12 Steps to Strengthen Cybersecurity in Food and Agriculture for SMBs

Cyber attacks on the food and agricultural sectors impact society, the attacks can cause disruptions to production and supply chain issues, impacting availability and pricing. From the farm to the factory, food and agricultural organizations use digital tools for everything from logistics to equipment control. 

With geopolitical tensions and conflict increasing the chances of spillover attacks, the Food and Ag-ISAC and the IT-ISAC have issued a joint statement: be ready. 

The announcement states “given the interconnectedness of networks, it is possible that cyber attacks targeting foreign countries could cause collateral damage to U.S. companies, even if they are not the intended target.” 

The Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC), founded in 2023, provides threat intelligence, analysis, and effective security practices that help food and agriculture companies detect attacks, respond to incidents, and share indicators.  

This year, the Food and Ag-ISAC, as part of their Q1 2025 ransomware report, reported that although attacks have risen across all critical sectors, the food and agriculture sector experienced more than three times the number of incidents in January and February 2025 compared to the same period in 2024. 

In its newly updated 2025 guide, the Food and Ag-ISAC outlines twelve security practices tailored to the needs of SMBs. These measures are not technical theory or abstract policy. They are practical steps businesses can take to improve their cyber defenses and respond quickly when incidents occur. 

12 Security Practices for SMBs  

The twelve security practises include: 

1. Train Staff Before an Incident Happens
2. Watch Out for Phishing 
3. Keep Systems Updated 
4. Use Multi-Factor Authentication 
5. Manage Remote Monitoring Tools Carefully
6. Control What Can Be Installed 
7. Back Up Data and Test Recovery Plans
8. Encrypt Information 
9. Monitor Accounts and Activity 
10. Share Information with Industry Peers 
11. Have a Response Plan and Test It 
12. Limit Access to Only What is Needed 

A summary of each of the practices are listed below and you can read more into each recommended practices in the guide online.  

1. Train Staff Before an Incident Happens

Employees are often the first line of defense against cyber threats. Yet, human error continues to be one of the main causes of security breaches. Providing regular security awareness training can reduce the chance of mistakes. The most effective programs include clear explanations, scenario-based learning, and periodic testing. Employees who know what to look for are more likely to respond correctly. 

2. Watch Out for Phishing

Phishing remains one of the most common and effective methods used by attackers. It does not take sophisticated technology to send a convincing fake email. Criminals often impersonate trusted contacts or well-known companies, luring recipients into clicking malicious links or downloading harmful attachments. Any unusual request should be verified by phone or in person. Staff should know how to spot red flags and how to report suspicious messages to internal teams. 

3. Keep Systems Updated

Unpatched software is a known weak point. Attackers look for devices and programs that have not received security updates. This includes IT systems and also the machinery used in food processing and agriculture. Vendors release patches to fix known flaws. These should be applied as soon as they become available. Businesses should also keep track of equipment and software that no longer receive updates and plan to replace them when necessary. 

4. Use Multi-Factor Authentication

A password on its own is no longer enough. Multi-factor authentication (MFA) adds an extra step to the login process, usually combining something you know with something you have, like a mobile app. Even if a password is stolen, MFA can block access. It is especially important for accounts that control sensitive data or access key systems. Text-based MFA is a good start, but app-based MFA offers stronger protection. 

5. Manage Remote Monitoring Tools Carefully

Many SMBs use remote monitoring and management (RMM) software to control systems from a distance. This is convenient, especially for small teams, but also comes with risks. Attackers can hijack these tools and use them to move through networks. Every RMM setup should have strong password rules, MFA, and clear access control. It is also wise to restrict use when staff are traveling or on public networks. 

6. Control What Can Be Installed

Rather than trying to block known bad apps, allowlisting flips the approach. It limits installations to only approved programs. This makes it harder for malware or unwanted software to take hold, even if an employee clicks the wrong link. Allowlisting reflects a zero-trust approach, where no action or program is trusted by default. While adoption is still low, it offers a practical way to reduce risk with minimal cost. 

7. Back Up Data and Test Recovery Plans

Cyber incidents often lead to data loss. Having backups is one thing, but knowing they work is another. Businesses should identify the data that matters most and back it up regularly, including to offline locations that are not connected to the network. These offline backups cannot be easily tampered with or encrypted by ransomware. Regular recovery tests are also essential. If your team cannot restore systems quickly, the backup is not doing its job. 

8. Encrypt Information

If attackers get access to your data, encryption ensures they cannot use it. Files and systems should be encrypted both when stored and when sent over networks. This helps prevent data theft from turning into a full-scale breach. Encryption protects internal records, customer details, supplier data, and logistics information. Only authorized users with the right decryption key should be able to access sensitive files. 

9. Monitor Accounts and Activity

Ongoing monitoring helps detect suspicious activity early. This includes looking for failed login attempts, unusual file transfers, or unexpected access to restricted systems. Regular auditing of user accounts is just as important. Inactive or abandoned accounts create openings for attackers. Access rights should be reviewed at least twice a year, and logs should be retained long enough to support investigations if needed. 

10. Share Information with Industry Peers

Cybersecurity is not a solo effort. The more companies that share threat information with each other, the faster the sector can respond to new threats. This includes indicators of compromise, suspicious tactics, and attempted breaches. Collaboration can uncover patterns that no single company would have noticed alone. Participation in ISACs or similar groups provides valuable access to alerts, recommendations, and tools. 

11. Have a Response Plan and Test It

An incident response plan outlines what to do when something goes wrong. It should cover roles, communication channels, recovery priorities, and external contacts. It is not enough to write the plan and store it in a drawer. Teams need to practice it through simulations or tabletop exercises. These drills help expose weak points and improve coordination. A plan that is tested works better under pressure. 

12. Limit Access to Only What is Needed

Not everyone in your organization needs access to everything. Using the principle of least privilege helps reduce risk. This means giving each user or device only the access necessary for their role. Admin rights should be rare and well controlled. Seasonal workers and contractors should have limited access that is removed once their work ends. Old accounts should be disabled quickly. Managing access tightly limits the damage that any one user or breach can cause.