Timberland investment management organizations benefit from technology, but they also open themselves up to possible cyberattacks. In this blog, we look at three critical cybersecurity tips for timberland investors.
Today, all our personal and business data is stored online, from personal shopping lists and online food orders to banking investments and client contracts. Technology makes all this possible, but it also leaves the data vulnerable to cyberattacks.
What Are Cyberattacks?
Merriam-Webster describes a cyberattack as “an attempt to gain illegal access to a computer or computer system for the purpose of causing damage or harm.” It can happen in many forms, ranging from malware to phishing schemes.
“Unfortunately, about a year ago, we had a ransomware attack like many others in the forest industry,” said Stephen. “As part of the supply chain for investors, we are being targeted, so we all need to be mindful of that.”
Tom Sarno, Global Head of Timberland Investments at Hancock Natural Resource Group, agreed. “I think we’re all just as vulnerable in that arena,” he said. “We have a responsibility to define the risks that we’re willing to take with cyber information, and I think that has to be zero.”
So, what can timberland investment management organizations do to protect themselves from cyberattacks? Start with these three tips.
For more, follow along with our Campfire Sessions series on this topic.
3 Essential Cybersecurity Tips for Timberland Investors
By definition, cybersecurity is “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.”
According to Kevin Zerrusen, Managing Director of Cybersecurity at Ernst & Young, people should be “more concerned about cybersecurity than ever and less confident about the security of our systems.”
To better equip your organization against cyberattacks, follow these three tips:
- Train your employees
- Make offline backups
- Build external partnerships
1. Train Your Employees
Employees are humans, and humans make mistakes. Sometimes they click on a link in a phishing email, which is what happened at F&W Forestry Services.
“A fake invoice went into our accounting box, and the accounting clerk opened it up to look at it, which deployed the ransomware into our system,” said Stephen.
Unfortunately, users are a vulnerability, especially those with elevated privileges. Hackers target them because they have access to more secure information. That’s why it’s important to train all your employees, so they know what cyberattack schemes to look out for.
Teach them about secure browsing practices so they know how to avoid sketchy websites. And with many people now working from home, make sure your employees know the dangers of using public Wi-Fi. You can also show them how to create strong passwords and change them often so it’s harder for hackers to guess.
2. Create Offline Backups
Have your IT department make offline backups so your system can be restored to a point before the cyberattack occurred. And since most sophisticated hackers will target both your primary data and your backup, it’s important to back up your data to an offline location that hackers can’t access.
This is how F&W Forestry Services got back up and running quickly.
“My team had solid backups,” said Stephen. “We have a backup system that’s separated so it can’t be messed with. So in reality, it took us about 30 days–which is actually pretty good–to get back up and go to full speed. We were able to recover all the data because of those good backups.”
You’ll also want to encrypt your backups so that even if hackers gain access to your information, they will be unable to decipher it.
3. Build External Partnerships
External partners can provide professional guidance in the event of a cyberattack. There are three types of experts to consider:
- Digital forensics
- Public relations
A cybersecurity partner can help provide the training your employees need to navigate the digital landscape safely. They can also test your system to look for vulnerabilities that hackers may exploit.
And if any cyberattack does occur, your cybersecurity partner will be able to guide you on how to get your organization back up and running again.
When a cyberattack happens, it’s critical to know how it occurred so you can prevent it from happening again. Digital forensics experts can investigate the cyberattack so that you know exactly what led to the breach and what parts of your system were affected.
This is how F&W Forestry Services learned the details of their attack, better preparing them moving forward.
“I helped us to figure out if we have to worry about data that went out and what computers are they on that we have to focus on, so that was great,” said Stephen. “They helped us go through it.”
The Securities and Exchange Commission (SEC) requires you to declare any cybersecurity risk in public financial statements and disclose all material regarding a cyberattack as soon as possible. That’s why it’s a good idea to have a public relations team on hand that can handle any resulting press.
A PR firm can counteract misinformation and build trust with customers by developing clear communications guidelines when sharing or correcting information. This helps to rebuild confidence in your company.
Cyberattacks aren’t going away, and cybersecurity continues to be extremely important to timberland investment management organizations. Train your employees on cyber threats, create offline backups so hackers can’t access them and start building relationships with experts who can help your organization in case a cyberattack occurs.
This blog includes a video from Orbis’s third Campfire Sessions webinar series. Register for the upcoming Campfire Sessions to stay current on the forestry and land asset management industry.