8 Tips to Minimize Cybersecurity Risk

June 23, 2023 · MG Magazine

The cannabis industry is not immune to cyberthreats. Many Canadian businesses lost millions after a distributor for the government-operated Ontario Cannabis Store was hit by a cyberattack that left the region incapable of processing or delivering orders to retailers. In another cyberattack, hackers stole $3.6 million an Australian medicinal-cannabis firm intended to send to an overseas contractor.

These are just two examples of how the industry has become a popular target for cyber-extortion in recent years due to the nature of the business. Dispensaries typically are all-cash operations that collect vast amounts of protected health data and personally identifiable information. In addition, most cannabis companies are small operations that employ fewer than 100 workers, and many don’t have advanced cyber-protection systems in place.

Sophisticated hackers could target workers via email-based phishing scams and steal protected health information to sell or client records to extort. They could even disarm a dispensary’s security system to rob a location.

Further increasing the industry’s vulnerability is a shift toward operational automation to lower costs and increase yields. The move toward automation has provided attackers more entry points to disable systems and cripple businesses digitally.

As a result, insurance carriers have been hesitant to write coverage for these types of threats, particularly in the currently difficult cyber-insurance market. To find sufficient coverage, companies need to have the right controls in place.

To prove to insurance carriers they’re worth the risk, cannabis companies must perform a comprehensive assessment of all cyber-related risk and pinpoint their vulnerabilities, then implement a cyber-defense strategy and show carriers how their organization has reduced potential exposures.

Establishing a strong cyber-defense program and following these eight defensive strategies can help companies ward off cyberattacks.

1. Train your employees

Regularly educate employees about the importance of cybersecurity. Employers should provide workers with periodic phishing training and follow up with additional refresher courses at least once a year.

2. Evaluate employee understanding

To ensure workers are retaining information learned during training, send fake phishing emails and record performance to ascertain whether the training was successful. If it wasn’t, implement additional training.

3. Employ protective tools

Among several other important technological safeguards, multi-factor authentication (MFA) and endpoint detection and response (EDR) are crucial for maintaining a secure network. Most insurance carriers require MFA for remote network access, on email, and to protect privileged user accounts. EDR monitoring of devices connecting to the network is also a minimum requirement for obtaining insurance coverage.

4. Regularly update software and security protocols

Keep all of your organization’s software and systems up to date with the most recent patches and security updates.

5. Establish a corporate policy for passwords

Drive password management from the top down and mandate the use of complex passwords employees must change regularly. Send automated reminders to enforce the policy.

6. Use microsegmentation to protect against cyberattacks

This network-security approach divides a network into smaller segments, giving businesses more control over their security and protecting against cyberthreats like hackers, malware, and viruses.

7. Have a backup plan

Hedge your bets by establishing a solid backup plan that will allow your organization to restore operations in the event of a ransomware attack. Back up your data daily, if possible, and store the information off-site and off-network.

8. Devise an incident-response plan

Companies should work out a plan for dealing with a cyberattack before one occurs. The plan should include how to respond, a system to confirm what happened, and the resources to remedy the situation.


Jay Virdi is chief sales officer for specialty practices at insurance brokerage HUB International, where he is responsible for the growth of HUB’s cannabis specialty practice. His extensive background in sales, operations, and consulting has helped him navigate the intersecting complexities of the insurance and cannabis spaces as he connects clients with the right team of experts to achieve their business goals.

Brian J. Schnese is a senior risk consultant in HUB International’s risk services division and a member of the division’s organizational resilience consulting team. A former federal investigator, he has more than fifteen years of professional experience in regulatory compliance and managing risk in state and federal governmental agencies as well as private-industry operations. Previously, he served as a senior manager in the national investigations center of a Fortune 50 corporation. (Full Story)

In category:International
Tags:
Next Post

Canada cracking down on words ‘soda’ and ‘cola’ on cannabis labels

Health Canada is asking federally licensed cannabis producers to stop using certain words on labels and in promotions for infused beverages, warning they could appeal to young people. The words – “soda,” “cola,” “root beer” or “ginger ale” – do not comply…
Read
Previous Post

Colombia Senate Rejects Cannabis Sales Bill

The Colombia Senate on Tuesday narrowly rejected a bill to allow legal cannabis sales to adults, Reuters reports. The measure failed despite having a majority of support in the chamber — 47 voted in favor and 43 opposed but, as a constitutional…
Read
Random Post

Over 75% of Cannabis Companies Lose Money Every Year According to Whitney Economics

A recent report from cannabis data and research company Whitney Economics reveals that just 24.4% of businesses in the U.S. cannabis sector are currently profitable. This is a drop 42% of cannabis companies being profitable on the past Whitney reports. This statistic highlights…
Read
Random Post

Connecticut Cannabis Gifting Event Receives Cease-and-Desist Letter

In Connecticut, the “HighBazaar” is a private cannabis event that has been held since 2022. The Masonic Temple Day Spring Lodge in Hamden hosts these events, which in the past has attracted hundreds or even thousands of people. The event…
Read
Random Post

Friends or Dispensaries? Where Infrequent Cannabis Users Source Their Stash

Low-frequency archetypes could be seen as a transitional phase for newcomers or those returning to cannabis use. People who use cannabis only occasionally aren’t usually looking to acquire itself from dispensaries, according to a report from New Frontier Data. The…
Read
Random Post

House Committee Approves Bill to End Federal Ban on Cannabis Consumers Getting Security-Sensitive Jobs

The House Committee on Oversight and Accountability last week voted 30-14 to advance a measure that would allow cannabis consumers to qualify for security clearances and become federal employees, GovExec reports. The bipartisan legislation, introduced by Reps. Jamie Raskin (D-Md) and Nancy Mace (R-SC), would end…
Read