Agriculture and Fishing

sheep grazing on a hillside

Agriculture and fishery businesses rely on the same services small businesses use in other sectors. This includes services to make and receive payments online, and manage payroll and inventory.

But advances in technology have made it easier for farmers and fishers to work more efficiently, and at a larger scale. These technologies include:

  • the heating, ventilation and air conditioning (HVAC) systems in warehouses and production areas
  • smart sensors to monitor key variables like humidity and temperature
  • livestock tracking tags and sensors
  • milking parlours and other agricultural machinery
  • logistics and farm management software.

Cyber attackers could use any of these devices or services to target your business. A successful attack could be devastating for you, and for the sector.

We’re here to offer information, advice and support. If you have any questions, you can contact us:


Beginning section How a cyber attack could affect your agriculture or fishery business

How a cyber attack could affect your agriculture or fishery business

A cyber attack could affect your agriculture or fishery business in many ways. How it affects you will depend on the type of attack, and what the attackers have managed to access.

This page gives examples of some of the issues you might face.


Monitoring and quality control

A cyber attack could disable any smart sensors or HVAC systems use you use for quality control. Traditional methods of quality control will be more time-intensive and less precise. This could lead to more wastage or a drop in quality, both of which will reduce your income.

It might take some time for you to discover the attack and put in place a workaround. In the meantime, large amounts of produce could be spoiled.


Food safety

After a cyber attack, you may not be able to produce and store your product in line with food safety standards. This poses a higher risk for fresh produce like milk, fish, and seafood. As you won’t be able to sell any affected produce, the losses could be significant.


Managing income and outgoings

A successful cyber attack could stop you from taking or making payments. You may be unable to pay suppliers, and get the equipment and material you need to work. You may not be able to take payments from selling your product.

If the attack affects your payroll systems, you may not be able to pay your staff in good time.

 


Beginning section How to protect your agriculture or fishery business

How to protect your agriculture or fishery business

Potential cyber criminals are always developing new techniques and approaches. This means that there’s no way to guarantee that your agriculture or fishery business is safe from every cyber attack.

However, there are several steps you can take to reduce how likely you are to be a victim of a cyber attack.


Backup important information

  • Identify which information is critical and make sure that you have a segregated backup. This backup can be online, for example, through a cloud-based service. It can also be offline: on a USB stick, an external hard drive, or a computer which is not connected to the internet. You can also use cloud-based services to backup your information.
  • Schedule regular backups of your data. This will mean that you have access to the most recent version of your critical information.
  • Test your backups regularly. This will mean you know if the backups are working. It will also mean that you understand how to recover the information if you need to.


Keep your devices and software up to date

  • Like any piece of machinery, computers, tablets and mobile phones need regular maintenance. This will make them more effective, and more secure
  • You should update all your IT devices regularly. This process is called patching. It means that the developer of your device has identified security issues and fixed them.
  • We recommend that you aim to install patches no more than 14 days after they’re released by the developer.
  • If you use ‘smart’ technology devices, you should also patch them regularly.


Protect against malware

Malware is a piece of software which is designed to damage, disrupt, or gain access to your systems. You should take the following steps to stop malware causing harm:

  • You should install antivirus software and firewalls on all devices. This includes any personal devices that staff use for work.
  • Antivirus software detects and removes any malicious software or viruses from your device. Firewalls create a protective barrier between your network and external networks.


Use strong passwords

  • Turn on password protection wherever it is available: this includes across your devices and the services you use.
  • Make sure that all staff are using strong passwords. The National Cyber Security Centre (NCSC) suggest using a combination of three random words.
  • Use extra security protections, including 2 step verification, wherever it is available. You can find more guidance on this via the National Cyber Security Centre (NCSC)


Be wary of phishing attacks

  • Cyber attackers use phishing as a way into a system or network. They will often send an email to trick a user into clicking a link or downloading an attachment. The attachment or link will allow the attackers to steal the user’s information.
  • Ensure that staff are aware of this risk, and that they remain vigilant.


Have a plan

  • If you develop and test an incident response plan, it won’t prevent a cyber security attack. But if you have an incident response plan, it’ll help you respond if you do experience an attack.
  • An incident response plan sets out what you would do in the event of a cyber attack. This includes who will make decisions, how you can contact them, and what process you will follow.
  • An incident report will also set out when to seek legal or HR support.
  • You can find more information about incident response plans via the UK’s National Cyber Security Centre (NCSC).

Beginning section Cyber Essentials

Cyber Essentials

Cyber Essentials aims to protect organisations against a range of cyber attacks. The scheme is backed by the UK Government and is available in Jersey.

Cyber Essentials is a certification scheme. To be certified, you need to have basic cyber security measures in place. This scheme focuses on preventing the most common types of cyber attacks. These attacks are usually targeted at organisations that have no basic protections.

Once you’ve introduced these measures, then you can become certified. There are two different levels of certification.

Cyber Essentials (CE). To reach this level, you take part in a self-assessment. This process is easy-to-follow so that even small organisations can take part. This level of certification costs from £320 (from 2 April 2024).

Cyber Essentials Plus (CE+). This level builds on the CE accreditation. We recommend this certification if your organisation uses technology to deliver your services. We also recommend this for organisations that process confidential data. What you pay for CE+ will depend on how big your organisation is.

Find out more about on-Island providers of Cyber Essentials.


Beginning section Jersey Cyber Shield

Jersey Cyber Shield

Jersey Cyber Shield is a free service offered by JCSC for organisations. We have designed it to give you extra protection by working with the security measures you already have in place.

We use four methods to find security weaknesses which an attacker could target. If we find weaknesses, we tell you what they are so that you can address them.

Jersey Cyber Shield is suitable for different sizes of organisation and is free to join. (There are some optional elements which are more complex. Because of this, we may need to request a contribution if you want access to these services.)

You can find out more about Jersey Cyber Shield on this page.


Beginning section Useful resources

Useful resources

If you need more information about cyber security, your IT provider should be your first contact. This advice and guidance can provide a starting point for general queries.

The UK’s NCSC has guidance for farmers. This has been produced with the National Farmers Union. It includes information on creating strong passwords, patching, and malware and is useful for all agriculture and fishery businesses.

NCSC has also created guidance for small businesses which you may find useful.

Harper Adams University and NCC Group have produced a report on Cyber Security in UK Agriculture. This academic paper sets out in more detail how cyber attackers could target your systems, and how they could use what they find.


Beginning section Reporting an Incident

Reporting an Incident

If you experience a major cyber security incident and report it to us, we can help you in several ways. We can provide technical advice and guidance to help you respond. We can also use our access to intelligence and expertise to help inform how you respond.

In some circumstances, we can provide direct technical support, and help you communicate.

You can also report an incident by phone on 01534 500050, via email (incidentreports@jcsc.je) or online via this form.

Find out more about how we can help.

There are a range of organisations you should contact: in some cases, this will depend on the nature of the incident.

The States of Jersey Police (SoJP). You should contact the SoJP where a crime has taken place, or if you suspect that a crime has taken place. They have the ability to handle digital forensic investigations. More information on how to report a crime is available via the SoJP website.

Jersey Office of the Information Commissioner (JOIC). You should report the incident to JOIC if the cyber attack has led to a personal data breach. You can find more information on when and how to report a breach via the JOIC website.

Action Fraud. Action Fraud is the UK reporting centre for fraud and cyber crime. You can make a report via the Action Fraud website.