Digger magazine

Serving the Northwest Nursery Industry for Over 50 Years

  • Farwest-50th-banner-DM.com-728x90-1.jpg
  • NGW-728x90-v2.png
  • Digger-Employment_banner-2020-728x90px.jpg
  • NG-Survey-banner-728x90-1.jpg
  • Home
  • Articles
    • Nursery News
    • Features
    • Plants
    • Growing Knowledge
    • Operations
    • Nursery Country
  • Issues
  • Events
  • Farwest
  • Columns
    • Director’s Desk
    • Mike Darcy
    • Pivot Points
    • President’s Message
  • Employment Classifieds
  • Advertise
  • Subscribe to Digger
You are here: Home / Nursery Operations / Protecting your office against cyberattacks

Protecting your office against cyberattacks

By Ron McCabe — Posted November 2, 2022

Ron McCabe

Hacking and cybersecurity issues have been steadily increasing in the green industry. But for horticultural businesses facing a variety of challenges, addressing these issues is rarely the top priority. Nonetheless, this is an increasing issue that owners and managers should pay attention to. Cybercriminals target everyone.

Cybercrime for hire is big business and is a widely available service. Now, anyone with a computer and minimal skills can target anyone remotely from anywhere. This growing accessibility is steadily increasing these threats. Here are some things to know, as well as some steps businesses can take to protect themselves.

Methods of attack

Ransomware attacks — During a ransomware attack, a virus or bug gets into a computer and encrypts all the files, holding them hostage for a ransom. Your company is locked out until the ransom is paid. Failure to pay by the given deadline can result in the hijacked files being deleted.
Cybercriminals find holes in commonly used software and use them to gain entry to a network through one machine, and then can penetrate the network. The goal isn’t to get money from a small business. It is to severely disrupt or put the unfortunate business out of business.

These attacks are becoming much more common. Fortunately, ransomware insurance is now readily available from any business insurer.

Phishing scams — Phishing scams are frequently used in all forms of online communication. In a phishing scam, a scammer uses some type of fraudulent communication — email, text, social media, or phone — to get information. The phisher wants the target to reveal sensitive personal or company data, such as credit cards, account numbers, Social Security numbers, usernames, and passwords.

Common tactics include sending upsetting or disturbing notices that purport to be from government agencies, collection agencies or someone else. Such notices may include threats of lawsuits, or conversely, offers of free trips, vacations, or prizes. The goal is to trigger a strong emotional response to bypass logic and get a click on a link.

These links often lead to online forms that look official, but are not. Fake collection or tax notices purporting to be from the Internal Revenue Service are common, and often effective at getting people to enter valuable and sensitive information.

Other avenues include online surveys on social media. These are often designed to collect information to crack passwords and break into accounts. Unfortunately, the success of phishing scams has made them an attractive tool to target individuals
and businesses.

Exploits — Hackers often use exploits or holes in software or security to get in. They pound on the operating system and system software to find ways to get into systems or networks. As hackers increase their creativity, more holes are found.

Social engineering — Social engineering is the old-school way of getting sensitive information over the phone or face-to-face. Scammers often use their existing knowledge of a company to pass themselves off as legitimate. They often pretend to be from trusted government agencies, utility companies, or vendors. They get people to reveal sensitive passwords, company information, trade secrets, intellectual property, and
personal data.

Scammers will often ask for what they want, and surprisingly, people will often give it to be “helpful.” This practice is on the rise and is often combined with phishing and exploits to get the background information to seem legitimate.

Protect yourself and your business

What can be done to protect your business against becoming a victim of cybercrime? The good news is that by following these practical, actionable steps, you can improve your company’s cybersecurity and reduce the risk of cyber threats.

Keep your software and operating system up to date. Most software and operating system updates involve security patches to address new security vulnerabilities as they are discovered. You may have noticed that these are now more numerous. Get in the habit of routinely installing updates as soon as they are available.

Manage your passwords appropriately and change them frequently. Do not use the same password more than once. Try to select passwords that wouldn’t be obvious references to anything in your life. Avoid using birthdays, Social Security numbers, children’s or pets’ names, or other data that could be easily found or guessed by Googling you or doing background research. Consider using a secure password automatically provided by your operating system or software.

Use secure shared passwords. If sharing passwords is common practice in your office, use a secure password program like LastPass, Keeper or Nordpass. This type of software allows your team to share passwords securely and safely.

Protect your company from “social engineering”. Train your team to be careful and really validate people’s identity when they ask for sensitive information. Advise your people to look for this and not be so “helpful” if these situations come up.

Use antivirus and/or anti-spyware software to protect your business. Antivirus software gives you the tools to face cybersecurity threats, such as malware attacks, head-on. They allow you to scan, identify and neutralize malicious software. They can be scheduled to scan automatically.
Back up your data regularly. Ideally, backing up critical data daily is the best defense against losing everything in the event your business is compromised. It is a really good idea to do this to an off-site location. There are hardware options and many services available to do this easily and securely.

Critically evaluate what you receive. It is good general practice to not open emails, direct messages, or text messages from unknown sources. Do not click on any links provided within these messages. If unsure, call to verify if communication is real before clicking any links or sending any money.
Turn off your computer when you aren’t using it. Leaving a computer on and unattended provides additional opportunity for it to be compromised. Cut off an attacker’s access by turning off your computer.

Educate your employees about cybersecurity. Consider requiring this as part of training of new employees and reviewing this with existing employees to assure they are up to date on current cybersecurity protocols.
Have a company technology policy. The policy should clearly state the rules regarding downloads, social media or other non-work related uses of any devices connected to the company’s network.

Work with a network security professional to make sure your network is secure. Securing your network against the constantly changing tactics of cyberattacks is crucial to protecting your business. Working with a professional with this specialized training is well worth the money.

Prioritizing investment in strong cybersecurity for your company now will pay off for your business, your employees, and your customers in the long run. The stakes are too high not to do so.

Filed Under: Nursery Operations Tagged With: Digger, Digger magazine, OAN

NURSERY NEWS

Hall of Famers give gift towards horticultural industry advocacy

Verl Holden retires from Oregon Garden Foundation Board

Fall Creek promotes Dave Daniel to general manager for U.S. and Canada

NWFCS, Farm Credit West create new association

Bailey Nurseries announces leadership transition

More Nursery News

FARWEST SHOW UPDATES

Secure your 2023 Farwest hotel room and save

Farwest Show to celebrate 50th anniversary in 2023

Nursery professionals connect at Farwest

These 12 products had buyers buzzing at Farwest

Nightfall Snowbell sweeps top honors in Farwest New Varieties Showcase

More Updates from Farwest

From the pages of Digger

March 2023: Water Outlook 2023

February 2023: Greenhouse Issue ’23

January 2023: The Retail Issue

December 2022: Oregon is Nursery Country

November 2022: Transportation and Logistics

More issues of Digger

The Value of Membership

OAN Member Profile: Oregon Flowers Inc. 

These 12 products had buyers buzzing at Farwest

Creating the future generation of nursery leaders

More member stories

CORONAVIRUS COVERAGE

Virtual is the new reality – for now

Trade shows in the time of COVID

A demand ‘renaissance’ for nurseries

Western Nursery & Landscape Association falls victim to pandemic

MANTS 2021 to move online due to COVID-19

More articles

Nursery Guide LIVE

Nursery Guide LIVE clicks into place

Booth spaces still available for Nursery Guide LIVE March 17–18

Nursery Guide LIVE virtual marketplace postponed due to winter storm damage

Keynote presentations at Nursery Guide LIVE virtual marketplace provide insight on green industry trends in 2021 and beyond

More Posts from this Category

​

Updates to exisiting subscriptions can be sent to info@oan.org

News

  • Nursery News
  • Growing Knowledge
  • Nursery Operations

Features

  • Plant Features
  • OAN Members
  • Oregon Nursery Country

Columns

  • Director’s Desk
  • Mike Darcy
  • Pivot Points
  • President’s Message

Resources

  • OAN Home Page
  • Job Listings
  • Subscribe to Digger
  • Advertise in Digger
  • Online Plant Search

© Copyright 2022 Oregon Association of Nurseries · Admin