Hacking and cybersecurity issues have been steadily increasing in the green industry. But for horticultural businesses facing a variety of challenges, addressing these issues is rarely the top priority. Nonetheless, this is an increasing issue that owners and managers should pay attention to. Cybercriminals target everyone.

Cybercrime for hire is big business and is a widely available service. Now, anyone with a computer and minimal skills can target anyone remotely from anywhere. This growing accessibility is steadily increasing these threats. Here are some things to know, as well as some steps businesses can take to protect themselves.

Methods of attack

Ransomware attacks — During a ransomware attack, a virus or bug gets into a computer and encrypts all the files, holding them hostage for a ransom. Your company is locked out until the ransom is paid. Failure to pay by the given deadline can result in the hijacked files being deleted.
Cybercriminals find holes in commonly used software and use them to gain entry to a network through one machine, and then can penetrate the network. The goal isn’t to get money from a small business. It is to severely disrupt or put the unfortunate business out of business.

These attacks are becoming much more common. Fortunately, ransomware insurance is now readily available from any business insurer.

Phishing scams — Phishing scams are frequently used in all forms of online communication. In a phishing scam, a scammer uses some type of fraudulent communication — email, text, social media, or phone — to get information. The phisher wants the target to reveal sensitive personal or company data, such as credit cards, account numbers, Social Security numbers, usernames, and passwords.

Common tactics include sending upsetting or disturbing notices that purport to be from government agencies, collection agencies or someone else. Such notices may include threats of lawsuits, or conversely, offers of free trips, vacations, or prizes. The goal is to trigger a strong emotional response to bypass logic and get a click on a link.

These links often lead to online forms that look official, but are not. Fake collection or tax notices purporting to be from the Internal Revenue Service are common, and often effective at getting people to enter valuable and sensitive information.

Other avenues include online surveys on social media. These are often designed to collect information to crack passwords and break into accounts. Unfortunately, the success of phishing scams has made them an attractive tool to target individuals
and businesses.

Exploits — Hackers often use exploits or holes in software or security to get in. They pound on the operating system and system software to find ways to get into systems or networks. As hackers increase their creativity, more holes are found.

Social engineering — Social engineering is the old-school way of getting sensitive information over the phone or face-to-face. Scammers often use their existing knowledge of a company to pass themselves off as legitimate. They often pretend to be from trusted government agencies, utility companies, or vendors. They get people to reveal sensitive passwords, company information, trade secrets, intellectual property, and
personal data.

Scammers will often ask for what they want, and surprisingly, people will often give it to be “helpful.” This practice is on the rise and is often combined with phishing and exploits to get the background information to seem legitimate.

Protect yourself and your business

What can be done to protect your business against becoming a victim of cybercrime? The good news is that by following these practical, actionable steps, you can improve your company’s cybersecurity and reduce the risk of cyber threats.

Keep your software and operating system up to date. Most software and operating system updates involve security patches to address new security vulnerabilities as they are discovered. You may have noticed that these are now more numerous. Get in the habit of routinely installing updates as soon as they are available.

Manage your passwords appropriately and change them frequently. Do not use the same password more than once. Try to select passwords that wouldn’t be obvious references to anything in your life. Avoid using birthdays, Social Security numbers, children’s or pets’ names, or other data that could be easily found or guessed by Googling you or doing background research. Consider using a secure password automatically provided by your operating system or software.

Use secure shared passwords. If sharing passwords is common practice in your office, use a secure password program like LastPass, Keeper or Nordpass. This type of software allows your team to share passwords securely and safely.

Protect your company from “social engineering”. Train your team to be careful and really validate people’s identity when they ask for sensitive information. Advise your people to look for this and not be so “helpful” if these situations come up.

Use antivirus and/or anti-spyware software to protect your business. Antivirus software gives you the tools to face cybersecurity threats, such as malware attacks, head-on. They allow you to scan, identify and neutralize malicious software. They can be scheduled to scan automatically.
Back up your data regularly. Ideally, backing up critical data daily is the best defense against losing everything in the event your business is compromised. It is a really good idea to do this to an off-site location. There are hardware options and many services available to do this easily and securely.

Critically evaluate what you receive. It is good general practice to not open emails, direct messages, or text messages from unknown sources. Do not click on any links provided within these messages. If unsure, call to verify if communication is real before clicking any links or sending any money.
Turn off your computer when you aren’t using it. Leaving a computer on and unattended provides additional opportunity for it to be compromised. Cut off an attacker’s access by turning off your computer.

Educate your employees about cybersecurity. Consider requiring this as part of training of new employees and reviewing this with existing employees to assure they are up to date on current cybersecurity protocols.
Have a company technology policy. The policy should clearly state the rules regarding downloads, social media or other non-work related uses of any devices connected to the company’s network.

Work with a network security professional to make sure your network is secure. Securing your network against the constantly changing tactics of cyberattacks is crucial to protecting your business. Working with a professional with this specialized training is well worth the money.

Prioritizing investment in strong cybersecurity for your company now will pay off for your business, your employees, and your customers in the long run. The stakes are too high not to do so.