Tag Archives: mobile apps

Joseph Carson

Strategies To Identify and Prevent Cyber Attacks

By Joseph Carson
No Comments
Joseph Carson

Managing and combating cybercrime is no small feat; it can take over 200 days for companies to detect a cyber breach. The reason being cyber criminals often stay hidden even after gaining access to systems. They lie in wait for the best moment to access the information they want. Once they have it, they may use it to steal money or proprietary information or to collect a ransom. They also may sell access and information to other criminals who will take more aggressive means to exploit the organization.

Preventing cybercrime requires education and cooperation throughout an organization. Following are seven key components of cybersecurity food businesses should embrace to protect their businesses and products.

1.   Education and Awareness

One of the most effective countermeasures to cybercrime is building a culture of cyber defense and awareness that empowers all employees to ask for guidance and speak up when they see a suspicious situation. Educate employees on how they can prevent nefarious activity on their computers by:

  • Identifying suspicious applications with warnings and popups
  • Flagging suspicious emails with hyperlinks, attachments or unknown senders
  • Not clicking on links or ads from unfamiliar sources
  • Verifying the trustworthiness of a site before inputting credentials
  • Limiting activities on unsecured public Wi-Fi networks

This helps employees not only avoid breaches, but identify and report suspicious activity to help prevent cyber attacks.

Training should be top-down, beginning with the executive suite and department heads. This ensures that there is always someone accountable for implementing and maintaining security measures. From there, the rest of the team can be trained to assess and prevent cybersecurity threats and risks.

2.   Implement and Enforce Mobile App Security

Mobile apps on smartphones and tablets are at risk of security breaches that can expose large amounts of user data. All mobile apps have security controls to help developers design secure applications, but it’s up to the developer to choose the right security options.

Common problems with mobile apps may include:

  • Storing or unintentionally leaking data that could be read by other applications
  • Using poor authentication and authorization checks that could be circumvented by bad actors
  • Using data encryption methods that are vulnerable or easy to break
  • Transmitting sensitive data without proper encryption online

A simple app may not seem like a big deal, but they can allow a hacker to gain access to employee computers and networks. The following measures help improve mobile app security:

Guard sensitive information. Confidential data stored in an app without security measures in place are a target for hackers using reverse-engineering codes. The volume of data on the device should be reduced to minimize the risk.

Consider certificate pinning. Certificate pinning is an operating process that helps with app defense against intermediary attacks that occur on unsecured networks. There are limitations to this process, however, such as lack of support for network detection and response tools. Certain browsers make certificate pinning difficult, making it more difficult for hybrid applications to run.

Minimize application permissions. Permissions allow applications to operate more effectively, but they also open vulnerabilities to cyber attacks. Apps should only be given permission for their key functions, and nothing more, to reduce this risk.

Enhance data security. Data security policies and guidelines should be implemented. Measures such as having well-implemented data encryption, security tools and firewalls can protect information that’s being transferred, for example.

Do not “save” passwords. Some applications allow users to save their passwords for convenience, but if a theft occurs, these passwords offer access to a lot of personal information. If the password is unencrypted, it has a better chance of being stolen. Ultimately, users should never save passwords on mobile apps.

Log out after sessions. Users often forget to log out of an app or website, which can increase the risk of a breach. Apps with sensitive information, such as payment or banking apps, often enforce session logouts after a certain period of time, but it’s important for users to also get in the habit of logging out of all apps when they’re finished using them.

Add multi-factor authentication. Multi-factor authentication adds another layer of security for users on an app. This method can also shore up security for users with weak or old passwords that are easy to breach. With multi-factor authentication, the user receives a code that needs to be entered with the password to log in. The code may be sent through email, the Google Authenticator app, SMS or biometric methods.

3.   Analyze Logs for Suspicious Activity

Companies should continuously analyze security logs to identify unusual or suspicious activities, such as logins or application executions that occur outside of usual business hours. These measures not only help identify criminal activities, they can help companies determine the root cause of a breach and how it can be prevented in the future.

4.   Keep Systems Patched and Current

Patches identify and correct vulnerabilities in software and applications that may make them susceptible to cyber attacks. All systems and applications should be kept up to date with the latest security patches to prevent hackers and cyber criminals from accessing systems through existing vulnerabilities. Patching and updates may also fix bugs, add new features or increase stability to help the app or software perform better and reduce access points for hackers.

5.   Use Strong Passwords and Protect Privileged Accounts

Any password used in your organization should be strong and unique to the account. It’s also important for employees to change their passwords often. Most applications do not alert users to older or weak passwords. Accountability for password protection falls on the user.

If employees have multiple accounts and passwords, companies can create an enterprise password and account vault to manage and secure credentials. Encourage employees to avoid using the same password multiple times.

If employees have local administrator accounts or privileged access, that has a huge impact on organizational security. If a single system or user account is compromised, it can put the entire organization at risk. Your company should continuously audit and identify privileged accounts and applications that require privileged access and remove administrator rights when they’re not needed. You should also adopt two-factor authentication to prevent accounts from being hacked.

6.   Do Not Allow Installation of Unapproved or Untrusted Applications

Organizations that allow users to have privileged access also allow these users to install and execute applications as needed, no matter where they source the installation. As a result, ransomware and malware are able to infect your system easily, and the cyber criminal can install tools to permit future access at any time.

Privileged users may read emails, browse sites, click on links or open documents that install malicious tools onto their devices. The criminal now has access and may be able to launch attacks throughout the organization’s system or demand ransom for unlocking proprietary data.

There are security controls that can prevent applications and tools from being installed. They include: Application Allowlisting, Dynamic Listing, Real-Time Privilege Elevation and Application Reputation and Intelligence.

7.   Be Deceptive

Whether online or in person, predictability is a boon for criminals. Burglars stake out houses and look for residents with predictable routines, and the same is true of cyber criminals. Automation makes this even easier with scans that are run on a routine, and patches that are implemented on the same day every month, for example.

A predictable company is a vulnerable one, so it is vital to be deceptive. Use random activities and an ad-hoc approach for updates and assessments. With this method, hackers have a more difficult time staying hidden and it’s easier to detect cyber attacks as soon as they occur to mitigate their effects.

Cybercrime is a risk facing all businesses, and the food industry is no exception. Companies that take a proactive approach are in a much stronger position to protect against cyber threats and shore up security. No method is foolproof, but if a breach does occur, identifying it early and mitigating its effects can make a world of difference for your company’s financial health and reputation.

Michelle Lombardo Smith, The Wenger Group
FST Soapbox

Top of the Pecking Order: How We Transformed Our Processes

By Michelle Lombardo Smith
No Comments
Michelle Lombardo Smith, The Wenger Group

A 75-year-old feed manufacturer making more than 2,000 feed formulas is bound to have a lot of business complexities. Add to that several years of rapid growth combined with outdated, manual processes. Several years ago, this was the situation we faced at our family-owned feed manufacturer and egg/poultry provider in the mid-Atlantic region.

We needed a way to simplify and streamline key processes, such as activities involved with safety and compliance. After evaluating several enterprise content management systems in 2015, we eventually selected Laserfiche to digitize records, implement electronic forms and automate manual workflows. While we completed an initial Laserfiche software install in 2016, we were still tasked with the process of building out solutions the company wanted to use in house, and we therefore continue to work closely with the company today.

Meeting Regulations With Data Sheets

Our initial project focused on digitizing our collection of safety data sheets, standardized documents that contain occupational safety and health data. Prior to implementing this software, we relied on paper manuals across different locations. Managing the creation of new data sheets and ensuring old ones were removed became quite the task. This project couldn’t have come at a better time, as the Occupational Health and Safety Administration (OSHA) had recently mandated changes to the data sheets.

By digitizing data sheets and storing them in a central repository, the documents were made more accessible and searchable for mill managers, and compliant to the new mandated standard. Additionally, data sheets were easily retrieved for any first responders seeking to understand what chemicals were in a facility in the event of a fire. It now takes just minutes to search for and retrieve documents, helping the organization stay in compliance with state reporting. Having the ability to create and add new sheets immediately is a tremendous benefits as well. These new capabilities allow us to help keep employees safer than ever before.

Shortened Delivery Processes

The next process that needed to be targeted was deliveries. Delivery tickets at the feed mills were billed based on production weight in the company’s enterprise resource planning software, and delivery weight was entered manually when the physical tickets were returned to the office, which could sometimes be days after the product was shipped. When the shipped weight showed a different amount than the production weight, the finance team had to issue the customer a credit leading to more inefficiency and a wrinkle in customer confidence.

Laserfiche allowed the company to develop delivery tickets to be scanned at the mill. Tickets are now available in 24 hours, and the processing time for invoicing has gone from six hours to just three. Warranty costs have decreased while customer confidence has increased.

Mobile App to the Rescue

Finally, with the mobile app the organization was able to decrease the complexity for one of its farming divisions, Dutchland Farms, all while staying in legal compliance. This specific division contracts egg production and pullet growing. The FDA published its Veterinary Feed Directive (VFD) regulations in 2015, a regulation that directly applied to Dutchland’s this team of growers and producer. The directive added to the list of antibiotics that required a veterinarian’s prescription to administer. In addition, flock owners now had to have a flock health plan and an established relationship with a veterinarian. We initially had a manual process to write and store the plans, but that process was digitized and automated with Laserfiche in 2017. Service technicians can now get electronic forms signed at the farm and be immediately transmitted to the company’s consulting veterinary practician, who lives out of the country. As a result, we were able to significantly reduce the time from farm signature to vet approval/signature of the Flock Health Plans, and saved on a huge amount of paper copies and mail costs.

What’s next? These days, we’re searching for a new ERP system, a multi-year journey that will include scanning capabilities and an expanded role for Laserfiche. Meanwhile, all the products developed are still a work in progress even as the software expands to teams like quality assurance and human resources.

Mobile FSQA apps

Are Mobile Apps a Game Changer for Food Safety Professionals?

By Maria Fontanazza
No Comments
Mobile FSQA apps

Many food safety and quality assurance (FSQA) professionals are constantly on the go in the workplace. They can be found on the floor of a manufacturing facility, off-site conducting supplier audits, or out in the field performing pre-harvest inspections, just to name a few locations during their busy day. “To benefit from food safety automation, these folks need more than the capability of logging into a system through a desktop,” says Levin. “They need a true mobile app that provides automation support out in the field,” says Barbara Levin, senior vice president of marketing and customer community at SafetyChain.

While other industries have been quick to adopt mobile platforms, the food safety industry has been much slower. Adoption is, however, gaining traction. In a recent conversation with Food Safety Tech, Levin talks about the value of FSQA mobile apps in today’s environment, where access to real-time, actionable data is crucial for the food industry.

Food Safety Tech: What common challenges faced by FSQA teams do mobile apps specifically address?

Barbara Levin: Mobile apps allow collection of FSQA at the point of origin, along with immediate access to the information for analysis, CAPA and reporting:

  1. Getting timely feedback on non-compliances for CAPA. When FSQA data is inspected at the end of the shift on paper, finding non-conformances often means rework. The instances in which this happens are too numerous to count. With mobile apps, you receive timely feedback. Information in the system is immediately analyzed to specs, so you’re catching non-compliances at the earliest point possible.
  2. Consistency in following your FSQA programs. This could be your USDA HACCP plan, FSMA HARPC plan, GFSI program, customer quality attributes and other components of your FSQA programs. Program components change all the time (i.e., Specifications, processes, rules in HACCP, GFSI code, forms, workflow, etc). Are FSQA managers confident that everyone is following the most up-to-date program? Is everyone following the workflow and doing everything in the right order? Are they completing tasks accurately? Using the right forms? Unfortunately companies find out that steps are missed or outdated forms were used during an audit; or when missed steps result in expensive rework or in the worst case, a customer rejection, withdrawal or a recall.

    Mobile apps will always have the most up-to-date forms, processes, specs and more. They act as a coach, leading the FSQA team member through the proper steps. When you enter incorrect or incomplete information on paper, it may not be detected until the end of the day or shift. A mobile app will issue an alert if incorrect information is entered; and it won’t let you submit a form if all fields aren’t complete. Because all of the updates are made in the system and pushed out to the app, if the specification changes while an FSQA team member is on the plant floor, when he or she logs in, the latest spec will always be there. You’re ensured that only the up-to-date program is being followed and that only the most up-to-date forms are being used.

  3. A lack of information for continuous improvement trending. If you have multiple facilities and products (resulting in mountains of FSQA paper), it’s a huge, manual task to make all of the data useful and relevant. With mobile apps, all FSQA data is entered “once and done,” making it accessible and actionable for immediate FSQA result tracking, daily KPI reporting and continuous improvement.
  4. Audit readiness. Mobile apps take audit readiness to a different level. With FSMA and GFSI, the saying is, if it’s not documented, you didn’t do it. By collecting FSQA data at the point of origin, all data is time and data stamped and uploaded to your permanent FSQA record. There’s no redundant data entry, mistakes are avoided, and there’s greater record efficacy that helps companies be audit ready, on demand.
Mobile FSQA apps
Mobile forms capture safety and quality data at the point of origin; data is actionable and then uploaded into a central repository for reporting and audit readiness. Image courtesy of SafetyChain Software. (Click to enlarge)

FST: What is the biggest benefit that FSQA mobile apps offer? 

Levin: The first benefit is real-time feedback. If you think about how things were done in the past, using an example of a pre-harvest inspection, you’re out there with a clipboard, making observations and recording non-compliances. Then you have to go back and enter the information into a spreadsheet, or turn it into a PDF, and send it to the food safety manager, who may or may not be sitting at his or her desk. Waiting to get a response equals time lost. And in the food industry, time equals money.

When you’re entering information into a mobile app, it analyzes that information in real-time and according to specifications. When there are non-compliances, alerts are pushed to the FSQA manager – wherever [he or she is located]. The manager can then generate a CAPA, which can then be completed, documented on the mobile device and electronically signed off by the manager. The process is expedited, and expensive rework is avoided.  

The second benefit involves data efficiencies. When data is collected on a mobile device, it’s entered only once and is then immediately available for multiple uses, such as a customer’s certificate of analysis, attachment to GFSI code for audit, or to be produced upon demand for a regulatory inspector. With a manual system, there’s a tremendous amount of redundant data entry. We hear this all the time from food safety folks— that they feel like they’re managing paper instead of food safety programs. When data is entered into a mobile app, it’s accessible immediately to FSQA, operations, vendor purchasing, management – any stakeholder who has a need.

“The Power of FSQA Automation Via Mobile Applications” Download the whitepaperFST: What approach should be taken to encourage the investment in and implementation of an on-the-go FSQA mobile platform?

Levin: I would love to think that in an ideal world, the creation of operational efficiencies that enable a higher level of confidence that you are sending out safer food is enough. Food companies are businesses, and they have obligations to consumers, which they take very seriously. But they also have obligations to their shareholders. When we talk to folks who really want this, it’s very easy to create a business case to senior management based on ROI. When you can close the gap by hours and days in the food industry, that time equals money. Avoiding rework also saves money.  And there’s ROI in faster sales throughput and increased shelf life by reducing hold and release times. We’ve heard from our customers that the solutions have paid for themselves and started to create ROI within three to six months.