Monsanto's decision to house customer and employee data on one server is a "simple mistake made all too often", according to the president of security firm FireMon.
Jody Brazil, who is also the chief technology officer at the security company, commended the farming company for its haste in informing the relevant authorities and bringing in forensic experts after its subsidiary Precision Planting was breached, but reproached the firm for not segmenting its data.
He said: "Segmenting a network and distributing sensitive information across different servers on appropriate network sub-segments can and will limit the damage of a data breach - the cybersecurity equivalent of not putting all your eggs in the same basket."
Speaking on behalf of Monsanto, Christy Toedebusch said that fewer than 1,300 farmer customers were affected by a breach discovered on March 27, in which financial information, social security numbers and customer addresses had been compromised.
In a letter to the Attorney General of Maryland, the company said they believed the breach "was not an attempt to steal customer information".
As an apology the chemical and farming firm will offer credit monitoring services to those whose data was compromised, and the firm will revise its security measures.
"While no system can be completely secure, we believe our new security protocols will provide significant protection for customers' data," Toedebusch said.
Brazil added that it was easy to criticise companies for bad security practices, but that making such information public would allow others to learn from the mistakes.
"What is clear is that Monsanto has done everything in their power to limit the damage of the data breach by informing relevant government organisations, calling in forensics experts, and contacting the FBI to assist in dealing with the breach," he said.
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
M86 Security is a global provider of web and e-mail security products. We are the only security company able to provide integrated, reliable and...
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...