While information security may not be the first area that comes to mind when thinking about food safety, failing to prioritize it can cause devastating harm to a company’s image and bottom line.
Sam ColeAlthough cyber-security breaches continue to rise, a recent report from Guardz states that only 44% of respondents believe their current antivirus solution fully protects their business, employees, and data. Cyberattacks and data privacy breaches can result in reputational harm, weakened employee engagement, operational disruptions, and loss of business.
In the foodservice industry, cyber-attacks could impact confidential equipment designs, prototypes/new product line details, marketing plans, employee information, or client lists, delaying production schedules and leaking sensitive information to competitors, media, or the public. Cyberattacks are increasingly focused on critical infrastructure, putting the industry at a higher risk than ever before.
Making a proactive effort to invest in information security can lead to significant cost savings. Beyond just having an information security policy in place, companies should have a comprehensive cybersecurity plan.
In-House Safety
The employee base serves as a business’ first line of defense. Internal failures can lead to leaking confidential information from the business, clients, and employees. Empower employees with tools and resources to help them understand how important and integral their role is in data security, and what they can do if they see something suspicious.
In the workplace, phishing and malware represent the most common forms of cyberattacks. Engagement tools can include simulated phishing emails, texts, or calls and annual or more frequent mandatory training.
Foodservice companies from all links of the supply chain should be careful not to overlook physical threats. Hackers can “tailgate” employees by entering a secured building or area without a badge and gain access to secure files and devices. Just as with digital security, make sure you take the time to educate employees about the risks of physical breaches.
Strengthening Cybersecurity
A thorough information security policy can ensure that every employee understands your cybersecurity guidelines. Today’s cybersecurity tools make building an effective policy easy, especially if you are required to have one for a certification. It’s important that leadership makes information security a priority and models the behaviors you expect your employees to adopt.
In addition to having an information security policy, consider having a contingency plan to use in scenarios such as a data breach or malware, lockdown, or shutdown of a physical location. An incident response plan can help you to determine who needs to be part of the response team, how you will communicate with one another, and what systems and tools must be set in place. Implementing ISO 27001 in your organization can help you protect your critical assets and apply a continual improvement approach to your information security system. Consider reaching out to a third party who can help you to understand and work through the certification or even provide a baseline security assessment.
Sam Cole
Director of product certification — equipment and chemical evaluation
Global Food Division
NSF
Ann Arbor, Mich.
This email address is being protected from spambots. You need JavaScript enabled to view it.
