By Kristy Foster Seachrist
Imagine this: You are out of town. Your bookkeeper gets an email. “Please transfer $100,000 to XYZ bank.” It’s a weird request but the bookkeeper knows you are out of town and this bank claims to be from that area. The bookkeeper assumes you want to purchase a piece of equipment you found. So the bookkeeper transfers the money.
You call in to check in and the bookkeeper mentions the money transfer. It turns out that there was no request to transfer the money. The cops and eventually the FBI are called to investigate and to try and get the money back.
However, it’s gone. The money can’t be recovered.
Think it can’t happen to you? Think again says Attorney Nick Merker, an associate with Ice Miller, who spoke at the Ag Data Conference in late November.
This kind of attack can happen through a phishing attack in the company’s email. Somehow, the criminals were reading your email or your bookkeeper’s email and found out you were gone and made an attack. Phishing is when someone defrauds an online account holder of financial information by posting a legitimate company.
He offers insight into ways to prevent trouble in the future.
Set a notification procedure
Merker says a company or farm can stop the scam by having a notification procedure if the bookkeeper gets a financial request. The bookkeeper would not take action until a business owner or partner has verbally confirmed the transaction. And he advises setting up a notification system on any accounts so that as soon as a transfer of any kind is made that more than one person knows it is happening.
Merker made one thing clear in his presentation; farmers can be prone to various kinds of data attacks. Stealing funds is not the only type of data attack a farm can undergo. There are some privacy and security principles every business should do:
Make sure you own your data
Review every contract and ensure when any data is collected from your operation, you own it. However, owning isn't enough (see No. 3).
Read the fine print
When reviewing a data contract be sure to read the fine print to be aware of all your rights. Here's a sample statement you want to avoid in a contract:
“By submitting, posting or displaying content on or through the services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such content in any and all media or distribution methods (now known or late developed)."
Think about sharing
The contract fine print should also be clear about what happens to your data if it is transferred to another party. Make sure they can't share it with another without your consent.
Data breach response
Ask about the data breach response and notification system of a company that is working with your data. Ask about when you will be notified of a data breach, what the company is required to tell you about the breach and who pays for any losses associated with the data.
Ending a data relationship
Don’t hesitate to ask companies handling your data about how they terminate the data and destroy it once the use is over. Ask if they have a certified destruction program. It’s not enough for a company to say they hire a company to destroy the data. Ask how it’s destroyed to ensure safety.
Cover your bases
Consider basic “cyber” or “tech” insurance. First-party coverages takes care of computer crime and computer fraud. Third-party coverages includes anything that happens with network security or data breaches.
Think losses, not crime
Merker advised that when buying that cyber or tech insurance policy that you think in terms of loss, not worry about 'cause.' You want to work to be whole again.
While you want a policy that makes you whole, another point is to consider a policy that covers the costs of a forensic investigation into the fraud. This can be quite costly, so having a policy to protect you makes sense.
Keep it confidential
Merker says to get what the other party considers confidential information spelled out. Ask how long obligations last and what are the subpoena procedures if one is issued.