Jump to content

  • Quick Navigation
Photo

Maintaining Food Safety/Security During a Cyber Attack

Share this

  • You cannot start a new topic
  • Please log in to reply
2 replies to this topic

ChristinaK

    Grade - MIFSQN

  • IFSQN Member
  • 182 posts
  • 66 thanks
37
Excellent

  • United States
    United States
  • Gender:Female
  • Location:Midwest
  • Interests:Art, Games, Gardening, Costuming, Public Health, Composting (with the power of worms!)

Posted 15 December 2016 - 05:00 PM

Hello everyone!

 

So...a few weeks ago our small company had an incident where our internal tracking software was hijacked and held ransom (ransomware) by a hacker. This of course was very bad, as we keep track of all of our production, shipping, receiving, and more through that system. It's since been fixed (thank goodness), but we realized we were totally unprepared for such an incident.

 

As a result, I've been asked to come up with a backup plan for when our tracking system shuts down or fails. I know, our company should have had this in place years ago, but I wasn't here at that time to say "hey, what if this happens?"

 

Basically, I need to come up with a paper way to track our inventory and shipping, along with a procedure to follow in case it ever happens again. I'd use the check sheets we had from years and years ago before the company switched to electronic tracking, but they've been lost over time, so I have to come up with everything from scratch. Re-invent the wheel, so to speak.

 

Has anyone addressed a cyber attack in their company's emergency action or business continuity plan? Do you have any tips on how to write such a procedure? Or any tips on how to break down an entire computer trace system into a paper version?

 

Thank you in advance!


-Christina

Spite can be a huge motivator for me to learn almost anything.


Ryan M.

    Grade - FIFSQN

  • IFSQN Fellow
  • 1,326 posts
  • 479 thanks
290
Excellent

  • United States
    United States
  • Gender:Male
  • Location:Birmingham, AL
  • Interests:Reading, crosswords, passionate discussions, laughing at US politics.

Posted 15 December 2016 - 10:46 PM

Sorry to hear!  It sounds like you are on the right track with the paper documentation.  I know it will be tedious, but you really just have to mirror everything you do with the electronic system and go step by step to make sure you can capture all the information via hard copy.  When you have a list of all the required information mirror that against your process flow chart and create the necessary forms for each step in the process flow.

 

I would then have a master summary sheet where you can check against the records to ensure all information has been captured from receiving, processing, warehousing and distribution.

 

I would honestly be very concerned and want to know how IT can address it to prevent it from happening again.  Do you know how exactly they gained access or is that privileged information?



Thanked by 1 Member:

ChristinaK

    Grade - MIFSQN

  • IFSQN Member
  • 182 posts
  • 66 thanks
37
Excellent

  • United States
    United States
  • Gender:Female
  • Location:Midwest
  • Interests:Art, Games, Gardening, Costuming, Public Health, Composting (with the power of worms!)

Posted 16 December 2016 - 05:29 PM

Sorry to hear!  It sounds like you are on the right track with the paper documentation.  I know it will be tedious, but you really just have to mirror everything you do with the electronic system and go step by step to make sure you can capture all the information via hard copy.  When you have a list of all the required information mirror that against your process flow chart and create the necessary forms for each step in the process flow.

 

I would then have a master summary sheet where you can check against the records to ensure all information has been captured from receiving, processing, warehousing and distribution.

 

I would honestly be very concerned and want to know how IT can address it to prevent it from happening again.  Do you know how exactly they gained access or is that privileged information?

 

I figured I'd have to do something like that. I'm thinking we should print these all on colored paper too, at least what we use to label a pallet or incoming raw materials, so that nothing is accidentally shipped before we get the system back online to print proper tags.

 

I think I'll laminate them to keep in an emergency "system down" binder in our Production Office in case the entire computer system goes down. Because what's the point of having a check sheet if we can't access the files on our network? (Which is another virus attack we've experienced this year)

 

We're so small that we don't even have a single on-site IT person. We use a 3rd party company, but they weren't able to restore our system. Then we had to contact a government agency, who were kind enough to recommend a more capable company that specializes in these kind of issues. (IMHO, I think our main IT service is made up of some of the most incompetent computer "professionals" I've ever had the displeasure of interacting with.)

 

Like our last attack, this was a case of someone not thinking critically enough and opening a suspicious email attachment. But then again, most of the people here with company email accounts are older and have very little computer experience...so I'm not surprised at all that this keeps happening.  :doh:


-Christina

Spite can be a huge motivator for me to learn almost anything.




Share this


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users