Cyber Security For The Cannabis Industry: Keep Your Business Safe From Hackers
The legal cannabis industry is a very lucrative one, but unfortunately, smart people are going to find a way to get around the system just to make a quick buck – to your detriment.
Take the very recent case of a Florida cannabis dispensary website, which was taken down after being notified that customer information was leaked. The dispensary site, AltMed, was informed by a customer that viewing customer data was possible using the site’s search function. They then hired a data risk and security consultant named Kroll, to help take steps moving forward that would better protect their online data and security.
This can happen to you, and much worse. Breached networks, hacked devices, and stolen information are just some of the things that have already become common in the industry.
But not if you’re smarter than them.
While the types of cyber crime available these days only continues to evolve, this means that there is no such thing as 100% total cybersecurity for any company, cannabis or not. However, staying informed will keep you ahead of the rest, and one big step ahead of hackers. Developing a comprehensive plan and even working with third-party data and security companies will be your best bet to keeping your business and assets protected.
Tips For Keeping Your Cannabis Business Safe From Hackers
- Have a plan of action. Cyber crimes vary in structure and size, but at the very least your plan of action should include: names of individuals who are responsible for different aspects of the cyber attack response, identify how to contact key people at all times, learn how to preserve the most important data and assets in a sound manner, and establish a notification plan for data owners (including customers) whose data may be compromised in the event of an attack.
- Identify your most valuable assets: When creating a cyber incident plan, identifying what your most valuable assets are is the key to a cost-efficient solution. Think about which devices, assets, or data require the most protection.
- Implement sound technology: Adopting data loss prevention technology, off-site backup for your data, and intrusion detection features into your business will help you quickly and efficiently identify any intrusions as they happen or soon after, which would greatly help you minimize loss and overall risk.
- Adopt internal preventative policies: Prevention is always better than finding a cure, and this doesn’t apply to health but to your business, too. Internal preventative strategies may include employee training, safe password management, proper system configurations, and other necessary technical details will help you and your entire team recognize both internal and external risks that could prevent security breaches as well as reacting to cyber attacks.
What To Do In The Event Of A Cyber Attack
Should a breach occur, breathe and focus on minimizing the damage then working with law enforcement.
Here’s what you should be doing:
- Analyze the scope and nature of the breach: Is it a technical glitch, or were you the subject of a malicious act?
- Identify the extent of the damage: If you have been the target of a cyber attack, the first thing you need to do is create a forensic image which is an exact copy of your hard disk. This will later be used for analysis, and could also be used as evidence in a trial.
- Implement practices that would minimize damage: Contain the breach and prevent it from spreading by inhibiting the attacker from doing even more damage. These include rerouting network traffic, or isolating the compromised network. No matter what you do, keep a detailed record of everything you did because this will help you recover damages once those responsible have been identified.
- Notify people: Your notification list should include relevant personnel, law enforcement, and customers. Every single state in the country has a breach notification law that mandates companies who have been faced by an attack to let customers know who has been compromised or affected by the intrusion. Additionally, after the attack, companies should write up a statement that would explain to customers the scope incident and what efforts you did to solve it.
All Cannabis Businesses Have Different Security Needs
Keep in mind that there’s no one-size fits all solution for keeping your business safe from cyber hacking. Each business has its own unique security needs. For example: dispensaries may be common targets for robbers and thieves, which means that physical security is critical. Deliveries should think about robbery occurring during a delivery. Online purchasing, which is becoming more popular, is a target for stealing customer information. All kinds of online business models must prioritize cybersecurity. This is not something that you want to treat as an afterthought, because it only takes a few minutes to lose your entire business to a thief.
There’s no such thing as being too careful.