What do milk and cybersecurity have in common? They are both essential to a dairy operation.

Being that we are just wrapping up Cybersecurity Awareness Month, and in light of the constant reports of ransomware attacks hitting businesses, cybersecurity has been on my mind. Curiosity drove me to revisit the most recent edition of the PMO – Pasteurized Milk Ordinance. I was curious to see if the PMO, in any way, addresses cybersecurity.

One of the few references to computer systems that I found in the document is this statement, “for public health controls, the public health computer program shall and can be made error free”.

The authors of the PMO, originally written in 1924, could never have contemplated the modern-day dependency that dairy plants would have on computer systems, information technology, and operational technology. They also couldn’t have anticipated the potential risk to a dairy plant should a malicious attack occur against the dairy plant’s computer programs.

Earlier this month, the Wisconsin Cheese Makers Association – recognizing the importance of cyber security to a dairy’s ability to operate – selected cybersecurity as the topic for their October educational webinar.

My colleague Emily Selck and I were invited to share tips on the cyber risk landscape for dairy processors and tools dairy processors can access to mitigate the impact of a cyberattack.

A few key points that are applicable to dairy operations of all sizes are:

Don’t Assume You’re Not a Target
Every dairy processor is at risk. The threat has become so prevalent that, in early September, the FBI issued a Private Industry Notification focused on the food and agribusiness sectors regarding cyber threats and ransomware.

The notice stated: “Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants. Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems.”

Do: Create a Cyber Incident Response Plan
If your plant receives a third-party audit and certification, then creating a Crisis Management Plan should be nothing new. In fact, it is often a requirement to receive certification. Consider utilizing a cyber breach as the crisis you are managing against during your next annual audit. If you need help creating a cyber incident response plan, multiple resources exist including your insurance broker/agent, government cybersecurity offices, or the national Institute of Standards and Technology (NIST).

Do Make Cybersecurity Everyone’s Job
According to the FBI’s Internet Cyber Crimes report, Business Email Compromise (BEC) and phishing scams were some of the costliest and most reported crimes in the past year. Phishing is a type of scam where criminals impersonate legitimate organizations via email or text message.

According to the FBI, “[BEC…] is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”

Employees are often the weakest link in any cybersecurity program, and email is one of the most vulnerable access points for an organization. To minimize the risk to your operation, help employees spot malicious emails by creating a robust training program for every single employee who uses email.

Some basic advice from the FBI that can be reinforced through an employee training program include:
• Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
• Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.

Your training program should also include tips on developing strong passwords that are complex and not duplicates of passwords used elsewhere.

Do Install Multifactor Authentication
According to a Microsoft study, installing multifactor authentication can block over 99.9 percent of account compromise attacks.
Multifactor Authentication (MFA) is a means of providing access with two pieces of evidence to confirm your identity. This can come in a few different forms – something you know, something you have, or something you are. Presenting a debit card and PIN at the ATM is one example. This security measure goes beyond strong passwords and affords those who are logging in additional protection of their data or financial assets.

Why is MFA important?
If passwords become compromised, criminals are able to access these systems using automated cyber attempts. Simply put, business email compromise has become easier than ever.

How will this Prevent Cyber Intrusions?
Executives consider cyber risk one of their greatest concerns, as the idea of access to critical information could cause a crisis of massive proportion as seen in the agricultural cooperatives that were recently breached. Business email compromise can create a host of issues when there is access to email systems belonging to finance or executives. A simple addition of MFA can prevent attacks stemming from stolen passwords and is easy to implement across an organization.

When you make a list of the processes that are essential to your business, does cybersecurity make the top 5? It should.

Dairy processors are being targeted by cybercriminals at a growing rate. Dairy leaders - use the tips above to take the first steps toward locking down your systems and protecting your organization from cybercrime. JPG

Jen Pino-Gallagher is director of the food and agribusiness practice at M3 Insurance. M3 Insurance offers insight, advice and strategies to help clients manage risk, purchase insurance and provide employee benefits. The views expressed above do not necessarily reflect those of Cheese Reporter. You can contact the columnist by calling (800) 272-2443, or by visiting www.m3ins.com.

Jen Pino-Gallagher

Jen Pino-Gallagher is a Director of Food & Agribusiness Practice at M3 Insurance. M3 Insurance offers insight, advice and strategies to help clients manage risk, purchase insurance and provide employee benefits.
For more information, call (800) 272-2443 ,jen.pinogallagher@m3ins.com visit www.m3ins.com.

Recent M3 Insurance Columns