Five top tips to combat cyber-threats in the food industry
Ed Macnair, the CEO of Censornet, outlines five top tips on how food and beverage businesses can keep tighter control of their data while undergoing digital transformation.
The food industry is one of the most exciting and vibrant industries in the UK, and one that is undergoing major change. Technological advancements have driven a revolution in business models, perhaps best seen in some of the UK’s most successful start-ups, Deliveroo and JustEat. However, it is not just new market entrants that have been shaped by the use of technology. No company in the food and beverage industry has been unaffected by digital transformation – be it from the move to online customer services or internally through the adoption of business cloud solutions.
While digital transformation has brought great opportunities for improving efficiency and customer service, it has also brought challenges. One of those challenges is the increased necessity to protect sensitive customer and company data, as more of an organisation’s infrastructure moves online and into the cloud.
This is not an issue unique to the food and beverage industry – cyber-crime has been rising across the board in direct correlation with digital transformation efforts. However, it is the unfortunate reality that the industry has been a target for cyber-criminals. For example, the damage caused by threats, such as the Deliveroo passwords hack at the start of the year, presented a bracing reality. Not only were passwords compromised, but the resulting media storm provided a lasting taint on the integrity of the organisation.
The food and beverage industry – like all industries that have embraced digital transformation – will always be a target for attacks. However, organisations can take steps to protect themselves while embracing technology.
Here are five top tips on how food and beverage businesses can keep tighter control of their data while undergoing digital transformation:
1. Employee cyber hygiene is needed just as food hygiene training is
The vast majority of cyber-attacks are preventable and result from human error. Unfortunately, the greatest cyber-threat to many organisations is their own employees. Often unintentionally, they put company data at risk through their online activity at work – by visiting potentially malicious websites, using work credentials for personal services, sending sensitive business information over messaging apps such as WhatsApp or Facebook Messenger, for example. While each of these actions seems harmless enough, each is a potential opportunity for a cyber-criminal to get into a company network.
This risk has been exacerbated by the growing trend of remote working and employees using their own devices at work. Increasingly, we meet food manufacturers trying to find a solution to keep all of their employees secure across all of their sites and when they are working from home. Part of the solution comes down to educating employees on how to be safe online. However, employers cannot rely on this alone; they also need to put controls in place on the websites and apps their staff can access on the work network to limit the damage employees can accidentally do.
2. Try to reduce the chance of spillages
Like any food process, things do go wrong and that is just a factor that all food businesses should prepare for. Human error is an occupational hazard, and the rise of cloud applications across the sector can leave customer details or corporate data exposed.
The recent hack on file-sharing system Box is just one example of how vulnerable these applications can be. The Box hack led to more than 90 companies having their details stolen, including healthy food retailer Herbalife. To reduce the risk of an incident, businesses need to adopt appropriate technology which offers greater visibility and control over applications, and actions within them. By preparing for the worst, organisations can make sure they are as resilient as possible and have confidence that sensitive data is not being leaked.
3. Place greatest attention on the most important utensils
Methods of communication – where data is in transit – often present the greatest risk to a business’ security. Email, for example, is a key area where trade secrets are regularly shared. According to International Data Corporation (IDC), 60 percent of company data is stored on email.
In addition to this, the proliferation of business and messaging applications, such as Office 365, Salesforce and Skype, have added extra channels to secure. Organisations should therefore focus their efforts on securing comms channels. This means helping employees to identify and protect themselves from threats that come in, such as phishing attacks where employees are tricked by fake emails into clicking on malware. It also means controlling what employees send out of their organisation, to ensure they are not accidentally putting the company at risk.
4. Keep the menu fresh
Keeping software up-to-date with the latest updates and patches is vital to functionality as well as security. Cyber-threats should not provide a barrier to technological innovation, so long as the necessary precautions are taken to deal with the increasingly complex and sophisticated attacks that are being introduced by cyber-criminals every day. Although cyber-threats are unfortunately an ever-present menace, intelligent security that keeps pace with the hackers can allow employees to work confidently.
5. Remember, stopping bad reviews is as important as creating good ones
The value that customers place on a bad review often outweighs the time and effort made by a food business to get a good one. This is heightened if you consider the damage that a data leak can do to a food business’ brand. A hack earlier this year on Chipotle shows this clearly, as many customers subsequently had their personal accounts compromised and took to social media sites, including Reddit and Twitter, to vent their frustrations.
It is hugely important that food companies pursue digital transformation efforts to deliver better customer service, but it will all come to null if they do not put equal investment into protecting themselves and their customers. Cooking up a great security strategy with these simple ingredients will help minimise the chances of a business suffering at the hands of cyber-criminals.
About the author
Ed Macnair is the CEO of Censornet. He has 30 years of expertise in the technology and IT security industry, with a proven entrepreneurial track record of successfully developing and leading companies. He was previously founder and CEO of SaaSID, a UK-based single sign-on and application security vendor, and Marshal, a global web and email security company. Macnair has held management positions at MessageLabs, Symantec, IBM and Xerox.