Cyber Security Tips for the Cannabis Industry
March 16th, 2017
Feature Stories, Policy
By now you have most likely heard about the security breach and hack that brought down one of the largest cannabis industry sales and inventory systems. The hack affected all of the company’s customers and brought their businesses to a halt. The fix was slow and arduous with customer jumping ship and looking for other options. If you are a customer or former customer, after finding another provider, your next question is most likely “How can I prevent such an attack from happening to my business?”.
Listen to an exclusive audio interview with Tim Belvin:
The answer to that is not an easy one to answer. There are many factors to consider when considering what it means to be “secure” in today’s complicated digital landscape that is wrought with more than millions of computer viruses, ransomware, malware, and hackers.
One thing that is simple, is the fact that you are either secure or not. The answer is completely binary and there is no middle ground. Many business people are willing to run with a mere sense of security rather than enduring the costs of insuring their business run in a secure manner. In the prior sentence, “people”, is the key factor to security. In this article, I will go through everything that one can setup to prevent hacking and loss of data, however, if the right people are not in place trained to follow policies, analyze data, or manage the many tasks necessary to be “secure”, then it is all for not.
Here are some steps you need to take to insure your business’s cyber security:
- Backup – Backing up your data, applications, files, etc. is one of the first and most important steps to take in safeguarding your business. In the case that your business experiences a catastrophic event, you have must have a copy of your digital property somewhere safe. Some businesses will trust back up services to handle their backup and then keep the data on file for 10 years plus. There are also software escrow companies that will keep backup copies of your applications on file and ready to be turned on to take the place of your production systems should they ever become non-functional. For other small business, backing up can be as simple as copying your files to a secondary backup drive.
- Use Strong Usernames and Passwords – This measure is one of the easiest things to do in safeguarding your data. Make sure to use complicated random passwords made of at least 16 digits of random mixed alphanumeric characters, including special characters (!@#$%^&*). Most security advice covers complicated passwords, but quite often, people will overlook making usernames complicated random strings and they will also forget about randomizing URLs as well. If you have the ability to control the usernames you are using, instead of using “admin” or “administrator”, use a random string, like “Amfi4tRTT”. Instead of using a URL like http://www.mywebsite.com/admin/ to access your admin area, use http://www.mywebsite.com/J12tDwHRTttt/. The admin area may still be found, however hackers will have to take the extra steps to program their bots to look and find for your admin. Bots that look for administration areas in “/admin/” will have a harder time finding yours.
- Use 2-step authentication when possible
- Use SSL for all point to point communication
- Use a firewall for all networks
- Keep your software up to date with security patches and configurations
- Protect your CPUs and Mobile devices
- Create policies for acceptable use of systems
- Limit removable media
- Create monitor process to enforce policies logs and analysis
- Only assign necessary access to users
- Limit machines to your network by IP Address and Mac Address whenever possible
- Limit communications to only necessary systems inside and outside of your network
- Have a disaster recovery plan
- Train your staff
- Go to cyber security learning events
- Designate a Cyber Security champion
- Report criminal activity to Law Enforcement
- Utilize a reverse proxy if possible to hide your real network IP addresses
- Run Tests to verify your security measures are working
- Install cameras
By keeping these tips in mind, you can ensure that your business is secure from the growing number of cyberattacks affecting the industry. Businesses may also want to consider consulting with third party security firms to double-check their systems and improve overall security.
Follow Us on Social Media
About CFN Media
CFN Media (CannabisFN) is the leading creative agency and media network dedicated to legal cannabis. We help marijuana businesses attract investors, customers (B2B, B2C), capital, and media visibility. Private and public marijuana companies and brands in the US and Canada rely on CFN Media to grow and succeed.
CFN launched in June of 2013 to initially serve the growing universe of publicly traded marijuana companies across North America. Today, CFN Media is also the digital media choice for the emerging brands in the space.
Disclaimer: Except for the historical information presented herein, matters discussed in this article contain forward-looking statements that are subject to certain risks and uncertainties that could cause actual results to differ materially from any future results, performance or achievements expressed or implied by such statements. Emerging Growth LLC dba TDM Financial, which owns CannabisFN, is not registered with any financial or securities regulatory authority, and does not provide nor claims to provide investment advice or recommendations to readers of this release. Emerging Growth LLC dba TDM Financial, which owns CannabisFN, may from time to time have a position in the securities mentioned herein and will increase or decrease such positions without notice. For making specific investment decisions, readers should seek their own advice and that of their own professional advisers. Emerging Growth LLC dba TDM Financial, which owns CannabisFN, may be compensated for its Services in the form of cash-based and/or equity- based compensation in the companies it writes about, or a combination of the two. For full disclosure please visit: http://www.cannabisfn.com/legal-disclaimer/.