One of the most important sessions at the 2021 USA Rice Outlook Conference was the cybersecurity session that should have served as both a wakeup call and a cautionary tale for anyone who goes on the internet.
The capacity audience at the Corteva Agriscience stage listened rapt as Greg Beck, senior vice president at Consolidated Grain and Barge Company (CGB), recounted the story of how cyber criminals took control of some of their facilities, forcing a system wide shut down.
If Beck's story of months of shut down, the switch to analog methods and the required purchase of all new computers for the entire company didn't scare attendees enough, Todd Thompson, information technology director at Riceland Foods, picked up the thread.
Thompson gave a glimpse into what it's like to put yourself between criminals and one of the largest mills in the world.
"Thousands of emails each week, most of them phishing attempts, scammers trying to redirect payments, fake invoices and more," Thompson said.
Thompson shared the story of a criminal enterprise so determined to hack into a major company (not Riceland) that they hacked into a senior executive's favorite restaurant and replaced the downloadable menu with one loaded with malware.
"They just sat back and waited, and even though the executive was extremely careful, his assistant eventually downloaded that menu, and the bad guys got into the system," Thompson said.
FBI Special Agent Patrick Bellamy also participated in the panel and offered some suggestions for how to protect yourself and your company. He said strong passwords were vital and they should include numbers, letters and symbols. Passwords shouldn't be used for more than one account and should be changed regularly.
Thompson and Bellamy both recommended password keepers that can generate hard to crack passwords and keep track of them for you. The user just has to remember one password to get into the keeper, and Bellamy recommended a sentence complete with spaces and a mix of numbers and letters.
Beck said his company now regularly does phishing tests to see if their employees are vulnerable to being tricked.
"The email comes in as a full-blown phishing attempt, but it's benign. If an employee clicks the link, it takes them to a page that says, 'you shouldn't have clicked that, if this had been a real phishing attempt, you would have just granted access to our systems,' and it notifies management that we have some remedial training to do there," he said.
"The session was horrifying but very enlightening," said Rebecca Greenway, USA Rice's chief financial officer and moderator of the panel which ended up being repeated because of attendee interest. "I couldn't wait to get off the stage to start changing all my work and personal passwords. USA Rice is urging all of our members to take this ongoing threat seriously. Criminals have turned their attention to agriculture because the think we're more likely to be unprepared. Let's show them they're wrong about us! It's easy to think it will happen to someone else, until it happens to you."
In addition to using phishing tests and setting strict rules on password generation and rotation, the panelists advised awareness training, updated firewalls and putting a plan in place for what you would do if suddenly your company couldn't use any of your computers anymore.
"It can happen," Beck said. "We had to switch to paper tickets at our facilities and figure out how to contact all our customers and suppliers without our computer system. We did it, but it wasn't easy."
The USA Rice Outlook Conference is dedicated to bringing together all segments of the U.S. rice industry and offering meaningful programming that goes directly to improving the bottom line of all attendees.
The 2022 USA Rice Outlook Conference is scheduled for Dec. 7-9 in Austin, Texas.
This article originally appeared in the USA Daily Rice on Jan. 5.