In a business as regulated as the cannabis industry, cybersecurity is a must. Cybersecurity has become a hot-button issue in businesses of every sector and size. From little convenience stores protecting their payment-processing data to international corporations, cybersecurity has become a widespread issue that every company must address. In the news alone, you can find countless reports of companies getting hacked, being victims of ransomware attacks, and even discovering years after the initial breach that their data has been compromised the whole time.
For the cannabis industry, security has always been a concern, but data security has mostly been emphasized for dispensaries, not back-end businesses like growers and processors who supply the dispensaries. While client and patient data are considered paramount to protect, it’s also true that even supplier cannabis companies may be at risk of a cybersecurity attack and should take digital defensive measures.
Why Would Anyone Hack a B2B Cannabis Business?
In most news articles on recent hacks, the focus is on either targeting client data (names, addresses, card numbers, etc) or critical industries that can’t afford to shut down for a day, like hospitals. Most B2B cannabis businesses don’t fall into either of these categories. You likely don’t interact directly with clients and have no personal data of theirs to store. Likewise, while the production schedule is real, most growers and processors can afford to lose a day or two every quarter if the computers went down, so are less likely to pay any ransomware threats.
So why would anyone hack a supplier cannabis business? The fact of the matter is that today, any company, even non-critical B2B companies, has some digital property worth stealing.
Employee Personal Information
You may not handle thousands of customers a week, but your company still holds some personal data that could be used for identity theft: HR data. Your staff members are also people, each with a name, address, and so on worth stealing. In fact, employers keep more private information than your average retail brand because they store social security numbers, family information, medical documentation, and insurance details. This type of data can not only be used to swipe a few credit-card purchases, it can be used to very specifically target or impersonate exposed team members in the future.
Proprietary Business Data
Cannabis suppliers are often working on specific strains and techniques to make their products better. “Corporate espionage” is not out of the question for hackers who are familiar with the industry and looking for trade secrets worth selling, such as formulas bills of materials, products, and recipes.
Corrupt Network Resource Use
Of course, even if your data is completely untouched, some viruses simply live in your servers, misappropriating resources and network access to do things like run a botnet, send spam mail (which can get your IP blacklisted), or scan the system until data worth stealing becomes available.
Automation or Wishful Thinking
Finally, if your cannabis business is hit with a ransomware attack, it might just be an automated malware program that reached your server or a hacker wishful thinking that they can bully a grow-op into paying a bitcoin ransom.
Types of Cybersecurity Risk to Watch Out For
What kind of cybersecurity risks are there for cannabis businesses? There are three common types of cybersecurity attacks that you’ll want to be able to quickly recognize and have a plan in place to deal with.
Phishing is the act of sending a false email (or phone call, text message, social media DM, etc) that fools the target into clicking an infected link or taking an action that benefits the hacker. Most of the time, phishing emails are automated and contain only a malicious link to a virus. However, sometimes they are very personally targeted with a live hacker actively manipulating the victim with pre-stolen inside knowledge.
Your staff needs to know what a phishing email looks like and how to identify the warning signs that something is not right.
Ransomware has been “all the rage” for hackers over the last decade. Essentially, it is a virus that encrypts your file systems, then demands digital currency to un-encrypt them. Some new forms also threaten to reveal your data if you do not comply. For the most part, the best solution to ransomware is simply to wipe your system to factory settings and promptly reload from your most recent data backup.
Viruses and Malware
Virus and malware infections are the most familiar form of hacking because they have existed for almost as long as computers have been able to network. These may collect and report data from your system, slowly eat your resources and delete files, or just misuse your servers as part of their hacking network.
The Major Concerns of Hacking for a B2B Cannabis Business
What kind of risks can a cybersecurity attack pose to your cannabis business? It depends on the type of attack and the ultimate actions of the hacker should they succeed. Selling stolen data is more harmful than just stealing it while deleting or ransoming your file system can take your production schedule offline for days if your business is not prepared.
There is some harm a hacker can do with data stolen from your cannabis business. Automated malware and directed hacks can both target and steal sensitive data, like your employees’ SSNs and insurance info. This can do real harm to the people whose data was stolen.
Ransomware can hold your computer systems hostage for hours, even days, depending on how you handle the situation. Removing any kind of malware from your system can take at least a few hours with the system down. This causes an interruption in your business continuity which can interrupt your production and delivery schedule as well.
Blacklisted IP Address
Should hackers misuse your servers for their own hidden nefarious purposes, legitimate businesses can get their IP addresses or servers blacklisted by internet safety authorities.
Harmed Cannabis Plants
If your plants or processes are managed by an automated system, your crop may be harmed when the network is damaged by malware or frozen by ransomware.
How to Protect Your Cannabis Business from Malware and Hacking
So how do you protect your cannabis business from the risk of business interruption or harmfully stolen data? Here are the three steps every business should take to ensure that hacking and malware do as little damage as possible.
A Well-Secured Network and Software Tools
First, improve or hone your cybersecurity measures. Make sure your network and tech stack of software together create a strong wall against any potential digital intrusions. Good virus scanning, firewalls, and secured software weak points are essential.
As part of your network management, include network monitoring which can catch lurking viruses that are using your server resources and network access to do something hidden and likely harmful on your systems.
Regular Backups of Your Computer Systems and Data
Next, back up your system. Make sure that if malware deletes your entire network and all your saved data today, you can load it right back up after a factory reset of the machines. Cloud platforms and cloud-stored backup images of your data are the keys to thumbing your nose at both ransomware demands (“Pay us or the file-system gets it!”) and the malicious type of virus that deletes everything it touches for no reason other than to cause harm.
A Practiced Backup-Recovery Plan
Finally, practice your backup recovery. Make sure that your backups are complete, functional, and that your upload plan effectively reloads your network snapshot so that everything is right where you need it in a matter of hours, maybe even minutes, after the initial hack is discovered.