If you’re in the cannabis industry, you would have heard about the cyber-attack earlier this year that brought down MJ Freeway, one of the largest cannabis compliance software systems in the industry.
This should have been a wake-up call for everyone that hackers are targeting the industry for a variety of reasons: profit, notoriety, or political statement.
Despite the seriousness of the MJ Freeway cyber-attack, today we’re still finding many businesses in cannabis are not taking cyber-security seriously, leaving themselves wide open to an attack that could bring their operations to a grinding halt.
If you’re not taking steps to ensure your cyber- and data-security is airtight, here are some real consequences your cannabis dispensary could be facing with a cyber-attack:
Patient and Customer Data
When you accept medical patients and clients, do you store their personal information on your servers or in the mythical, magical cloud?
If you do, then your data is at risk if you do not take steps to ensure your cyber-security and data security strategy is strong and impenetrable by hackers.
These talented hackers can target your systems to steal your customer information, and use it against you by holding it for ransom like they did for HBO or sell it on the Dark Web, or worse, delete it so you cannot recover the information.
There is no worse way to compromise your cannabis business’s integrity than having to tell your customers you’ve lost their data.
The recent Equifax hack demonstrated the value of personal information on the Dark Web. Hackers can relatively easily steal your data to sell to other unscrupulous individuals who will use the information for identity theft.
If you collect data that is regulated under the Health Insurance Portability and Accountability Act (HIPAA) and have a cyber-security breach, you’ll face serious finds from Health & Human Services.
Ransomware is the hot new cyber-crime trend that netted cyber-criminals hundreds of millions in ill-gained profits by encrypting business’ data and holding it for ransom, which puts businesses between a rock and a hard place: Do you pay the cyber-criminals to get your data back or do you start over from scratch?
Point of Sale (POS)
While credit card theft is not a large area of concern for many, there are still vulnerabilities within point-of-sale (POS) that need to be addressed.
POS systems are connected to the internet via servers and need to be protected and separated from the rest of the network to ensure that if a hacker gets into your back-office, they can’t move into your POS network.
There are plenty of examples of the theft of credit card data from POS systems infected by malware (Sonic, Whole Foods) but there also are verified cases where hackers have been able to change product prices for purchases after compromising a POS system. For example, instead of selling a product for $100, a hacker could change the price to $1 before checking out, costing you big money and allowing a hacker to take advantage of you big time.
Grow Operations are increasingly sophisticated and use complicated internet-connected devices and HVAC systems. Not taking the time to adequately secure you networks to ensure a hacker can gain access could allow them to gain access to your HVAC and change your room temperature and destroy your crop.
The sad and scary news is, your competitor may be the brains behind hacking your unsecured connections and data. Some companies are hiring hackers to destroy your business through a cyber attack and put you out of business.
The Target data breach was orchestrated when hackers jumped from the building’s unprotected HVAC systems into the company’s network and then into the point-of-sale system. This shows that not only are the HVAC systems vulnerable, but the HVAC system could be a your point of vulnerability that will allow a cyber-criminal access into your entire computer network.
Keep Asking Yourself This Question
Keep asking yourself this question for your cannabis retail operation: “What harm could a hacker do?”.
The answer is a lot and if any of these thoughts keep you up at night, contact Axiom Cyber Solutions or our partner, Hardcar Security, to discuss how you can achieve peace of mind and proper cyber-security protection for your cannabis business.