A Guide to Cannabis Cyber Security


A Guide to Cannabis Cyber Security

Cannabis businesses already have to deal with some of the most strict physical security requirements of any type of company. So it almost seems unfair that just like any other business you’d have to worry about cybersecurity, too – but unfortunately you do. And the more successful and lucrative the cannabis industry becomes, the more it becomes a target for hackers.

Why Cybercriminals Are Targeting Cannabis Industry

The marijuana industry is relatively new and doesn’t have the same built-up, legacy cybersecurity knowledge that other sectors like banking and manufacturing have. This lack of awareness makes them more prone to cyberattacks compared to other sectors. That’s because most cybercriminals and hackers prioritize “low hanging fruit” – poorly-protected businesses with vulnerabilities in their systems including weak passwords, unmanaged and outdated endpoints, and insecure networks that lack well-configured firewalls. And it’s not just cannabis businesses that suffer due to their lack of cybersecurity – the data (as well as any interconnected systems) of their customers, patients, partners, and vendors are also at risk.

On December 25th, 2020 Aurora Cannabis, a well-known medical marijuana giant was targeted by a cyber attack. Employees had their data compromised in the breach including credit card information, home addresses, banking details and other government identification information. As per the sources, both current and former employees received data breach notifications and each employee mentioned that different data was compromised in this major data breach.

Aurora’s spokesperson mentioned that operations and patient systems weren’t affected by the breach. However, as per the reports, the dark web is selling the leaked data for one bitcoin. In short, about 50 GB worth of personal data was at the stake and this data included banking details, passport images and confidential business documents.

Cannabis businesses are at risk regardless of their size or what side of the US-Canada border they’re on. In Canada, one-fifth of Canadian businesses were affected by  a cyber security breach in the year 2019 – and of these one-fifth, 29% were midsize businesses, 18% small businesses, and 53% large enterprises. On the US side, it was also reported that thirty thousand customers from cannabis dispensaries in the country were impacted by data breach incidents. 

How To Protect Your Business 

We won’t lie to you – it’s not exactly cheap or easy to protect your business from cyberattacks, especially if you’re trying to handle your IT security internally. But it’s well worth it since security breaches can be extremely costly and harmful to your reputation.

Upgrade Your Cybersecurity

Mostly cyber attacks happen when your systems and software are not up-to-date. Attackers exploit these weaknesses to get access to your network. By the time you figure out hackers are in your network, the damage is probably already done. Hence, retailers should use the most cutting-edge cybersecurity technologies to protect their businesses. It is recommended to invest in patch management to manage your system and software updates. 

Breach Auditing

Cybersecurity professionals strongly recommended to all companies regardless of size a breach audit to identify the threats that already exist to establish effective cybersecurity software and team to stay one step ahead of cybercriminals. Moreover, investing in audits can be beneficial as recovering from data breaches is a time-consuming and expensive method. 

Multi-Factor Authentication

Multi-Factor Authentication shields your systems with two verification layers of identification before granting access to users. Personal devices like phones and tokens, geographic, or network locations are some good examples of MFA.  

Cybercriminals can use stolen or guessed user login data to get into critical systems, so verifying user identity has become an essential part to stay protected. Moreover, many of the users have a habit of using the same password across multiple accounts and services which results in having a weak password. 

Hence, multi-factor authentication helps minimize the risk of suspicious account takeovers and provides an extra layer of security for your business.

Major Benefits:

  • Increases security with third parties
  • Helps meet regulatory requirements
  • Protect against phishing attacks
  • Minimize the effect of security breaches

Secure your Website

Protect your website by using external firewalls that filter and block potential data packets. You can use reliable software to do the job for you. Sucuri and Wordfence are good options for WordPress websites. 

Always use a secure URL to ensure your website is protected. When your site visitors offer to send their private information, use HTTPS format to deliver it.

HTTPS is an encrypted format that should be used at the time of transmitting sensitive data.

Major Benefits:

  • Monitor and filter malicious codes
  • Give heads up for malware, vulnerabilities, and other security issues
  • Prevent unauthorized access.

Employee Training

Many f breaches occur due to employee negligence. These are very small mistakes in the moment but they leave a huge impact on the entire company’s reputation and business. Employee training helps provide awareness about typical forms of phishing and social engineering.

A generic salutation (Dear Customer), fake domains, spelling mistakes, and poor-quality logos are some potential cyberattack warning signs. A well-trained employee can identify these signs and minimize the damage.

Expert Knowledge

Cyber security threats are complex and constantly evolving, so much so that it can be a full-time job to keep up. That’s why you need to keep an eye on major cyber security trends, or at least get the occasional audit from an outside cyber security firm. Even better, you could rely on a managed IT services provider (an IT outsourcing company, basically) to manage and monitor your networks on an ongoing basis for a fraction of the cost of hiring an internal network security engineer.

Cyber Insurance

Every business needs cyber insurance. In the event of a security breach, insurance will cover some of the costs of data recovery, lawsuits, and reputation management/public relations. It limits your losses to a manageable level and allows you to recover, and even if you don’t use it, it can help you sleep a lot better at night knowing it’s there. 

Other Necessary Security Measures:

  • Install SSL and security plugins
  • Use security configuration
  • Software & hardware security updates
  • Use strong passwords
  • Use professional security tools

Wrapping up:

Marijuana retailers need to give some serious attention to the various aspects that can compromise business safety and security, as it could be only a matter of time before becoming a victim of these attacks. 

Cannabis businesses need to take accountability for their customers’ data and need to take necessary measures to safeguard it. To prevent these attacks, cannabis business owners have to implement some major security measures to shield their data, employees, website, and customers’ data, and stay protected. 

Related Articles