Building a Farm Cybersecurity Policy
Building on your farm network map and the relationships with your vendors, the next step is to develop your own personal farm cybersecurity policy.
To operate a profitable and sustainable business, farmers have to know how to manage risk. Many farm business owners have plans for managing pests, biosecurity, fire protection, and threats having to do with extreme weather or animal health.
Producers know that good risk management equals good farm business management.
A farm cybersecurity policy is an important part of a farm business's risk management strategy. It can help minimize the chance of cyberattacks, protecting important business assets, so that your business can keep operating safely and profitably. A cybersecurity policy outlines your farm business’ approach to managing security risks. It makes clear the things you will and won’t do to protect your information and farm systems from cyber threats.
Let's think of the business benefits of having a farm cybersecurity policy:
- It helps you stay on top of the practices that will help your farm business lower the risk of a cyber incident.
- It helps you comply with the expectations of insurers or lenders.
- It minimizes the risk of business losses.
- It minimizes the risk of sensitive data loss (eg. financial data).
- It minimizes reputational damage and legal liability in the event of a data breach.
A cybersecurity policy can be a formal document, or just a sticky note attached on a dashboard in the cab of your farm equipment. Don’t let perfect be the enemy of the good – you can start with a single page, and you can build up the complexity of your farm’s cybersecurity policy over time.
A SIMPLE EXAMPLE:
We know that some cyberattacks are carried out by targeting people during busy, important times of the year, when they are tired, under pressure and distracted by the need to focus on time-sensitive work, like planting or harvesting.
With that in mind, one part of your cybersecurity policy could say that during critical times of the season, no one should answer emails or text messages that ask you to click on an unverified link, without first confirming that the sender and the request are real. You could choose to include this as a section of your cybersecurity policy document. It could also be as simple as a sticky-note on the side of your computer or the dashboard of your combine that says: “Remember: Don’t click on email or text message links right away - first check with the sender and one other member of the farm team!"
However you choose to build your cybersecurity policy, it should address the following steps that are needed to safeguard your business:
If you’d like to go into more detail and be guided step by step through the process of creating a cybersecurity policy for your farm, check out the following worksheet:
PDF document 441KB
JusTech is a good tool to include in your cybersecurity policy. It’s a free privacy breach management tool that can help to streamline your response to a data breach. In the event of a cyber incident, the JusTech tool can provide business owners with multiple documents they will need to get back up and running. You can get more information on JusTech later on in the section on 👮Cybersecurity Supports .
Having - and periodically reviewing - a cybersecurity policy will help you make better decisions and guide actions that you are taking to improve your cybersecurity preparedness.
Next: 🚨Conducting a Cybersecurity ‘Fire Drill’
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License .