Liability Insurance Contributing Columnist

 


Open Ports are Good for Trade —
Not for Cybersecurity

Jen Pino-Gallagher
Director of Food & Agribusiness Practice
M3 Insurance
jen.pinogallagher@m3ins.com

July 9, 2021


 

It seems like just yesterday that I watched as our milk hauler, Tom, diligently recorded our farm’s milk collection stats on a paper milk collection report. He carefully noted, in pen, the milk tank’s temperature, stick reading, date, and other data about our milk collection. The cardstock record, frayed along the edges, was hung from a clipboard on a nail on our milk house wall.

A lot has changed in the dairy industry in the nearly three decades since I worked on my home farm, both on dairy farms and in dairy processing plants.

Technology, for one, has become a critical component of farming and dairy processing efficiencies.

As the complexity of software and its use in food processing has increased at break-neck speed, so too has the risk of cyber criminals taking advantage of weak systems. The frequency of incidents has risen as ransomware, business email compromise, and other perils have become more successful for the cyber criminals and more sophisticated.

According to Anne Neuberger, cybersecurity adviser at the National Security Council, “the threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public.”

Computer and network security is not a new issue for the FDA. In 2014, the FDA published a guide for investigators who conduct inspections of regulated food firms that use computers and computer software to control operations and record data that may affect the safety of the finished food product. Regarding software security, the guide for inspectors states: “Determine how the firm prevents unauthorized software changes and how data is secure from alteration, inadvertent erasures, or loss.”

Given the risks of a business crippling attack, leadership in dairy processing operations should take steps to shore up their systems to reduce their risk of a cyber intrusion and secure their data. Many leaders are feeling this pressure. The Experian Annual Preparedness Study included a stat that said only 52 percent of executives feel their data breach response plan is effective.

According to Emily Selck, Director of Cyber Liability at M3 Insurance, one way that you can protect your business from cyber attack is by closing your open ports. Consider it the “low hanging fruit” of cyber security.

What does “Closing Ports” Mean?
Remote Desktop Protocol (RDP) is a means of accessing one computer from another computer. The means of access is called a port, and this is the main portal for all access of information over the internet. Web browsers, web pages, and file transfer services all use specific ports to receive and transmit information. Many are familiar with POP3 ports that retrieve data from remote email servers, or
HTTP ports that are associated with the Hypertext Transfer Protocol, and allow us to browse on the internet. Some operating systems have a certain number of default ports that are open, and certain types of software use specific ports.

Why is Closing Ports Important?
According to security firm BitSight, companies that have more open ports than their peers are likely to experience a breach. Specifically, their findings were that 60 percent of breached organizations had 10 or more open ports. If not properly secured, open ports can create a host of issues. The ports can be publicly accessed using a simple scan and then accessing computers leading to the download of ransomware or other forms of malware. Besides closing these ports, requiring strong passwords and multifactor authentication for access to open ports like Virtual Private Networks (VPNs) can prevent access when ports must remain open. This impacted many companies when the transition was made to a remote workforce due to the pandemic.

Other common scenarios can include cleaning of log files (hiding malicious activity), disabling of back-ups, and exfiltration of data.

How will this prevent claims?
Open ports have been around since the dawn of the internet, as it is how the infrastructure of our information sharing community has been created. As ransomware continues to proliferate, prevention of network access has become vitally important. Carriers are spending money and time on resources to identify open ports, and renewal terms are often contingent upon confirmation of closure of these ports. Carriers have seen attacks originating as outlined above, and are no longer taking a “wait and see” approach.

If a port is open and is not utilized to access information on the network, it should be closed immediately. Implementing MFA when ports must remain open is the belt and suspenders solution many insurance carriers look upon favorably.

Dairy processors of all sizes are vulnerable to attacks if ports are left open. A dairy processor doesn’t have to “go it alone” when looking for ways to secure their systems. Many insurance brokers specialize in cyber security and can assist their clients with conducting penetration testing and scan for open ports
..

Jen Pino-Gallagher is director of the food and agribusiness practice at M3 Insurance. M3 Insurance offers insight, advice and strategies to help clients manage risk, purchase insurance and provide employee benefits. The views expressed above do not necessarily reflect those of Cheese Reporter. You can contact the columnist by calling (800) 272-2443, or by visiting www.m3ins.com.

 

Jen Pino-Gallagher

Jen Pino-Gallagher is a Director of Food & Agribusiness Practice at M3 Insurance. M3 Insurance offers insight, advice and strategies to help clients manage risk, purchase insurance and provide employee benefits.
For more information, call (800) 272-2443 ,jen.pinogallagher@m3ins.com visit www.m3ins.com.


Recent M3 Insurance Columns

Three Questions To Ask When Times Get Tough
January 22, 2021

Ready, Set...Go?...Back to the Office
July 10, 2020

As Food Safety Changes Course, Need For A Strong Workforce Is Constant
March 27, 2020

The Bakery Methods of Accounts Receivable: To Collect...Take A Number
January 24, 2020

Minding Your P's & Q's With Your D's & O's
October 11, 2019

Recovering From An Insurance Non-Renewal
March 1, 2019

Food Safety: Whose Job Is It? 5 Ways Human Resources Influences Food Safety
October 5, 2018

Well, That's Cheesey! how Cheese Names Have Gone From Quaint to Contentious
April 13, 2018

Three Steps to Managing The Risks In Dairy Plant Expansions
by Jen Pino-Gallagher
March 2, 2018

When Acquiring A Company, No One Likes To Hear "Surprise"
by Jen Pino-Gallagher
January 19, 2018

When Sales Go Global: Minimizing Complexity-Maximizing Control
by Jen Pino-Gallagher
August 11, 2017

A Tool For Improving Your
Insurance Coverage
by Jen Pino-Gallagher
July 8, 2017

Food Grade Product Liability Insurance for Your Food-Grade Products
by Jim Brunker

June 9, 2017

 


What do you think about 
Jen Pino-Gallagher's Comments?*



Please tell us if you are a
Dairy product manufacturer 
Dairy marketer /importer/exporter
Milk producer
Supplier to manufacturer
s