February 2024

Registration open for Women in Ag Leadership Conference

"The Internet is like a highway, it’s built on anonymity," explained Doug Jacobson. "It will always be open to everyone."Doug is the Director of the Center for Cybersecurity Innovation and Outreach (CYIO) at Iowa State University. He was one of the guest speakers at the first Cybersecurity on the Farm Conference on January 11, 2024, IN Ames, IA. The event was hosted by the extension farm management team and women in ag program, in collaboration with CyIO.

Cyber threats in agriculture

Safety features, like encryption, are built into the Internet highway, but you still need to keep yourself safe. “Multi-factor authentication is like a seatbelt, you might not like it, you might not know how it works, but it’s easy to do and it keeps you safe,” shared James Hoflen, an Advisor with the U.S. Cybersecurity and Infrastructure Agency, www.cisa.gov

Doug and James kicked off the conference with a big-picture overview of cyber concerns. Among them is a significant shift in China’s focus on getting themselves quietly into Iowa’s agricultural Internet systems. They are getting in and waiting for an opportunity or reason. "They want to shut you down. It’s a very significant threat," explained James.

The panelists stressed that bad actors are willing to spend a lot of time to get $200 to $300, so no single person or farm business is too small to be safe from cybersecurity threats. Generative AI (artificial intelligence) is a major concern. Bad actors can create new media from existing materials to trick you. For example, they can mimic the voice of someone familiar to you.

"It takes a community to solve cybersecurity issues," stated Doug. "When you see something, tell somebody. It’s like a neighborhood watch." A business you work with, your community Internet provider, or the local law can use your information to see trends and create heightened awareness to protect others.

Strategies for securing financial data

Banks and other financial institutions work hard to keep the community safe. Scott Zurborg, SVP of Risk Management and Information Security Officer at Availa Bank, explained bad actors use sophisticated social engineering to get your information. A bad actor used the voice and phone number of a woman to talk to her son and steal money. "Don’t act urgently, don’t do things that don’t make sense, do your research, call your bank yourself and go with your gut," cautioned Scott.

Banking is one of the most highly regulated industries in the US. "There are a lot of controls behind the scenes," stated Megan Wheelock, Information Security Officer for John Deere Financial. The financial industry uses highly vetted e-signature companies to support online document transfers. Beware if you are not expecting to sign an online document. "Trust, but verify," added Megan.

Lisa Irlbeck, Marketing Director and Community Education and Outreach Director at Availa Bank is working to educate the public about cybersecurity. "We see attempted fraud every day, we saw a need to become more involved in fraud in our community," said Lisa. She and her team are partnering with others in the community, developing resources, and offering cybersecurity programs in the community.

Business email compromise

As a panelist on Business Email Compromise (BEC), Susanna Stout, General Manager of Solentra Global was excited to be a part of the conversation on protecting businesses and customers. "Business email is so important to running a business," stated Susanna. "Email is the lifeline of data."

With potentially hundreds of emails in an individual employee’s inbox, at some point someone will accidentally click on a malicious email. "The last statistics I saw is that 80 to 90% of cybersecurity breaches start with employee email," stated Jeff Franklin, Senior Information Security Officer with Heartland Business Systems, and professor of practice at Iowa State University.

Jeff explained the greatest threats to agribusinesses are cybersecurity and malware attacks. Companies need a holistic approach. This means there is no one silver bullet. Companies are putting new technology in place, educating people, and testing all their systems and processes. Strong processes are important because employees are short on time.

Eric Hoefing, Director of Technology and Development at Key Cooperative, explained his approach. "We do invest in several different things of hardware appliances and different software pieces to help protect our environment and our business to make sure that things are running securely," Eric said. "But email is that whole piece that allows for external connectivity, and we are only as strong as the weakest link."

Three panelists.For small businesses, the panelists advised using caution when replying to emails on your phone. Your phone may not give you all of the details, such as the email address of the sender. Small businesses can consider moving important information through secure document applications such as DocuSign and verifying with verbal communication or phone calls.

Online agricultural marketplaces

Bringing in a perspective on local foods and small farms, were panelists Megan Renkel, Downtown Farmers Market Manager; and Mark Pleis, owner of Pleis Farms, LLC and T.E. Alderman’s.

While the downtown market has quite a few vendors who are cash-only, there is a debate about going cashless. Many of the vendors are going more towards cards and the market patrons are getting more comfortable with this.

It’s now easier than ever to find a reliable card processor platform. "We’re fortunate that we have great resources such as Small Business Development Centers that have people who can sit down with vendors and walk them through the options for cybersecurity and help them help them choose what is best for them," Megan shared.

Mark discussed some options for farmers wanting to sell online. "Word Press is the most widely used program out there, and unfortunately, that means it is also the most widely hacked," he said. However, it is still a valuable tool and can be managed safely. All web platforms need regular maintenance including applying software updates as soon as they are available.

There are many options for selling online, including sales platforms such as Shopify or Go Daddy. The downside of these is that a farm does not have its own presence. Mark advised, "Always use a trusted vendor, who is PCI compliant, to process credit cards. This helps protect the seller and buyer."

The conference brought cybersecurity experts together with the farming community to talk about how we can all increase our internet safety together. To view conference videos and access resources on cybersecurity, visit https://www.extension.iastate.edu/agdm/info/cybersecurity.html.


Madeline Schultz, Women in Agriculture Program Manager, 515-294-0588, schultz@iastate.edu


Madeline Schultz

program manager
Iowa State University
Women in Agriculture