As a former cybersecurity professional, I expected to leave technology behind when I quit my career to start farming. However, in an era when many of our transactions are digital, our business relies on social media, and digital scams are more common than ever, I find myself dealing with cybersecurity-related issues on a near daily basis.

Coincidentally, my husband just fell victim to a phone scam just this morning while running a frantic farmers market booth. As it turns out, busy, distracted farmers might just be the perfect targets for cyber-attacks and other scams to steal money and private data. Here are some practical tips for how you can best protect yourself, your employees, and your customers, while also running a busy farm.

 

Always opt in for “2FA”

Two-factor authentication (2FA) is when a website or app uses two ways to verify your identity — for example, a password and a text message with a pin. It can be a pain, but it’s one of the best and easiest ways to project yourself. Passwords are compromised all the time, but making a second authentication method mandatory on your account will protect you from malicious actors even if they know your password.

 

To protect your farm and your customers, turn on two-factor Authentication on all of your accounts.

 

2FA has become ubiquitous. You should be able to turn it on for nearly all of your accounts, including your bank accounts, Square and other point-of-sale systems, your email, and your social media accounts. Usually you can find it under Settings, in the Security section. Take the time today to turn it on wherever you can.

 

Password hygiene

The bleak reality is that basic passwords are less safe than ever before, as data breaches become more and more common, which is why 2FA is now so important. Still, you can make your passwords somewhat safer by following basic hygiene tips. First, choose complex passwords with a mix of lowercase and uppercase letters, numbers, and special characters.

Never use the same passwords for multiple accounts. Avoid using basic dictionary words and easy-to-guess passwords like pet’s names and children’s birth dates. Even just changing a couple of characters can make them much more secure. And change your passwords often. If you have to file sales or income tax returns quarterly, that can be a great reminder to also change passwords on your important accounts.

Sharing passwords with different people isn’t best practice, but as a farmer and small business owner it may be inevitable that you need to share accounts with co-owners or employees. For shared accounts, I recommend changing those passwords at least monthly. Keep a list of who has access to what account so that you can also change passwords if an employee leaves. As much as possible, choose creating new accounts for individual users rather than sharing passwords with employees.

 

Be wary on social media

Many farmers are making social media a critical aspect of their businesses, posting daily and using it as a primary way of reaching customers. Yet, it can pose many dangers to a distracted business owner.

Scammers, often posing as Meta/Facebook admins, may attempt to steal your account passwords to gain access to your followers and steal their information. It’s important to know that Meta will never contact you exclusively through their messenger app, and official-sounding messages received through social media apps are almost always fake.

 

Meta will never send you copyright infringement notices via their Messenger app in Facebook or Instagram. Delete and report these messages, and never click on links.

 

Generally, avoid clicking on any links sent through social media and definitely avoid entering any information into those links. Again, turning on 2FA will help protect your account; even if you do accidentally reveal your password, scammers will be unable to access your account without also having access to the associated phone number or email address.

Another scam that’s popping up are fake, imposter accounts. These accounts will look like familiar accounts by stealing their images. We’ve recently fallen victim to this, with fake accounts impersonating us and trying to steal information from our followers. While there’s not much you can do to prevent it, if you do see these accounts you can encourage your fans to block and report them. In our experience, they’ll be removed within a few days.

Farmers should be aware that many social media platforms, including Facebook and Instagram, prohibit the sales of livestock and animal products. Posting, for example, eggs for sale, could result in your account being banned.

While this is more of a marketing tip than a cybersecurity one, it’s always a good idea to focus on building your email lists as much as your social media presence. If your account gets banned or hacked, you’ll still be able to reach your customers if you have built a strong email list.

 

Customer and employee data

As your farm grows, it’s not just your own information that you’re responsible for. You may also have personal information, like Social Security numbers, birthdates, addresses, and banking information, for customers and employees. Not only is it your ethical duty to protect this information but, depending on your state, it may be the law.

 

Safeguarding customer and employee data is another critical aspect of cybersecurity on the farm.

 

Avoid sending any private information via email, which can be at risk for unauthorized access. Many (often free) options now exist to send messages and documents securely, including Gmail’s Confidential Emails option and third party document services like DropBox. Opt for these over normal emails when sending personal data like payroll forms.

In general we avoid directly handling or entering customer credit card information ourselves. Instead, we use a payments provider like Wix, Square, or PayPal, to accept payments. Never ask customers for banking information via email or social media, instead, direct them to secure links to pay.

While so much information is electronic these days, you may have paper documents that you need to store. Always use a locked box for personnel forms, like I-9s or W-4s. Most HR paperwork can now be stored electronically on a secure server like Dropbox or Google Cloud Storage, which can be more secure than paperwork with an added benefit of eliminating clutter.

If others in your business, like an administrator, also handle employee or customer information, ensure that they’re trained on proper security. Including security in your employee handbook can help ensure that the messaging is clear.

 

Email and phone scams

Phishing attacks — when scammers pretend to be trusted parties in order to steal your information — are becoming more sophisticated and more common. Especially if information about your farm is readily available online (what products you sell, what your name is, and where you’re located), it’s easy for scammers to create believable yet dangerous communications. Phishing emails used to be easy to spot due to grammatical errors and other linguistic oddities. But in the era of AI, it’s easier than ever for scammers to make emails seem legitimate.

A good rule of thumb is that if something seems too good to be true, it probably is. A new client with an outrageously large budget? A major movie that wants to shoot at your farm? An enormous grocery store that wants to buy up every last tomato and pay you twice the going rate?

 

If an email seems too good to be true, it probably is. All images courtesy of the author.

 

Proceed with caution, avoiding giving personal information, and never click on links. Always verify where emails are coming from — look for anomalies in the email address, and if you’re in doubt start a new thread directly to a verified email address rather than directly replying.

This advice applies to phone calls as well. In general, any official phone calls from service providers, banks, and tax departments, should be treated with high suspicion. The IRS never calls requesting information, and neither do most banks. Never give out any information. Instead, call the company back at the number listed on their website.

I wish my husband had received that advice this morning when that scammer called him up pretending to be our bank. The scammer had just enough information, like my husband’s name and a few digits of our business credit card number, plus a very professional sounding tone, to trick him into believing the call was legitimate. He ended up giving additional personal information right to the scammer.

Luckily, he told me what had happened and I quickly suspected a scam. We immediately called the bank using the number on the back of our card and were able to get a new card number. The lesson here is that even the spouse of a cyber expert can fall victim to an attack. In a time when scammers are more sophisticated than ever, it’s important to always keep your guard up and be cautious when handling information.

 

Rebecca Kutzer-Rice owns Moonshot Farm, a specialty cut flower farm in East Windsor, NJ. She grows flowers year-round including in a geothermal greenhouse, for retail markets in and around NYC.