Why Hackers Target the Cannabis Industry
Getting Dragged Down
The East Coast Cannabis industry is still defining itself. Licenses are much harder to obtain and the road to opening a dispensary is long and difficult. From entrepreneurial idea to open door, from every seed to every sale, everything has to be in its place. There is a lot at stake, and a lot to be done, in order to be sure that the investment is protected. One place that you may not be considering in the equation though is your IT infrastructure. Did you know the cannabis industry is a popular target of hackers? Do you have a plan in place to prevent your dispensary from being a victim?
Why is the cannabis industry such an attractive mark? Because you have access to valuable information. Perhaps you don’t think so?
Do you file any of the following?
- Names (Patients/Clients)
- Phone numbers
- Social Security numbers
- License Numbers
- Credit Card numbers
- Medical information
- Insurance information
Although many of your applications will be cloud based, if any of this information is located, copied, or stored locally, it could be at risk. A breach of the local systems could also mean access to password or authentication information that would allow for visibility into the cloud applications. Additionally, there is the potential for theft of intellectual property and or research and development data that you have compiled.
With both a retail and medical footprint, the cannabis industry has hackers drooling. In the event that they can breach your network, and find their way into your systems, they may be able to access personal health information as well as potential payment information. This data can be sold for a decent amount of money to the wrong people. Alternately, with the stigma that remains around marijuana, this information has also been used for patient extortion.
Data loss or breach can be catastrophic for a business. There is the potential of fines and recourse from HIPAA, PCI, and state regulations, but there is the customer side as well. Notification and assistance to those affected is expensive. When compounded with the hit to your reputation, this can be irreparable. In addition, statistically, once you have a problem, it will likely continue. As small business goes, 60% of those that experience a cyber-attack go out of business within 6 months (Inc.). If they manage to survive, they run a 28% chance of being victimized again within 2 years (IBM).
Another reason the cannabis industry is so attractive is that you are still a relatively new industry. New can often mean that certain aspects of your business are still immature. In this case, that immaturity tends to come in the form of technology knowledge. Chances are that you got into this business to grow and sell. Your focus is on the plant/product. This makes perfect sense but can also leave you vulnerable. Your IT infrastructure needs to be top of mind as well. Breaches occur because systems are not properly protected. The only thing better than the personal information that your company may have, is easy access to it. You need to have a plan in place to prevent this.
- Patches and updates need to be applied. Many malware and ransomware viruses are written to exploit those who are not keeping up to date.
- Anti-Virus and anti-spam need to be implemented, updated, and monitored.
- The same is true with settings for firewalls, access points and switches.
- Your network needs to be monitored and audited.
- Access controls need to be put into place.
- Staff should be educated on the basics of cybersecurity
Is your head spinning? Managing your systems, and the vendors, can be overwhelming. You will need to be integrating all of the software to ensure maximum efficiency. There are so many moving parts including inventory tracking, CRM, Point Of Sale, not to mention your environmental controls. From cultivation and extraction, to your kitchen and packaging, all of the technology will need to be organized and “speak” to one another. If you don’t have someone with the time and expertise to be handling all of this, your company will be at risk. This touches on another reason that you are such an attractive target.
To have the proper staffing on hand to manage all of these tasks can be expensive. Physical security likely takes precedence over cyber security. Salaries are high and the skillset is in demand. The wrong hire can be as detrimental as not hiring at all.
Don't Get Burned
There are a few things that you can do to try to right the ship though, and they can all stem from the same place. There is a great value to hiring a Managed Services Provider (MSP). They can take care of all of the aforementioned tasks, while providing guidance and advice for future technology decisions, often at a more reliable and palatable cost. Worries about knowledge base as well as time away from the office (sick/vacation/emergency) disappear. You have a team of experts available at a fixed monthly fee that you can budget for. In the case of Infoaxis, we also strive to educate your staff. If employees can recognize and avoid phishing schemes and other attacks, fewer problems will exist. A staggering percentage of breaches occur due to non-malicious employee error. We aim to remove that from the equation.
While data security and cyber security may not be the focus of your business, it is a major component that should be given the proper attention. You would never forget fundamentals like watering your plants or giving them the proper light. Not treating technology in this same way puts your business in a dangerous place.
You have fought too hard to get to this point. Build an infrastructure that will grow with your business, compliance demands, and the industry. Don’t have it all go to waste by not taking proper precautions.
Let IT4Cannabis help.