Opinions expressed are solely those of the author and do not reflect the views of Rolling Stone editors or publishers.
Healthcare and pharmaceutical companies have been hit pretty hard by cybercriminals, so it’s likely a matter of time before we see more cannabis companies in the news with multimillion-dollar ransom demands.
To find out just how vulnerable the cannabis industry might be, I reached out to Ben Goodman, founder and CEO of CyRisk, a U.S.-based cyber risk analytics platform. He revealed some insights and results from a forthcoming research project he conducted earlier this year, which found that half of the cannabis companies they analyzed had moderate to poor security.
As someone who comes from the tech industry and now works in cannabis, I see the potential for these threats to really blow up in the years ahead as the industry grows. And as cyber threats increase and become more sophisticated, I believe this is a topic worth discussing.
Cannabis Companies Could Make Savory Targets
Many of these nascent cannabis companies haven’t historically thought of themselves as tech companies, meaning their systems may be less sophisticated and easier to compromise. POS tech is essential to cannabis retail operations, which also makes them vulnerable and ripe targets for ransomware or other cyberattacks.
Another critical area where cannabis companies may be vulnerable includes automation. Intelligent automation plays a significant role in cannabis cultivation. It is typically used for various elements, from developing and managing the standard grow environment (e.g., water, temperature, LED lighting, etc.) to trimming the cannabis plants. Smart sensors throughout the whole environment send reports, causing conditions to be modified and/or adjusted accordingly, as well as automatically. This type of cannabis technology has made growing less labor-intensive and allowed farmers to achieve more controlled and consistent results. But it also makes these cultivators and operators more susceptible to cyberattacks and ransomware attacks.
While most cannabis companies put physical security at the top of their priority lists to prevent the more common armed robbery from occurring, they should understand that cyberattacks pose a serious threat.
Ransomware attacks are happening across disciplines, from large companies to small businesses. In fact, experts say “small businesses comprise approximately one-half to three-quarters of the victims of ransomware.” Because of this, I believe every cannabis company, therefore, needs to heighten its cybersecurity initiatives and make it a point of its operational strategy from the onset.
Make no mistake — the threat is real. Since the emergence of the Covid-19 pandemic, U.S. authorities are reporting a dramatic increase in cyberattacks. Following are just a handful of measures to help keep your burgeoning cannabis business safe.
Educate Your Staff
If you don’t teach them, you can’t expect them to understand the rules of cybersecurity. Proper employee training is essential in 2021 and beyond. All it takes is one employee clicking on a phishing email to compromise your entire company’s security.
Upgrade Your Cybersecurity
Speaking of safety tools, your cannabis organization should always deploy the most cutting-edge cybersecurity technologies. Make sure to do a breach audit to identify the threats that exist and also determine the right cybersecurity programs for your organization and team.
Consider a VPN for Remote Work
A recent report from collaboration software provider, Wrike reveals that more than 40% of remote employees are accessing confidential business information while using unsecured personal applications.
This is why cannabis brands with staff working remotely should consider a VPN (virtual private network) for optimal protection as it encrypts data sent/received over the internet. Browsing with a VPN is one of the easiest ways to achieve more privacy.
Set Stronger Passwords
Even in 2021, the truth remains that too many people still don’t realize the importance of setting a strong security passcode. Let me remind you of the basics of setting a stronger password:
• Don’t use personal names and private information in passwords.
• Don’t use a simple password like “popcorn” or “123456.”
• Combine capital letters, small letters and numbers to build a superior password.
• Don’t use the same password across different accounts.
• Make sure you’re also using two-factor authentication.
Update Your Operating Systems and Applications
Most people ignore system updates and upgrades. Don’t fall into this trap. Do your best to update every tool, app, operating system or program as soon as you receive a notification. Hackers are often using bugs in older versions of software to breach defenses.
Remote Work Threats
With more and more employees working from home, a whole host of cybersecurity threats must not be ignored, such as:
• Increased risk of phishing attacks.
• A growing number of ransomware and malware attempts.
• Low protection levels of home-based devices.
The Bottom Line
The growing number of malicious attacks shows just how real this danger is to businesses. Cannabis brand leaders should pay more attention to the various aspects that comprise security, as it could be only a matter of time before they need to deal with a breach. After all, an ounce of prevention is worth a pound of cure. As the cliche goes, it’s better to be safe than sorry.