Everything You Need to Know About Studying Cyber Security at Degree Level

Everything You Need to Know About Studying Cyber Security at Degree Level

You’re interested in pursuing a career in cybersecurity, but aren’t sure where to start. What does a career path look like? Compared to other established industries, cybersecurity is still in its infancy in the civilian sector, which means there isn’t a clearly defined path to enter this growing sector. Unlike other industries, however, this isn’t one where you get your degree, land a job and then coast through it. We’ve mentioned previously on Axiom Cyber how jobs in this field require you to be driven and constantly on top of the latest technology and trends.

As with all computer science related degrees, cybersecurity studies are heavily math-intensive, and as such require strong analytics and statistical analysis skills. Cyber security degrees that are offered are associate, bachelor’s, master’s and doctoral levels. An associate degree will prepare you for entry-level positions related to support, programming, help-desk IT, and basic network administration. A bachelor’s degree will build on that knowledge to open up mid to upper level positions by providing you with skills in software development, network security, as well as forensics and tactics to defeat cyber-crime. Cyber Security Degrees website reveals that with a master’s degree you will be prepared for more senior level positions, or able to step into mid-level roles with less experience.

While it’s possible to find entry or mid-entry level positions with an associate or bachelor’s degree, many employers, like government agencies and established corporations, will require candidates to have a master’s degree in cybersecurity. In their feature on cybersecurity career paths, Learn How To Become notes that a master’s degree provides advanced instruction on protecting computer networks. While it will take an extra one or two years to complete, it does provide you with better skills to tackle network security defense techniques and countermeasures. A master’s degree also allows you to specialize in areas like cryptography, digital forensics and risk analysis among others.

Degree programs are available both in class or exclusively online, with the latter a convenient option adaptable around work and family schedules. Online degrees also allow you to work at your own pace without the need to attend classes every day. Maryville University breaks down how a master’s degree in cybersecurity also has a big return on investment, with top earners receiving six-figure salaries. Therefore, a master’s degree in cybersecurity can help you land management level or even C-suite positions, with companies offering better sign-on bonuses, relocation pay, and free medical insurance. You can later further your education by pursuing a doctoral degree, which will prepare you for leadership roles and allow you to innovate new solutions.

Even if you’re not in a tech position currently, VP of cybersecurity at IT security firm Infoblox, Rod Rasmussen recommends that you should start learning IT fundamentals on your own. Self-directed learning and experimentation are critical. Once you have that, build on that knowledge by applying for a degree program and complete certifications. Many established cybersecurity analysts got their start working in entry-level IT jobs and amassed experience in positions like network administration or programming. They studied on their own, then went on to complete degree programs and various certifications, to allow them to learn new skills and stay abreast of new technologies and security measures.

Article intended only for the use of axiomcyber.com

Submitted by HackersAway18

Own a Cannabis Business? You Need Cybersecurity

Own a Cannabis Business? You Need Cybersecurity

You wouldn’t necessary think this, but a cannabis business holds a treasure trove of information bad actors are anxious to steal. Because the industry is in its infancy, hackers are very attracted to it, hoping cybersecurity isn’t even on your radar. If they get in, they will sell your data on the dark web, encrypt it for ransomware, or even worse, provide it to your competitor down the street.

Consider this: At a minimum, your business holds a customer’s personal, and perhaps, their medical information. This includes their date of birth, driver’s license number, SSN, credit card number and medical information.

Add to the fact you are bound by at least two regulations, HIPPA if you are a medical marijuana establishment and PCI-DSS if your business accepts credit cards.

This blog will focus on ways to protect that data and keep your business going and growing!

Five Proactive Measures to Protect Your Business

  1. Use an airtight Point of Sale (POS) system.
    Make sure your POS network offers end-to-end encryption for credit card transactions. In addition, call your provider and review how your customer’s data is protected, where it is stored and how you will be alerted if critical updates are needed on the system. If there isn’t a systematic process to their offering, switch POS providers as soon as you can.
  2. Establish a system integration plan.
    Your business may have several apps such as QuickBooks and BigCommerce that you want to sync on a real-time basis with your POS system. While this makes great business sense, you may be leaving gaps for cybercrimes to happen. This is where a good cybersecurity audit comes in to measure your vulnerabilities and fix them before they become problematic.
  3. Keep employees out of data silos they don’t need to do their jobs.
    Establishing who can access your data and at what level is vital to making sure one of your own doesn’t accidently open the gate to a hacker.
  4. Make sure your operating systems, applications and anti-virus software is up to date.
    This is the number one method cybercriminals get into your system.
  5. Outsource cybersecurity.
    Look for a firm that has the following capabilities:

    1. Security Operations Center that can continuously monitor your network
    2. Security Information and Event Management analytical tool that provides real-time analysis of security alerts generated by applications and network hardware
    3. User and Entity Behavior Analytics models to identifies typical and atypical behavior of humans and machines within a network.

About Axiom Cyber Solutions

We can provide your cannabis business with a holistic solution that is nearly impenetrable, using all the tools and techniques listed above. We will monitor your organization around the clock and make hundreds system updates per day to keep hackers out. Contact us today for more information!

A Cybersecurity Action Plan for Your Virtual Workforce

A Cybersecurity Action Plan for Your Virtual Workforce

According to Global Workplace Analytics, approximately 50% of all organizations have positions where employees can work remotely, all or some of the time. This number has grown 115% in the last thirteen years and is expected to continue to rise in the coming years.

However, with this flexibility, comes potential risk to your data. As virtual workers pick up and go from their home to the local coffee shop to a client meeting, the level of system security diminishes. The risk is especially high in open, and usually free, Wi-Fi areas.

The good news is there are practices you can implement today to make the virtual worker’s environment safer.

7 Cybersecurity Practices for Your Remote Workforce

  1. Make sure every operating system, applications, antivirus and anti-malware software is up to date. This can be a challenging task to complete if your workforce resides all over the country and only comes into the office once or twice a year.

    However, if you hire a cybersecurity company, they can identify your vulnerabilities through an assessment, know where your risks are and help fix them right away.

  2. Make cybersecurity training mandatory. You can help users identify suspicious emails, spear phishing and who they should call if they aren’t sure about a message. Reinforce the training in conference and video calls. Be clear about the repercussions if they violate protocol.
  3. Activate a Virtual Private Network (VPN) service. If your workforce must sign in via a public network, the right VPN will provide a high level of encryption for all transactions going to and coming from your company.
  4. Implement Perfect Forward Secrecy (PFS). These are specific key agreement protocols that gives assurances your session keys will not be compromised, even if the private key of a server is hacked. This is good protection if the remote user’s laptop or tablet is infected with malware. It limits the hacker’s access to one server or a partition of your cloud services.
  5. Be able to disable and wipe clean remote devices. If a worker’s device is stolen or lost, its vital you can disarm it right away.
  6. Establish a different password policy. According to the National Institute of Standards and Technology (NIST) passwords need to be obscure, long and For example, putting together alphanumeric combinations a user can remember, but no one else will, can be almost impossible to crack. An example might be a house address of long ago, the user’s favorite childhood sport and their last movie title.

    In addition, the NIST determined that changing passwords every few months did not enhance security, because most users don’t make significant changes to their existing password when forced to make a change.

  7. Implement proactive practices.
    Rather than being reactive to a situation, put in place the following:

    1. Outsource cybersecurity. The right organization can continuously assess, monitor and protect your network and workforce no matter where they are or what time they access their data.
    2. Obtain cyber liability insurance. In the event of a breach, in which personal information, such as Social Security or credit card numbers, are exposed or stolen, this will garner you the protection you need.
    3. Establish a remote workforce policy. The key is to be fair to everyone and still protect your business. Many individuals enjoy working from home because they have more freedom, don’t have to make a long, stressful commute and can have more balance in their lives. Gain buy-in to the policy and have consequences if individuals violate them.

Axiom Cyber Solutions Can Manage Your Remote Users

Our Managed Cybersecurity Solution which includes next-generation firewall Intrusion Detection and Prevention (IDS), managed anti-virus, network monitoring, and patch management is available for a low monthly subscription fee. Contact us today for more information!

HARDCAR Distribution Partners with Axiom Cyber Solutions to Help Cannabis Businesses Protect Their Customer and Business Data

HARDCAR Distribution Partners with Axiom Cyber Solutions to Help Cannabis Businesses Protect Their Customer and Business Data

As the cannabis industry continues to grow, so does the amount of business intelligence and personal information available to hackers and other entities, making cybersecurity more critical now than ever before.

June 26, 2018 – (Palm Springs, CA) – HARDCAR Distribution is excited to announce a newly minted partnership with Axiom Cyber Solutions to protect businesses in the cannabis industry from cyber attacks and the theft of valuable data. New businesses are coming online every day as the cannabis market explodes throughout the United States and Canada, making them prime targets for hackers.

Although HARDCAR Distribution brings years of security experience to the cannabis industry ensuring the safe and secure transport of cash and product, they understand the importance of protecting their clients on every level. With Axiom’s team of infrastructure specialists, developers, database and business intelligence experts, and project managers, growing cannabis businesses now have a full-service solution with the addition of cutting edge cyber security technology.

“There are few industries bringing the kind of attention like the cannabis industry, so partnering with Axiom was a no-brainer. Not only do they provide an incredible service, but they do it at a relatively inexpensive price that startup businesses can afford. The future for cannabis is massive and we need to make sure everyone is protected!” – Todd Kleperis, HARDCAR Distribution CEO

Axiom Cyber Solutions offers solutions that keep valuable information safe and secure, monitoring 24 hours a day to ensure the highest levels of protection against hackers and other entities. As medical and recreational cannabis become legal across North America, cannabis businesses are at greater risk of having their patient information, intellectual property, distribution and route information, vehicle information, and other valuable data, stolen.

“An important aspect of the cannabis industry is the reputation of your business and there’s no worse way to compromise it than having to tell your customer’s that you’ve lost their data in a breach. Besides your customer data, you have proprietary information on your blends, grow operations, and business practices that competition would love to have. And lastly, the industry is investing heavily in smart, internet-connected technologies to aid and improve grow operations and these systems need to be protected. Could you imagine having an entire crop destroyed because someone hacked in a changed the environmental settings of your internet-connected HVAC systems?” – Troy Wilkinson, CEO of Axiom Cyber Solutions

Although data management and cyber security are often the last item on an organization’s lengthy to-do list, the need for a secure platform is more critical now than ever before. As the cannabis industry continues to grow, small operations are expanding into large scale ones and companies are scrambling to find solutions to their network and IT security. Axiom offers a variety of solutions to keep businesses secure:

  • Managed Enterprise Cybersecurity
  • Continuous Risk and Compliance Monitoring
  • Vulnerability and Penetration Testing
  • Smart Home Cybersecurity

The cannabis industry offers a massive amount of valuable information, including Personal Identifiable Information (e.g. SSNs, Birth Dates, Addresses, etc.), Protected Health Information (e.g. patient name, address, certification/license numbers, medical record numbers, health related information, account numbers, SSNs, etc.), and Business Intelligence (e.g. research and development, inventory, product intelligence, software applications, payouts, manifests, equipment, sales, etc.). Unfortunately most business systems are being monitored by untrained staff, or not being monitored at all, putting companies at a huge risk.

With this risk being so high, HARDCAR and Axiom are dedicated to protecting their clients on every level, including threats against cyber attacks and data theft. For more information, please contact Axiom Cyber Solutions at info@axiomcyber.com or call at (800) 519-5070.

Media Contact
Jon Pierce
jpierce@hardcar.com

About HARDCAR Distribution

HARDCAR is an award-winning and long-time contributor to the cannabis space, with a proven track record of cultivating and solidifying meaningful relationships throughout the industry. From packaging, to distribution, secured storage, and transport, HARDCAR Distribution has all aspects of cannabis retail covered. Through collaboration with our diversified team of highly qualified and talented professionals, we help cannabis businesses stand out in the industry by providing the highest quality industry services that keep our partners’ products safe, while maintaining excellence and compliance throughout our work.

For more information, please visit hardcar.com

About Axiom Cyber Solutions  

Axiom Cyber Solutions strives to be the leading cyber-security technology partner by providing world-class solutions that are intelligent, adaptive, innovative, and automated. Through our technology solutions, we enable our clients to be disruptive in their markets while remaining focused on what they do best. We believe in the saying “if you find a job you love, you never work another day in your life”. We seek to cultivate a culture that attracts energetic, motivated, and creative individuals that share our passion for technology.

7 Cybersecurity Threats Every K-12 School Faces

7 Cybersecurity Threats Every K-12 School Faces

Ransomware. DDoS. Phishing. Identify theft.

Sadly, schools across the United States are becoming very familiar with these terms. In fact, recent research indicates that K-12 institutions will have the highest rate of ransomware attacks of any industry in the coming years.

For example, the release of sensitive student and teacher information can lead to identity theft. A hacker’s encryption of students’ grades and teachers’ lesson plans can lead to loss of productivity (especially if they are not backed up) and thousands of taxpayer dollars being spent to replicate data that is gone.

As you to turn to the 2018-19 school year, this is your opportunity to make cybersecurity a budget priority. Here are seven reasons why it’s important:

  1. Clickbait.
    The email may look legitimate but unfortunately, it is not. Embedded in the text is a hyperlink that sends you to a malicious site. This link has now taken down your school’s system.Solution: Ensure every employee has the highest email filter settings for spam, phishing and executable files. Employees should also be trained on what suspicious emails look like and always report suspected emails to the IT department.
  2. Outdated Technology.
    Your school may feel they need to hold onto computers and tablets until they break. The problem with this plan is they may not support the current operating system, which opens you up to a cybersecurity breach.Solution: Do a complete inventory of all your computer equipment. Make certain it runs iOS 11.3.1 for iPhones/iPads, macOS 10.13.4 for Mac computers and Windows 10 for PCs. For all devices that do not support these versions, disengage them from your network today. Purchase new devices to replace them before or during the next fiscal year.
  3. Not Paying Attention to Patches.
    All operating systems require patches from time to time.Solution: When your computer tells you updates are needed, complete them within a few hours. It will require a restart however, many patches have security updates within them.
  4. User Error.
    When users are allowed access to sensitive and/or confidential data, there is always a risk for exposure.Solution: Partition student, administration and public networks. Practice whitelisting which allows only a handful of individuals into the classified information, blocking nonessential personnel from that data.
  5. Allowing Weak Passwords and not having a Change Policy.
    Passwords less than 14 characters are problematic and/or not enforcing changes of the passwords can lead hackers right to your data’s door.Solution: Make strong passwords a norm, along with two-factor authentication. Provide an automated system that requires password change every 60- to 90-days.
  6. No tools.
    Its time to think of your school network, more like a bank. These financial institutions have a vault, security guards and cameras – different methods to keep your money safe. The same goes for cybersecurity. You need the right tools to keep all the data out of the hands of hackers.Solution: From Mobile Device Management to cybersecurity audit and monitoring, speak to a cybersecurity expert for a full understanding of the best tools for your school system.
  7. Vulnerability testing is nonexistent.
    Without continuous checking, hackers will continue to try and access your data. 

Solution: Initially, you need a cybersecurity organization to analyze the vulnerabilities in your network and recommend fixes. Once those solutions are in place, its vital to have 24/7 monitoring of your network to ensure your data is safe.

Start a Conversation with Axiom Cyber Solutions

We can protect your school from cyberthreats at a very reasonable cost! Give us a call at (800) 519-5070 today to learn more about our offerings!

5 Cybersecurity Obstacles Small Businesses Face

5 Cybersecurity Obstacles Small Businesses Face

I have spoken to hundreds of small business owners and general managers over the last few months about cybersecurity. Many present one or more of the following five reasons as to why they don’t have data protection in place.

Ultimately, they don’t think their data is worth stealing.

Ironically, this is exactly the attitude most bad actors hope for. With systems that are minimally secure, cybercriminals can have a heyday with your company bank accounts, confidential employee information and customer files. Roughly 50% of all small businesses who suffer a cyberattack go out of business within six months. We don’t want you to be one of them.

Let’s look at these hinderances and discover ways to overcome them.

 

Five Most Common Stumbling Blocks to Cybersecurity

 

“We have no money.”

Small or large, this is the number one hindrance I see moving forward. Most decision makers think cybersecurity solutions cost hundreds of thousands of dollars per year. They already set in mental motion either severe budget cuts in other areas or an unbudgeted approval by management needs to occur. Neither position is attractive, so nothing happens.

Cybersecurity doesn’t have to be expensive. Our SecureAmerica solution starts at $299 per month – giving your business the protection it needs 24/7!

 

“We backup our data regularly, so there’s no risk.”

Really? How regularly – every transaction, once a day or a few times per month? Regular backups will allow your business to limp along after you install new operating systems, applications and put new passcodes on everything. This can take days, if not weeks to complete.

But the fact is, your data has been stolen and encrypted. Depending on the number of records and sensitivity of that information, you may have to pay ransomware to get the records back, which will also impact your budget.

Our solution monitors your network for any vulnerabilities, phishing or scraping attempts, and stops ransomware attempts before they happen.

 

“We have malware protection on each device, so we’re covered.”

While this is certainly important, it isn’t enough. Bad actors are smart and constantly trying to find ways to enter your system. In addition, many of them roam around your servers for days or months before they retrieve anything, which makes your systems all that more vulnerable. Malware protection is a piece, but it isn’t the entire solution.

We offer complete protection of your entire network, down to the device level.

 

“We’re too small to be hacked.”

87% of small businesses don’t think they will ever be hacked, yet 50% of them are. No one is too small. If you have a business that interacts with clients, vendors and employees, you can be a victim.

Bottom line: Every business needs cybersecurity.

 

“Our IT guy is handling our cyber protection.”

Is he really? How much has he been trained on cybersecurity? How will he be able to detect a breach? How soon can he detect it? These are the hard questions you should be asking. IT “guys” are good at installing and managing your systems, but without the proper tools, they can be in the dark about a data breach as much as you are.

 

Axiom Cyber Solutions Has You Covered

Our SecureAmerica Threat Defense Platform takes in multiple open and closed source threat feeds daily. It is built on Artificial Intelligence and Machine Learning to not only parse the latest threats but predict future ones as well.

With a low monthly subscription cost, you can have a complete cybersecurity package. Give us a call at (800) 519-5070 or send an email to info@axiomcyber.com for more information.

 

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

United States healthcare organizations, from small two-person offices to massive hospitals, need to draw their attention to cybersecurity. While many medical personnel don’t understand or think they need it, a recent report by the U.S. Department of Health & Human Services on cybersecurity disagrees.

The industry must come together to address this growing concern and this blog will give you six solid ways to do so.

 

Why Healthcare Organizations are Targeted

According to the Identity Theft Resource Center, social security numbers have the possibility of being more exposed in healthcare than any other industry.

In addition, because doctors’ offices, hospitals and suppliers are often interconnected with Electronic Health Records, once a cybercriminal breaches one system, it’s much easier to crack into others.

Unlike credit card numbers that are generally used within a few minutes to a few days of being stolen, health records are valuable to a bad actor up to ten years after they capture the data. If the patient information is sensitive in nature, it can be used a blackmail against them.

One other important note, health records are ten to sixty times more valuable on the dark web than credit card information.

 

How Bad Actors Get In

Nurses, doctors and administrators typically don’t understand data breach risks; therefore, cybercriminals access patient records in one or more of the following ways:

  1. While smart devices help diagnose and treat patients, they often have the lowest level of encryption which make them great entry points
  2. Legacy hardware that doesn’t support current operating systems and applications and software that hasn’t been upgraded and updated is another method
  3. Electronic Health Records (EHRs), that are purposefully or accidently given to the wrong individuals
  4. Patient portals that do not have end-to-end encryption

Unfortunately, even today, only 25% of all U.S. hospitals have a designated cybersecurity specialist, according to Healthcare IT News. This makes reporting and monitoring difficult.

Ignoring Cybersecurity is Risky Business

If patient data is stolen or compromised, your organization will be held accountable under HIPPA guidelines and will incur heavy regulatory fines. In addition, if enough records are exposed, your brand reputation will suffer leaving patients to possibly seek other medical options. Last, if your records are held for ransomware, you may have to pay millions of dollars for return of those records.

 

Six Effective Cybersecurity Solutions

  1. Put one individual in charge of cybersecurity.
    Whether you run a small office or a sprawling medical complex, one person needs to oversee cybersecurity. This person will set policy. They will be the conduit to others to report problems and suspected breaches.
  2. Complete a benefit/risk analysis of all connected devices.
    What is the value of each device? Is there an alternative product that offers a better cybersecurity choice? What is your BYOD policy? A complete analysis should be completed before moving to the next step.
  3. Set in place cybersecurity standards and practices.
    Once a thorough analysis of your hardware, software and network solutions is concluded, which should include virtual workers and suppliers that can tie into your network, you are armed with enough information to move forward on an effective policy. Work with outside consultants who can analyze your vulnerabilities effectively.
  4. Subscribe to updates from the Health Care Industry Cybersecurity Task Force.
    This 21-member task force is responsible for researching and making recommendations on healthcare cybersecurity initiatives. They offer best practices, on an ongoing basis, to prepare your organization against an attack.
  1. Implement a strong continuous monitoring solution.
    Effective cybersecurity starts by protecting the data that resides on the network. Failure to have 24/7 monitoring can result in data loss, ransomware and impact your brand integrity.
  2. Outsource cybersecurity.
    The funding required to hire, train and keep cybersecurity talent may simply not be available for small-to-medium medical facilities. Tack on assessment software and monitoring solutions, which can be enough to push your small IT budget over the edge, not allowing you to move forward on other needed equipment upgrades. Outsourcing handles all of the above concerns and more.

Axiom Cyber Solutions Can Protect Your Medical Establishment

We offer the world’s first polymorphic cyber defense platform that can identify the newest threats, vulnerabilities, and automatically dispatch updates in real-time. This included ransomware and DDoS mitigation, as well as, dynamic dark web protection. Contact us today to learn more about how we can protect your data today!

Why Hackers Target SMEs and Why You Need to Take Threats to Your Business Seriously

Why Hackers Target SMEs and Why You Need to Take Threats to Your Business Seriously

Between tight budgets and simply having too many other things to worry about, SME owners often overlook cybersecurity. The thought is that because the company is so small, no hacker would waste his or her time trying to gain access to the information you possess.

This logic is simply wrong. Around half of the cyber attacks that occur each year are on small businesses, and this number is expected to grow in the future. Ignoring cybersecurity is taking on an unnecessary risk for your business that could cost you big time down the road.

But why do hackers target SMEs? It is true they have a lot less information, and hacking into a large corporation stands to be a lot more lucrative. Well, the simple answer is that they are just easier targets. They know that a lot of small businesses don’t consider themselves worthy of hackers’ attention, and they know they have a better chance of stealing information and getting away with it. To hack into a larger company, hackers would need to bypass much more advanced security measures. They are often unsuccessful in doing this, so going after SMEs ends up being the better move.

Plus, just because your business is small doesn’t mean that it doesn’t have valuable information. Credit card data, identification numbers, mobile phone numbers, etc. are all worth something, and if a hacker can steal this information from enough companies, they can sell it and make a fair bit of money. So perhaps the real question is why wouldn’t hackers target SMEs?

If this isn’t enough to convince you to take cybersecurity seriously, consider the consequences that this decision can have on your business.

Reputation damage

Often times, one of the things that helps a small business stand out from the competition is its reputation and relationship with customers. People are more likely to trust small companies, and are usually more loyal to them because of this.

However, if you lose people’s data and expose them to unnecessary cybersecurity threats, this trust will be gone in no time, and you may not be able to convince them to come back to you. This damage to your reputation could be the eventual downfall of your entire business.

Recovery is expensive

Beyond just the damage a cyber attack would do to your reputation, you will also be facing a steep financial hill. You may need to pay retributions to customers for lost data, and there is a chance you will face lawsuits, which are always expensive.

This alone could be enough to send your business under, and that is not even counting all the time and resources you’ll have to dedicate to cleaning up from an attack. Diverting energy away from core business functions can run you into the ground quickly. It is no wonder 60 percent of all small businesses fail within six months of a cyber attack.

Lost value

There may come a day when you decide to sell your business. And when determining the value of your company, investors will look at how well you account for and mitigate risks. If you’ve been the victim of a cyber attack, or if you do not have a good plan in place for them, this will reflect negatively on the value of your business, causing investors to give you a much lower valuation, or perhaps even walk away without making an offer.

It just makes good business sense

It really comes down to this. You wouldn’t leave the front door of your home or office unlocked so that anyone who wants to steal from you can just walk in whenever they want. So why would you leave your business unprotected from cyber threats? It may require some extra time and a little investment, but this is well worth it considering the alternative may mean going out of business and losing everything.

About the author: Jock is an entrepreneur who has built and sold several online businesses throughout his career, including a website dedicated to home and business internet security. Connect with Jock on LinkedIn here.

Is Your Cannabis Business Safe from Hackers?

Is Your Cannabis Business Safe from Hackers?

If you’re in the cannabis industry, you would have heard about the cyber-attack earlier this year that brought down MJ Freeway, one of the largest cannabis compliance software systems in the industry.

This should have been a wake-up call for everyone that hackers are targeting the industry for a variety of reasons: profit, notoriety, or political statement.

Despite the seriousness of the MJ Freeway cyber-attack, today we’re still finding many businesses in cannabis are not taking cyber-security seriously, leaving themselves wide open to an attack that could bring their operations to a grinding halt.

If you’re not taking steps to ensure your cyber- and data-security is airtight, here are some real consequences your cannabis dispensary could be facing with a cyber-attack:

Patient and Customer Data

When you accept medical patients and clients, do you store their personal information on your servers or in the mythical, magical cloud?

If you do, then your data is at risk if you do not take steps to ensure your cyber-security and data security strategy is strong and impenetrable by hackers.

These talented hackers can target your systems to steal your customer information, and use it against you by holding it for ransom like they did for HBO or sell it on the Dark Web, or worse, delete it so you cannot recover the information.

There is no worse way to compromise your cannabis business’s integrity than having to tell your customers you’ve lost their data.

The recent Equifax hack demonstrated the value of personal information on the Dark Web. Hackers can relatively easily steal your data to sell to other unscrupulous individuals who will use the information for identity theft.

If you collect data that is regulated under the Health Insurance Portability and Accountability Act (HIPAA) and have a cyber-security breach, you’ll face serious finds from Health & Human Services.

Ransomware is the hot new cyber-crime trend that netted cyber-criminals hundreds of millions in ill-gained profits by encrypting business’ data and holding it for ransom, which puts businesses between a rock and a hard place: Do you pay the cyber-criminals to get your data back or do you start over from scratch?

Point of Sale (POS)

While credit card theft is not a large area of concern for many, there are still vulnerabilities within point-of-sale (POS) that need to be addressed.

POS systems are connected to the internet via servers and need to be protected and separated from the rest of the network to ensure that if a hacker gets into your back-office, they can’t move into your POS network.

There are plenty of examples of the theft of credit card data from POS systems infected by malware (Sonic, Whole Foods) but there also are verified cases where hackers have been able to change product prices for purchases after compromising a POS system. For example, instead of selling a product for $100, a hacker could change the price to $1 before checking out, costing you big money and allowing a hacker to take advantage of you big time.

Grow Operations

Grow Operations are increasingly sophisticated and use complicated internet-connected devices and HVAC systems.  Not taking the time to adequately secure you networks to ensure a hacker can gain access could allow them to gain access to your HVAC and change your room temperature and destroy your crop.

The sad and scary news is, your competitor may be the brains behind hacking your unsecured connections and data. Some companies are hiring hackers to destroy your business through a cyber attack and put you out of business.

The Target data breach was orchestrated when hackers jumped from the building’s unprotected HVAC systems into the company’s network and then into the point-of-sale system. This shows that not only are the HVAC systems vulnerable, but the HVAC system could be a your point of vulnerability that will allow a cyber-criminal access into your entire computer network.

Keep Asking Yourself This Question

Keep asking yourself this question for your cannabis retail operation: “What harm could a hacker do?”.

The answer is a lot and if any of these thoughts keep you up at night, contact Axiom Cyber Solutions or our partner, Hardcar Security, to discuss how you can achieve peace of mind and proper cyber-security protection for your cannabis business.

Smartphone Security: Protecting Your Pocket

Smartphone Security: Protecting Your Pocket

The first mobile phone call was made on April 3, 1973 from a device that offered a mere 30 minutes of talk time for each 10-hour battery charge. Though this was completely groundbreaking for the time, mobile phones have come a long way since then.

Now, we can do far more than just make phone calls — we can contact each other via text, email, social media, and even video chat with one another; access our bank accounts; shop for and sell virtually anything; control our TVs, tablets, and other devices; and much, much more, all on a device no bigger than a postcard. While this technology would’ve been unthinkable at the time of that first phone call, today, people of almost every age know how to use a smartphone.

Though a large amount of the population uses these devices, common knowledge of keeping them protected is not so common, as is made evident in the Pew Research Center chart (left), where more people fail to use any sort of screen lock than the number of those who use the simple PIN code lock. Before we even access our favorite apps on our phone, many of us are failing when it comes to cybersecurity. To make matters worse, not only is there a dishearteningly low level of user understanding of the cybersecurity needs for these devices, on the other end of the spectrum, cyber criminals and hackers are among the most skilled when it comes to the latest technology, as well as the vulnerabilities found in within them. Along with this knowledge imbalance, there are additional reasons why smart, yet vicious techies target our little pocket computers.

Why Cyber Criminals Target Smartphones

1.) Information stored on smartphones is plentiful and valuable. Unlike their more primitive ancestors (brick and flip phones), the information stored on smartphones is far more valuable and sensitive than the simple blurry photos or text and call history that could be found on these older models. Because of all of the advancements that make them so useful, we can do almost anything on or from our smartphones; however, these advancements are the very reason why cyber criminals target our smartphones. Though no one in their right mind would dream of writing down their bank account information or Social Security numbers, many of us store this highly sensitive information right on our phones.

How to protect against: Utilize the passcode lock feature on your phone; this is the first line of defense in protecting against someone accessing your data physically from your phone. In addition to this, avoiding storing sensitive data on your phone can help save you from stressing about your security.

2.) Autofill gives hackers access to anything not already stored in the phone. Those of us who are fortunate enough not to make the mistakes brought up in the last bullet point could still be making this huge, yet incredibly common mistake: autofill. Though you may not have a note on your phone listing your passwords to various accounts, having the password forms fill themselves out automatically is equally as bad, if not worse. Because we always have our phones on us, and they have the ability to make simple tasks easy, we have filled them with even more information, making them extremely valuable to any malicious actors.

How to protect against: This one is simple: Don’t. Use. Autofill. At least not on something as vulnerable as your phone.

3.) Location Services tracks you & gives hackers real time knowledge of where you are physically. Where you live and work

How to protect against: Limit your use of location tracking services only to those applications for which it is entirely necessary. If an app is asking for permissions such as this, which you believe are unnecessary to the use of the app, it is likely that it is illegitimate and malicious. Avoid those apps that require extensive permissions. When not needed, turn off your phone’s location services, bluetooth, and WiFi in order to avoid unwanted tracking. If you are very worried about this, leave your phone at home.

4.) Bluetooth & WiFi connections are insecure. Criminals have been quick to capitalize on a smartphones many points of entry and exit, such as Wi-Fi, 4G and Bluetooth. For several years now, Bluetooth has been a regular feature on smartphones and other mobile devices, and WiFi is provided in virtually every single public and private location; however, these features, like the Location Services features, are seen as potential entry points for cyber criminals due to their insecure connections.

How to protect against: Turn off Bluetooth and WiFi features when not in use; do not use unsecured WiFi connections when in public, as these are a battleground for hackers to gain access and take control of your phone.

5.) Companies are left vulnerable by BYOD and lax work cybersecurity. B.Y.O.D., or Bring Your Own Device, is a policy that some companies use in order to cut down on the costs of having to purchase technological equipment for employees; however, because of the lack of security used by most people, this can actually turn out to be even more costly in the long run due to a security breach or cyber attack.

How to protect against: Do not allow employees to bring personal devices to work or to access personal accounts while on company devices. Also, do not allow professional work to be done on personal phones/devices.

Most of us have these pocket-sized computers in our possession at all times, and just as we would take precautions to protect our computers and laptops, we need to take action against the vulnerabilities presented by our smartphones. To stay up-to-date on current threats to your smartphone or any other devices being targeted, follow Axiom Cyber Solutions on social media and keep up with our blog to stay educated on what threats are out there and how to protect against them.

Hailey R. Carlson | Axiom Cyber Solutions | March 27, 2017