Emile Aleman, functional manager at Levoplant, has been working at the orchid nursery with five branches for seven years. As the focal point for IT, data, and cybersecurity, he sees digitalization increasing rapidly. From analog robots to smart screens you can control remotely—everything is becoming automated. This brings huge efficiencies but also risks.
"IT and data are crucial to our business," Emile explains. "If our systems are down due to a hack, for example, we drop from 100% production capacity to about 40%. That means immediately phoning customers about deliveries that cannot go ahead. This will be no different for other large growers. As a company, you always want to avoid this."
Security requirements
Levoplant therefore takes cybersecurity very seriously. They have made two-factor authentication (2FA) mandatory for all accounts and have a strict password policy. "While 2FA was seen as an extra effort a few years ago, it is now a basic measure that every organization must have in place. We embraced it several years ago. We find that more and more companies are accepting this as normal, which is good." For corporate data on mobile devices, a special app protection policy is in place. "If you want company mail on your private phone, your device has to meet our security requirements," says Emile. Levoplant has also implemented network segmentation to isolate systems to make them less vulnerable. If something goes wrong somewhere, other networks are not immediately at risk. They also use an accounting program with automatic checking of invoices and bank account numbers. This is to prevent money from being transferred to the wrong bank account number, for example, if a phishing email arrives with a new bank account number from a supplier.
The importance of these measures became clear recently when a customer fell victim to invoice fraud via a phishing email. "A stranger had purchased a domain name similar to our website. The customer didn't notice the difference and transferred a payment to the wrong account number. This came to light when he received our reminder to pay our invoice." The example shows that it can happen to anyone.
AI brings increased threat
"We see cyber threats increasing exponentially, especially with the rise of AI," warns Emile. "Phishing emails are becoming more convincing and attacks on our network have quadrupled. That is why we train our staff continuously. Like a VCA certificate (for safety requirements), we require everyone to undergo security training. The certificates will go into your personnel file and, in this way, we include everyone in this form of safe working."
© Floriday
Tips for growers
His tips for other growers: "At least start with requiring two-factor authentication. Get your network monitored and segmented. And set requirements for your staff in terms of security awareness. Train your staff and explain the importance of implementing new apps or IT solutions securely rather than just quickly. It takes time and sometimes overcoming some resistance, but you always come out of it with workable and therefore safe solutions. Cybersecurity is never finished. We too have complex challenges still and need to continuously invest. Most importantly, you need to recognise that cybersecurity is not a one-off project, but something you need to pay structural attention to and grow into."
Emile is a participant in the Royal FloraHolland Cyber subscription. "The app group in which cyber threats are shared from the Cyber Resilience Centre I find valuable. You can chat with other companies in a 'protected' environment and support each other if there are problems. You are also collectively helping to make the sector more resilient."
"There is no time left to put off cybersecurity," concludes Emile. "Several years ago, the AI era started and it is now moving faster than ever. As a company, you don't have to do everything yourself. By working with your IT partner and using initiatives like the Cyber Resilience Centre, you can make huge strides. By bringing in experts, you will know where your risks lie and what you can do to better protect your business. You can already reach a minimum standard with relatively little effort and make a big difference." Finally, Emile indicates that it is advisable to have a contingency plan, so that you are prepared if you do get hit by a hack or something else.
For more information:
Floriday
www.Floriday.io