Small agricultural businesses are increasingly targeted by hackers who break into computer files and hold them ransom until a payment is made. We may believe that we aren’t a target because of our comparatively small size, but ransom seekers know that small businesses lack typical security protocols and often fail to have data backups for their most important records. These criminals will gladly settle for ransoms of $850 to $2500 from a small business that is an easy mark and has few alternatives to recover or restore their data.
We also have threats from social media sites who collect personal information, as well as typical users who can capture important personal data from a few basic posts and comments. An employee of a livestock operation got into a heated political discussion with someone who was anti-animal agriculture, and the next day their employer was receiving threatening e-mails suggesting that animal rights activists would soon be visiting their operation. After the owners shared the e-mails with their staff, the employee realized that his social media argument—where he thought he was defending agriculture—had gotten out of hand and created this uproar. He deleted the thread and his social media account, and fortunately, that was the end of it. It could have been much worse.
Employers need to update their social media and security protocols to limit their exposure to hackers and others who could threaten their business. Some of the social media policies your employee handbook should contain include:
• The Company will protect its name, public image and related business assets that are discussed on social media websites at any time by any person.
• The Company strives to maintain a professional work environment and considers harassment in all forms to be a serious offense in violation of the Company's harassment policy. Do not use social media to harass, threaten, defame, libel, embarrass, disrespect, or offend co-workers or the Company's customers, business partners, vendors and suppliers, affiliates and subsidiaries, or competitors.
• The Company expects employees not to engage in activities that violate federal and state law and regulations when using social media.
• Employees are not allowed to take or post any audio, video or pictures of their workplace or the business on any internet site or service.
• Employees are not allowed to discuss daily work activities on social media sites.
• Employees are not allowed to assist any anti-agriculture or anti-livestock group in any of their efforts.
Your policy should also have strong statements about confidentiality of information, ensuring that employees know they cannot share details of production operations with individuals who have no direct contact with your business. This includes media, state and federal personnel or other regulatory officials. These people need to be directed to one of the owners or whomever they designate, which are the only persons who should speak on behalf of the business.
Employees who have business, vendor or customer contact information on their personal cell phone must delete those if they choose to leave the company.
There are several specific steps to take that will greatly enhance your online security. In a recent online webinar on this subject, an agricultural banking IT professional shared these tips:
• Any company passwords need to be 20 characters long and include small and capital letters, special characters and numbers.
• Have data backed up online in at least two different systems, or online plus a company-housed system not connected to the internet.
• DO NOT have a file on any company computer, or other computer that uses the company’s internet system, that contains a spreadsheet or list of passwords, and especially not in a folder named PASSWORDS!
• No personal passwords stored on company devices. These can be used to backdoor into the company’s files.
• Have security for your company’s internet service that protects the routers and any other access ports with robust passwords and firewalls. Consider using a VPN—Virtual Private Network.
• Get accustomed to using a password generator. This is the most secure method for protecting all your personal and business access.
• If an employee with access to computer files, passwords, etc. chooses to leave the company, the business needs to immediately change the passwords the individual used to access those files.
We get accustomed to using our computers, internet, phones and other devices on a daily basis and forget that cybercriminals are everywhere. Our peace of mind and sense of security can be erased in a matter of seconds if we fail to take simple precautions.
For Management and Executive Coaching, as a conference speaker or help with your employee and family business challenges, Don can be reached at email@example.com, or by calling 765-490-0353.