Whole Farm > Other > Industry Analysis
January 2022
Farmers and cybersecurity
Cyber attacks are in the news everyday, and it only seems to get worse.
Attacks like botnets, malware, ransomware, phishing, and sniffing are against pipelines, hospitals, water plants. Now, there are attacks against meat processors and cooperatives.
Security experts advise several mitigation tactics, while spraying information everywhere. All of the hype and waves of endless information tend to confuse - and overwhelm - people about what is safe and what they should do to protect themselves.
A farmer is likely sitting in rural America wondering what cybersecurity has to do with them and what - if anything - they can do to protect themselves.
So, where do we go from here? Here are a few tips to help prepare for a cyber attack.
Email is a huge opportunity for attackers to trick victims into downloading malware. This tactic is called phishing. In emails, senders will disguise themselves to sound like someone important to the victim. In regard to farmers, attackers may pretend to be a cooperative, supplier, implement dealer - anyone that is critical to farmers’ jobs.
The goal of phishing is to get the email recipient to download and install malware onto the recipient’s computer. Attackers will either attach or link to the malware in the email.
How do we identify phishing emails?
Trust your instincts. If the email looks fishy, it probably is. Do not trust unfamiliar email addresses. If you suspect an email is a phishing email, do not click on any link or attachment. Delete the email.
Malware
Attackers have several things they must do to infect a computer with malware.
First, they must get the malware downloaded onto the computer. Then, they must trick victims into installing, opening and running the malware. Finally, they need to collect the bounty - data, money, passwords, etc. - from the malware.
A common way to trick people into downloading malware is through a phishing email. Attackers attach a link to a website with malware to an email, or they tell victims in an email to visit a website where the malware is stored. Sometimes, attackers will capture login information of victims if they design a website that tricks people into thinking they have an account with.
Next, the computer would install the malware by opening the attachment or running the program, prompted by the website.
When installing any program onto a computer, a message pops up asking if it’s okay to install the program. The pop-up should mention what company created the software. If the publisher is unknown, that is a red flag for malware. Computers will ask questions like "do you want to run this program" in pop-up windows to protect users from common mistakes.
In the event that malware is downloaded, delete the email and attachment, or delete the file downloaded from the web. If malware is installed, contact a computer expert.
Authentication (passwords)
Attackers try to learn about victims and guess their passwords based on what they’ve learned. For example, they might try your pet’s name, favorite sport team, etc. as a password if they see your pet on your social media. With social media and internet searches, it is easy to gather information.
Many people focus on password strength, which is creating a password that no one can guess. One trick to create a strong password is to use the first letter of a phrase coupled with numbers, such as "I like to watch science fiction with my wife 16," which gives me a password of: iltwsfwmw16.
Password secrecy is not sharing your password with others. While this may seem obvious, it is still worth thinking about. For example, we tell people to not write your PIN on your ATM card, your password shouldn’t be written on a sticky note on the screen or in a document on your computer.
Password diversity refers to using different passwords for different logins. Use different passwords for sensitive information - email, bank, medical, and investments - where the loss of your identity is costly.
This may mean creating possibly dozens of different and hard-to-remember passwords. It’s understandable to be a bit overwhelmed. One suggestion is to write the passwords down in small notebook and keep it in a safe place. Do not create a document on your computer with account information and passwords. Otherwise, download a password keeper program, like 1Password or Keepass. These programs manage your passwords and keep them locked using a single, strong password, so you only need to remember one password.
Backups
Backups are like insurance for your data. It is something you need but hope you never have to use.
We all have data - often photos - which would be devastating to lose. To prevent losing this data, perform a periodic archive to secure storage. The point to backing data up to a secure storage - the cloud - is to be able to recover the data later.
Another type of backup is the ongoing backup of data on your computer. This can be done via cloud storage or via a USB device, like a small hard drive. Most operating systems come with backup software and will start backing up when the removable drive is connected. Both cloud backup and USB drive backup are good options. The cloud provides off-site backup, so in the event that things in your home are destroyed or unattainable, you will still have the data that was backed up to the cloud.
Key takeaways
- No legitimate organization will ever ask for your bank information, social security number or password.
- Use multifactor authentication.
- Consider using cloud-based backup to protect from cyber attacks and natural disasters.
- If you need the help of a tech person, there are many qualified people that can help.
This article originally appeared in the November 2021 Acreage Living Newsletter from ISU Extension and Outreach Small Farm Sustainability.
Doug Jacobson, university professor, Electrical and Computer Engineering, 515-294-8307, dougj@iastate.edu
Ally Frickel, former program specialist, Electrical and Computer Engineering
