Farmers’ Guide to Cybersecurity
Knowing what to do in the event of a cyber incident can help limit losses and make recovery faster. In this topic, we will learn what you need to do if you are a victim of cybercriminal activity. You will learn how to minimise damage and prevent further spread while avoiding unnecessary costs.
We will provide the steps necessary to report the incident to authorities, suppliers and banks. Finally, we will provide you with the steps to fully recover and restore your systems. While we have touched on many of these key issues in previous topics, ensuring you know what to do and how to do it can help you when the worst happens.
By the end of this topic, you will be able to:
If you are the victim of cybercrime, such as a ransomware attack or data breach, it is important to act quickly to minimise damage. Although you will want to do everything all at once, it is paramount to remain calm and work through the incident step-by-step to ensure your response is robust.
Let’s break it down, one step at a time:
Just as real-world crimes, the first step is to contain the threat. If you have diseased livestock you will isolate it to prevent the disease from spreading. This is no different.
Begin isolating affected systems by disconnecting them from the internet. You may be tempted to shutdown the device, but this may cause irrevocable damage. Disconnecting the affected device from the internet and local network, such a wired Local Area Network (LAN), Wi-Fi and Bluetooth will help you to contain the threat.
A nasty type of attack is a ransomware attack. Cybercriminals will install malicious software that will infect files. The results may be encrypted data, deleted data or infected systems. They will then demand payment to remove the infection. Do NOT pay! There is no guarantee that your data will be recovered, files decrypted, or viruses removed. There’s no honesty among thieves.
Once the threat is contained, document the incident and identify which systems or data have been compromised. This is an important step, and you must check all devices and systems to prevent another or ongoing attack.
After securing the system, it is crucial to report the cybercrime to the Australian Cyber Security Centre (ACSC) at Report | Cyber.gov.au, or by calling the cybercrime reporting hotline on 1300 292 371. If there is an immediate threat to life or harm, call 000 immediately. By reporting the crime to ACSC it ensures that law enforcement is aware of the attack and can investigate or assist in stopping the crime. For incidents involving financial losses, such as fraud or identity theft, contact your bank or financial institution to freeze your accounts or stop unauthorised payments.
You may also need to report the incident to your business partners or suppliers if sensitive information has been exposed. Update your passwords online to ensure your online accounts remain protected. This includes online banking, services and social media accounts.
Finally, monitor your credit reporting files at Equifax, Illion and Experian and request corrections if false information from the incident is added to your files. Also monitor your online accounts for suspicious or unusual activity.
The first step to recovery is to restore data from backups. This will limit losses and downtime.
Review your cybersecurity protocols. Ensure all software is up to date and implement stronger security measures such as multi-factor authentication, as discussed in the Password Security section. The ACSC provides helpful guidance on recovery steps and can direct you to additional resources.
Consider the following actions to improve your cybersecurity: