Cannabis companies are on the rise. As with any booming business there are many concerns to be had and all of this added attention makes it a great target for those who seek to negatively impact it. One of the most important things to focus on is to make sure that your company’s network is kept safe and secure. This ensures the peace of mind not only for yourself but also for your customers that the company they order and purchase from are able to be trusted and kept safe.
This is the optimal win-win scenario but it may seem challenging to get to that point. Here are 7 useful tips to utilize when it comes to securing the network of your cannabis company.
1. Secure & Be Cautious with Your IoT Devices
IoT or the Internet of Things is widespread these days. It’s hard to find a piece of technology that isn’t “smart” or in other words, connected to the internet. Many of these pieces of tech from fridges to doorbells have brought great innovation and usefulness but have also unintentionally brought potential security risks with them. Just like a computer, if an object is connected to the internet, it can be hacked or be a vector for various types of malware or other unwanted intrusions. This can compromise the network of your business and ultimately cause a variety of issues ranging from bricked computers, downtime, and overall frustration.
How does this apply to a cannabis company? For those that are growing cannabis indoors, chances are you have various appliances and tech that are IoT such as a thermostat or humidifier. It’s important to make sure that those devices are kept secure and to understand the threat they may pose to your security network.
2. Encrypting Data
If you’re selling cannabis for medicinal use it’s important to make sure that you’re encrypting data for the safety and security of your own records. Privacy is a great concern to many people if they’re using cannabis medically or recreationally. As a general rule of thumb, it’s important to keep all customer data and information under a secure lockdown to make sure prying eyes do not try to access it.
Encrypting devices and emails isn’t just used to prevent corporate espionage, it is also meant to keep your customers safe and secure. Data theft is a serious issue and for a cannabis company keeping your information and records secure is important for business. Cannabis can be a medicine for many people and the medicines that people use are their business and no one else’s. It is important to keep their information private and that’s where encrypting data comes in. In any type of security scenario, encryption is a great line of defense to protect sensitive information. A wise policy for cannabis companies is to require the encryption of any sensitive data or information in their business. Not only that, but it allows you to retain a way to help comply with any future laws that may come up in the state you’re operating in. The laws for cannabis vary wildly from state to state and are subject to change often. It’s wise to have a database of records and information that are kept safe and encrypted to keep up with the changing legislation.
3. Always Use 2-Factor Authorization
Although it may seem like a pain to do every single time you login to your computer or network, 2-factor authorization is a great way to curb any potential security risk. When it comes to keeping passwords safe and secure, an added layer of protection is utilizing the protection that 2-factor authorization has to offer.
It is essentially another password on top of your password but is either randomly generated (such as the case with Google Authenticator) or sent to another secure device or service such as your email or phone. Once the password is authorized the device or software becomes ready to use. It is an extra step to take but it is one that certainly helps keep those who seek to gain unauthorized access through obtained passwords away.
For cannabis companies, enabling 2-factor authorization secures computers with proper security measures in addition to making sure wifi is secured, and knowing how many devices are allowed into the network. Despite best efforts sometimes an employee or someone with access to your company can let a password loose. In the event that these things may happen, it is critical to ensure that despite having a password, access cannot be granted without first being authorized. This helps ensure that your company’s data, privacy, and reputation are all maintained and give that extra peace of mind.
4. Phishing Attacks
While the goal is to prevent these attacks from happening in the first place, one cannot prevent phishing attacks without first understanding what they are and how they affect your network security strategy. These kinds of attacks are also just as common as extortion or ransomware but come in a different form. Phishing is when a person fraudulently obtains login information or other information that can allow them to gain access to a secure network. Phishers tend to pose as a bank, the USPS, or as friends online to get you to give up your passwords. This is a trick that many can fall for because of how legitimate phishing can look but you must be vigilant against these kinds of attacks. In essence, instead of a direct attack to your company’s network, phishing aims to attack your employees directly to get them to give up access to your company. No matter how secure your network may be, if you or someone you know gives up information about how to get into your network then no amount of security in the world will protect you then.
This matters to cannabis companies because of the risk employees may have towards the company. Phishing attacks target employees who work in various industries to get them to cough up an access key or password. It’s vital to have recognizing phishing attacks be a part of your network security strategy. No friend, business, or agency no matter how important they look would ever ask for login information over chat, email, or phone and to remember that when in doubt say no.
5. Keep BYOD Culture Secure
In this day and age many people are utilizing the convenience and efficiency of BYOD (which means “bring your own device”). It allows for employees to have the ability and flexibility to work both at home and in the office as well as use a device they are familiar with. There is nothing inherently wrong with BYOD and it can bring many benefits. However, when left unsecured without a proper policy enforced, BYOD is also a potential vector for the issues listed above in the other tips.
For a cannabis company, that should be securing its data and maintaining privacy, it would be disastrous for hackers or malware to wreak havoc on your network. A useful tip is to setup a security policy, such as utilizing a VPN, when it comes to allowing BYOD in your company. You may even opt to not allow it at all, it’s your choice. But if you allow your employees to BYOD then you need to take the proper precautions in ensuring that these devices will not bring any potential danger.
6. Employee Training
A common theme that might be present with all of these tips is employee training. Training employees for the job includes training for security measures because security is part of the job. The frontline of any cannabis company is its employees and the people that keep it running. It’s essential to make sure that security is a culture that is constantly fostered and made sure to be a priority.
If you notice, many of these tips involve security over things that you or other employees may be bringing in (BYOD, Phishing, password management, etc.) The best way to mitigate these problems, aside from securing the network more, is to train employees in the best security practices that help prevent these problems from occurring in the first place. In other words, being proactive about defense and security. Having a proactive defense against threats is one of the best tips out there when it comes to a strong, robust, and secure network. Employees are the ones handling the data, information, and transactions almost every single day and will often have unrestricted access to your network. This is why employee training will also go a long way to a secure business.
7. Have an Incident Response Plan at the Ready
You can be the most cautious and secure cannabis company in the world but even then data breaches are still a possibility. Another useful tip is to recognize that nothing can be completely secure forever and that preparing for the worst is just as useful as making sure the worst will never happen.
Good planning such as having data back ups will help your store get back up to speed if it ever is the victim of a breach. Having a process laid out for what to do just incase something like this happens will carry you farther and allow you to address these issues accordingly with swiftness and minimal damage.
While it may seem like a heavy handed task, securing the network of your cannabis company can be very simple with these useful tips in mind. These are mainly to serve as a guideline more than concrete rules. Every single business is different, but these tips are there to give you a general idea of what you should be considering when drafting up the best security for your network.