Lessons Learned From The OCS Breach

The cannabis industry is evolving into a hotspot for cybersecurity attacks as a result of the rapid growth of cannabis legalization across the country. In light of this, cannabis business owners must start seriously thinking about keeping their data and client personal information safe from cyber criminals. There are new exploitable flaws to take into consideration, in addition to the industry’s already strict rules and regulations governing the production, packaging, and sale of cannabis products. 

A massive amount of sensitive data collection has followed the exponential growth seen within the past year. Customers’ identities and credit card data are only two examples of what is at risk. It’s crucial to maintain compliance with laws and take a proactive approach to cybersecurity.

An IBM study from 2018 revealed that between 2017 and 2018, the average cost of a cyberattack increased from $3.62 to $3.86 million. The study also discovered that there is a chance that a company may experience one or more cyberattacks in the upcoming year. Due to this, all businesses spend money on cyber security.

The recent OCS data breach has shaken the cannabis market and is a reminder for businesses to reassess their cybersecurity practices. Let us understand all about the OCS breach and what lessons we must take from it.

OCS Breach – What Was Compromised?

It was reported that the OCS data breach included the revenue, amount of cannabis sold, total units sold, and sell-through rates for individual stores in Ontario. According to three anonymous sources – store names, license numbers, and even information on whether a store is independently owned, run by a corporation, or by a franchisee were also leaked.

OCS has given assurances that the incident was “no failure of IT security or systems.”

Lessons Learned From The OCS Breach

Implement Multi-factor Authentication

Two-factor authentication is a meaningful concept to remember as well as a useful tool to implement. The phishing scam, often known as the social engineering scam, is one element of the growing variety of cyberattacks.

For instance, a cyber attacker targets the employees of a company with requests for wire transfers or even some type of business transaction relating to the distribution of cannabis products. These enticements may lead to employees falling for a trap that compromises company information, putting the business at risk of a data breach.

By authenticating any unusual requests, you may stop those attacks in their tracks. You can do this using software or by making a standard phone call to your telecom provider.

Access Management

Every cannabis business must understand that each vendor that needs access to the system is a potential attack vector.

Because the access control system never permits every user access to every section of the system, attacks made through an entry point like an eCommerce login are blocked before they can do extensive damage or spread. Also, outdated staff/user accounts are easily discoverable and any credentials may be easily revoked, hackers are prevented from successfully attacking using these accounts.

Suppliers and contractors are examples of third parties who can only view systems that are pertinent to them and cannot maneuver to other systems. For instance, a supplier might be given special access to a particular logistics feature but not even be aware of, have limited access to, other system components. In such cases, even if a hacker were to compromise a third-party login, the access management solution would still prohibit them from causing significant harm.

Training Is Key

The strength of your company’s cyber defense depends on having educated staff who can apply best practices to thwart threats. You should make sure your employees are familiar with the fundamentals of cybersecurity, such as how to spot a suspicious email and when to connect via a VPN. Train your staff, get them certified, and do whatever it takes to keep your business secure.

Bottom Line

Speaking of safety measures, your cannabis business must employ the most recent cybersecurity solutions. Make sure to do a breach audit to discover the threats that are there as well as the right cybersecurity strategies for your team and organization.

Cure8 can help you with pretty much everything you need to set up your dispensary, offering services for your POS systems, networks, surveillance systems, and back office including:

  • Planning
  • Audits
  • Procurement
  • Installations
  • Wifi & Troubleshooting
  • Security
  • Management

For a free consultation, visit us at today.

Related Articles