Traditionally, conversations surrounding Cybersecurity have included discussion of financial institutions (its banks), medical facilities (its hospitals), and Computer Technology Companies. However, agriculture typically has not been included in those conversations. Behind the scenes of the orchards and fruit packing houses that keep our grocery stores stocked, there is a growing number of digital records related to labor such as employee files, payroll systems, compliance-related data and those types of records present an increasing opportunity for cybercriminals.

Over the past ten years, agricultural companies have turned to digital technology to assist them in tracking seasonal employee availability, tracking shipping and moving products, and tracking and managing their compliance with the federal and state laws that govern agricultural employment policies and practices. While these systems offer improved efficiencies and greater ease of record keeping, they also centralise significant amounts of sensitive personal information in an environment that was never designed to protect that sensitive information. To many, agriculture has not yet made Cyber Security a priority, hence it remains an afterthought to their operating structures.

Through a recent Data Breach experienced by FirstFruits Farms LLC, many of the above-mentioned points have become clearer. In the case of FirstFruits Farms, personal identifiers such as Social Security numbers were exposed due to a data breach. Although this particular incident impacted a limited number of individuals, it highlights a much broader spectrum of risk to all industries that are not considered “traditional cyber targets”.

Agricultural employers typically have to manage large, quickly changing workforces. Seasonal hiring means that employees need to be on-boarded quickly, have their documents verified and payroll set-up. All of these processes result in significant amounts of sensitive identity data being created and stored. When the need to complete these processes is combined with limited IT resources and old systems, it presents a fragile security situation.

Unlike the financial services sector, there are no universal cyber security regulations for the agricultural sector. Each state and type of company has oversight that varies widely and therefore the level of protection for the agricultural industry is inconsistent. Small companies are more likely to use older software, and/or rely on third party providers with limited liability for security.

The effects of data exposure can be particularly damaging to agricultural workers. Many of them already experience financial hardship. As well, identity theft or fraudulent activity resulting from exposed personal information could result in job loss, loss of housing and difficulty accessing essential services - all of which can extend far beyond the initial event.

A cultural challenge also exists. Cybersecurity training is often not given priority in industries that are primarily focused on producing goods. Because of this, employees often do not receive current training on topics such as phishing risks, password hygiene or access controls of their systems, which makes them more valuable targets for social engineering assault.

Agricultural industry will have to shift away from treating data protection as a "nice-to-have" and instead incorporate it as an integral part of their business operations, due to the increased digitization and dependence on personal data in many facets of agriculture. It is critical for the agricultural industry to invest as much in security governance and vendor oversight as they do into the use and extraction of personal data.

Therefore, the key point to take away from this is that agriculture is not the only industry vulnerable to Cybersecurity Risk; every other industry has some level of Cybersecurity risk inherent in the collection, use, and storage of personal data.