SAN JOSE, CA - Cybersecurity is a journey, not a destination. I love this wisdom from Greg Gatzke, President of ZAG Technical Services. We are living in a time of rapid change across our industry’s technological landscape and having an advocate in this space is more essential than ever.
“Cyber threats are becoming more sophisticated, and they can have devastating consequences on operations, reputations, and bottom lines,” Greg shares. “Fresh produce companies need to be proactive, and we are here to help them and provide a map forward.”
In this case, that map is a checklist.
As Greg puts it, you can turn checklists into action and empower your technology to ensure business resilience.
“It is imperative that organizations identify vulnerabilities and prepare for potential threats while aligning cybersecurity measures with the unique needs of each business and the changing landscape of agriculture and the food business,” Greg reflects. “There are a lot of checklists with steps for improving cybersecurity health, but we want to help ag professionals understand why those steps are important and how planning for them is strategic as well as tactical.”
With this in mind, Greg and the ZAG Technical Services team have built a checklist of questions and concerns to address as companies look to their own vulnerabilities and preparedness.
Understand Your Current Cybersecurity Position
Before you can effectively strengthen, get a clear picture of where you stand. Start with these key questions:
What is your current cybersecurity situation?
Running an annual cybersecurity assessment is as important as understanding the security measures you currently have in place. Cybersecurity assessments help identify vulnerabilities present in your systems and are crucial to knowing where you stand.
Who has access to your network and data?
Scrutinize who currently has access to your systems and data. This includes both internal personnel, external vendors, and supply chain partners. Be sure to keep access permissions current and updated.
What data do we need to protect?
This includes everything from field and plant data to supplier and customer information to employee records and proprietary business data. Understanding what needs protection is the first step in building a robust cybersecurity strategy.
Have you experienced any security incidents in the past?
Analyzing past incidents can provide valuable lessons for improving your security posture. Understand what happened, where the vulnerabilities were, and how to prevent a similar incident in the future.
Key Questions for Advancing Your Cybersecurity Strategy
Once you have a baseline understanding of your current position, ask yourself the following questions to pinpoint areas for enhancement, and begin to develop a correction strategy:
What are your most valuable IT assets and data, and do we currently protect them sufficiently?
Determine which systems, services, equipment, programs, apps, data, or other assets are critical to your business operations and what impact their loss or compromise would have.
- Are your firewalls, antivirus software, and encryption methods up to date?
- How do you control access to sensitive information and systems?
- How often do you train your staff on cybersecurity threats?
What are the potential threats and vulnerabilities?
Understand there are internal and external threats, from employee error or malicious insider activities to hackers, phishing scams, and ransomware attacks. Regularly updating this analysis will help you stay ahead of new risks as they emerge.
What is our strategy for updating and maintaining our cybersecurity defenses?
How will you keep your cybersecurity measures up to date with the latest technologies and threat information? This includes scheduling updates, patches to software, cybersecurity assessments, and reassessing your cybersecurity framework regularly.
What third-party services do we use, and how secure are they?
Third-party services can introduce vulnerabilities to your organization. It’s advised to inquire about the security measures of any third-party providers and ensure they meet your cybersecurity standards.
As Greg reminds me, cybersecurity is not a one-and-done solution—it is a journey and not a destination.
“Threats continually change and require ongoing review and maintenance to keep systems secure. If your plan is based on what your company is already doing and where it stands, you can set up defenses that are customized and proactive rather than scrambling to plug exposed holes,” he says. “Understanding the answers to these questions is a great starting point for any agriculture company to develop a comprehensive cybersecurity strategy.”
Turn this checklist into a strategy, and maybe sleep just a little bit better at night.
