, a portable USB device or in the cloud, is the next essential factor to avoid the repercussions from an attack. Yousef says financial data, critical documents – everything you need to keep the business running if you get ransomware in your system, should be backed up.
“If you don’t have those backups, the choices you are left with is you have to start again or pay the ransom, which we don’t advise.”
". . . one dairy farmer was locked out of their computer system and all it controlled when a hacker managed to get control."
Don't use the same password
When it comes to passwords, they need to be unique and strong enough to deter hackers getting into your computer system or phone. Yousef says most of the incidents reported to CERT NZ could have been avoided with better passwords. People often use the same password across multiple accounts and she says that makes them vulnerable to cyber security attacks. An attacker only needs that one password to access all their private and financial information. It’s paramount to use different passwords for different sites and she suggests using a passphrase with three or four random words, plus added numbers and special characters.
Rather than worrying about remembering several passwords, she advises using password managers which is software that keeps all your passwords. It’s basically like a digital safe. The software for password management is built using strong encryption methods and security practices, then regularly reviewed by independent security researchers. It goes without saying that you then need a really good, strong password for the password manager. The password manager can be stored on your local drive or computer, in the cloud, or with your browser.
“Make you and your organisation as less of a target as possible,” she advises. “They want to go for the easiest.
“The more we live online, the more cyber security is going to be an issue.”
This can be an expensive issue. In the first quarter of 2021, six of the 339 incidents that CERT NZ responded to involved more than $100,000. Two of those were about unauthorised access, two were about invoice scams, one was about website compromise and one was about an investment scam.
Invoice scams are getting increasingly sophisticated and Cantwell says rural businesses often have invoices with large sums and they deal with a number of different suppliers. Invoices may look legitimate, but the account number has been changed. Once the account has been paid, the hacker moves it on quickly which makes traceability difficult.
“Have processes in place. If you get an invoice from someone you pay regularly and you notice the account number is different, it pays to pick up the phone and check. The first time you are paying any large account, check the account number over the phone.”
The same applies to requests from banks or New Zealand Post or similar – get on the phone and check it out if in doubt, he says.
The world is a very small place when it comes to criminal cyber activity, with attackers only an email away. Farms are increasingly dependent on technology and when it is taken out of the equation by an attacker, potentially on the far side of the globe, Cantwell says life becomes very difficult.
Cert NZ's top tips for cyber security for your business
• Install software updates
• Implement two-factor authentication (2FA)
• Backup your data
• Set up logs
• Create a plan for when things go wrong
• Update your default credentials
• Choose the right cloud services for your business
• Only collect the data you really need
• Secure your devices
• Secure your network
• Manually check financial details
Find out more about these tips at: www.cert.govt.nz/business/guides/top-11-cyber-security-tips-for-your-business/