No matter the size of your horticulture business, if you store any data online — such as personal information, customer credit card numbers, or vendor payment methods — you’re at risk for a cyberattack.
Cyber criminals are casting a wider net, and security experts say they target smaller businesses due to ease of access and less chance of being caught. For example, in a 2021 survey by Verizon, 46% of cyber breaches were against companies with less than 1,000 employees.
Let’s examine ways cyber criminals are targeting businesses in the horticulture industry, and how you can take measures to protect your business, employees, and customers.
Common types of cyberattacks against businesses
From compromising your software to manipulating your employees, hackers are looking for vulnerabilities in your business to access sensitive data. Here are some of the most common tactics.
Ransomware
Ransomware, or malware, is malicious software introduced to your system that restricts access to files, often by encryption. Hackers can lock down essential data, threaten to permanently delete it, leak it publicly, or keep it encrypted unless a ransom is paid.
Phishing
Phishing scams involve sending emails or other messages that look legit to trick you into giving up information, money, or access to your devices.
Fraudulent impersonation
This occurs when an attacker impersonates someone — such as an owner, manager, or vendor — in an attempt to gain data or money. This may come in the form of a phone call, email, or text. A common example of this is when an employee receives a bogus invoice from a fraudulent vendor and pays that invoice.
Man-in-the-middle
Sometimes, an attacker will intercept sensitive client data while it’s enroute to your business. Un-secured websites or public Wi-Fi networks can help criminals hijack the connection between your client and web portal to gain access to your data.
How you can reduce the risks of cyberattacks
Everyone at your greenhouse, garden center or nursery is responsible for the data integrity of your business. These are some basic steps you can take to help mitigate risks.
Securely store your data
First, determine if sensitive data is needed. This includes Social Security numbers, driver’s license numbers, as well as health and financial information. Do you really need to collect or store this information? If you don’t need it, consider not asking for this information or deleting it immediately after any required use.
If you do need this information:
Add an extra layer of protection
Require strong user passwords and reset passwords at regular intervals. Create passphrases with random words and special characters, and don’t reuse passwords across sites. A password manager can help you.
Keep software up to date
Current operating systems have built-in security measures to help combat data breaches.
Perform data backups
Regularly back up critical data to significantly reduce the risk of data loss.
Ask an expert
Have a software/hardware security expert check your system for strong encryption and authorization protocols.
Watch for red flags in emails
Phishing emails often include hints they’re malicious in nature. Here are a few examples:
- Subject line has an [External] tag The “from” mail address is generic, jumbled, unrecognized, or doesn’t match up with the intended sender or company
- Calls for an urgent need to act
- Has typos
- Includes unexpected attachments
- If an email or text seems suspicious, don’t open or respond to it. Delete the message and report it to your technology team or provider .
Verify phone calls
You’re in the service industry, ready to help whoever calls. Attackers know that, too. If a call seems suspicious:
- Verify the caller’s name
- Ask for a number to return the call at a later time
- Find a trustworthy number to call back for verification, like on the back of your credit card or a company’s website
Educate your employees
Train your team — including new hires as they’re onboarded — on cybersecurity best practices. Review these practices and policies at least annually.
Establish clear policies outlining acceptable practices to minimize the risk of a data breach. Enforce measures like locking electronic devices when not in use and securely disposing of outdated technology.
Instruct your employees to implement the robust password policies as stated above and conduct periodic resets to enhance system security.
What cyber insurance can help secure for your business
Like other insurance coverage options, cyber liability insurance can be customized to fit your operations. Among the losses it can help cover are:
- Damaged equipment
- Revenue lost during downtime
- Possible regulatory fines
- Cost of customer notifications
- Cost to recover compromised data
- Ransomware compensation
Your insurer may provide training and offer other resources to help you prevent losses related to cyberattacks.
This article first appeared on the Hortica Learning Center. hortica.com/learning-center
Explore the January 2025 Issue
Check out more from this issue and find your next story to read.
Latest from Nursery Management
- Leading Women of Horticulture: Angela Labrum, Bailey Nurseries
- The HC Companies, Classic Home & Garden merge as Growscape
- Terra Nova releases new echinacea variety, 'Fringe Festival'
- Eason Horticultural Resources will now officially be known as EHR
- BioWorks receives EPA approval for new biological insecticide for thrips, aphids, whiteflies
- Ellen Mackenbach-Lakeman appointed new CEO of Dümmen Orange
- The Growth Industry Episode 3: Across the Pond with Neville Stein
- Southern Garden Tour sets 2025 dates for trial garden open houses
