For those with a primary focus on agriculture and construction, cybersecurity is confusing. Luckily, there are standards available that, if followed, allow businesses in all industries to protect their digital assets.

As there is no dedicated security standard for smart agriculture or construction (although it is coming), operations can choose from several others. These include ISO 27001 and the NIST Cybersecurity framework, neither of which are mandatory but offer guidelines for reducing Cybersecurity risk. If the business accepts credit cards as part of operations, then the PCI-DSS standard is often mandatory and helps protect cardholder data and payment processing.

• Select and align with a Cybersecurity and compliance standard. Even if the current budget only allows partial compliance, it means that any pending tasks can be worked on as additional budgets become available.
• Ensure that operations have a reliable backup and recovery strategy in case data is lost or corrupted. It is imperative to test the process rather than have it fail when needed.
• Security awareness is key for all employees, not just for those in management or office positions. Ensure that everyone is aware of the common ways hackers try to acquire data.
• Hire a Cybersecurity professional familiar with your business. Such a person can determine areas of risk and protect against them. Many outsource these professionals rather than offering full-time employment.
• Ensure that you have a security software suite to block viruses, malware and other threats.
• Ensure that all software has the latest updates and security patches.
• Network monitoring software can also block potential threats by IP address or only allow specific ones. Those accessing data remotely should only do so over VPN. This software will also monitor when approved users access information.
• Change passwords from the default. This especially applies to email accounts, server accounts, router passwords etc. Passwords should never be easy to guess and, for maximum protection, should be changed every month.
• In terms of third parties, ensure all disclose their data protection methods including backup and recovery processes and that they align with your expectations.

None of the above require large capital investment and several only require a small amount of time each month. Once achieved, the business can then look at the next step in Cybersecurity, proactive threat monitoring, alerting and even hunting.