Tag Archives: networks

Craig Reeds, DNV GL

Six Ways to Prepare for a Cybersecurity Audit

By Craig Reeds
No Comments
Craig Reeds, DNV GL

In the food manufacturing industry, just as in any other industry, cybersecurity is very important. Your organization should be having cyber vulnerability assessments or penetration tests performed at least once a year. Like any big test you have taken in your life, this sort of assessment can be scary, but if you prepare for it, you can greatly improve the potential of passing the test. As you prepare for the assessment, there are six things you can either implement or do to make the result of this audit better for your organization.

  1. Do an inventory of what is connected to your network. You cannot expect to defend devices on your network that you are not aware of. Be sure when you perform this inventory that you include any device that connects to your network. Think past the routers, switches, desktop PCs, laptops and printers. What is connecting to your wireless network? Is your security system or HVAC system connected to the network? Creating a network device inventory can be difficult, but there are tools available to make it easier. Once you have created the initial inventory, your baseline, go back at least monthly to look for new devices or devices that are no longer connected so you can update your inventory.
  2. Determine what is running on all of your network devices. In the first step you inventoried the hardware—now we need to inventory what is running on each device. You can use tools such as Nessus to inventory the software on each computer as it scans the network to perform the device inventory. This is the quickest way to complete both of these steps. If there is old or unused software on a device, remove it. You need to document the operating system and application software on each device. This software Inventory should also be included in your baseline and verified/updated on at least a monthly basis.
  3. Use the Principle of Least Privilege. This is a very valuable cybersecurity concept. Never give a user or device more rights on the network than they/it need to perform their assigned tasks. Privileges are assigned based on roles or job functions. If a user is unable to download and install applications on their PC or laptop, you reduce the chance of a device becoming compromised. Many hackers, once in a network, move laterally through the network from machine to machine looking for information or vulnerabilities that can be used to give themselves more abilities on the network. If a hacker were to gain access to a user account or system with low privileges, it decreases the amount of damage they could do.
  4. Use Secure Configurations. All operating systems, web browsers and many other networked devices have secure configuration settings. One of the problems with doing this is that operating systems alone can have hundreds of settings to choose from. The Center for Internet Security provides benchmarks for just about every conceivable device. The CIS Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
  5. Set up a policy and procedure for applying security patches. New vulnerabilities are discovered every day and when these vulnerabilities are found, vendors release updates or patches to mitigate the vulnerability. Exploiting vulnerabilities is what a hacker lives for. An unpatched vulnerability can be almost an open door for a hacker to get into your computer or network. It is mind boggling to hear that some organization was hit with ransomware because they didn’t load a security patch that was released six to 12 months ago. When an application reaches end-of-support, the vendor stops releasing patches, and that should tell you that it is time to upgrade the software to the newest version or find another tool to perform that task. Never use unsupported software on your network. Speaking as an auditor, a fully patched network is impressive.
  6. Create an Incident Response Plan. Let’s face it, no matter what you do to protect yourself, something is eventually going to go wrong. Do you have a plan to continue operations if you lose access to your office building? Do your users know what to do if they receive or fall prey to a phishing e-mail? This process starts with performing a risk assessment. Once you have determined the potential risks, you then move on to determining how to mitigate the risks. You will need to create policies and procedures and then train the employees on them, so they know what to do.

By performing these six steps you will be protecting and strengthening your networks, your users, and trust me, you will impress the auditor. Also, it should be noted that these are not once and done steps—these are steps that must be repeated sometimes on a daily, if not at least on a monthly, basis.

Judy Black, Rentokil
FST Soapbox

What Is the Internet of Things and How Does It Impact Food Safety?

By Judy Black
No Comments
Judy Black, Rentokil

The Internet of Things (IoT) is a category of objects or devices—things—equipped with electronics and online capabilities that let them communicate data to computers and other networked devices. In the home, this may take the form of smart locks that can be controlled via the homeowner’s work computer or a Wi-Fi-enabled thermostat, allowing the user to monitor and control the temperature of their home from a smartphone app. While the in-home applications of IoT may get more consumer attention, many of its most interesting applications are happening in the business and industrial world.

You may have seen TV ads from General Electric or IBM promoting their work on networks of connected trains, semi-trucks and warehouses that communicate precise tracking of cargo and packages in shipping. As more industries begin to see how big data and instant communication can improve their efficiency, IoT is quickly catching on in many fields, including the food business. Indeed, those involved in shipping raw materials or finished food products are likely familiar with the IoT’s impact on the supply chain. The rest of the food industry isn’t far behind, as more than 57% of respondents to a recent survey of food professionals conducted by Quocirca indicated IoT has already impacted their organization.

Judy Black will be hosting a webinar on the applications of IoT in the food supply chain on Wednesday, May 24 at 1 pm ET/10 am PT. Register now

From farm to fork, connected devices are collecting data and sharing it through centralized networks that help the industry better manage supplies and finished food products. Sensors in the ground can measure moisture levels and regulate irrigation systems to ensure no crops receive too much or too little water and keep farmers informed on soil conditions in real time. At the warehouse level, incoming and outgoing food products can be tagged and scanned to automatically track data like the farm of origin or any other information required by law. In any phase of the supply chain, IoT may take the form of smart pest control devices specifying when they need service or when something has been captured in a trap.

We’re still in the early stages of IoT’s deployment throughout the food industry, but its benefits are already showing up in better food safety practices and a more efficient supply chain, both of which help to cut down on waste and reduce risk. This network of connected devices and centralized hubs for data analysis will only grow in importance as the technology develops and drives innovation in how we can use this data to improve every aspect of the business.