Cannabis Companies Need to Strengthen their Cyber Security - Here's Why
February 5, 2020
February 5, 2020
As the cannabis industry continues to flourish, it becomes a prime target for cyber criminals. These businesses attract hackers to steal sensitive and valuable information, from credit card details to trade secrets.
Some cannabis retailers are vulnerable as they don’t have strong cyber security policies in place. Small to medium-sized businesses are even more at risk due to their lack of IT infrastructure.
Since all companies may fall prey to sudden data breaches, retailers must be aware of various threats they are at risk of.
A research team recently found a major data breach in THSuite, a point-of-sale system used in the cannabis industry. Based on the findings, an unsecured Amazon S3 bucket from THSuite exposed 85,000 files of sensitive data.
The stolen information came from different dispensaries across the United States and their client base. It included scanned employee and government IDs—unraveling personally identifiable information (PII) for more than 30,000 people. The team also discovered attestations for patients acknowledging state laws about the purchase and use of cannabis-based medicine.
According to experts, hackers and scammers can use the exposed data to make devastating, personalized phishing attacks.
A data breach for cannabis companies can have serious regulatory and financial consequences. If the retailer does not have proactive measures to ensure data safety, they are legally bound to pay a myriad of compliance fines. On top of that, they will have to deal with the fallout of the enterprise’s stolen financials.
There is even a greater impact if the cannabis business is listed as a health care provider instead of a dispensary. Those with testing labs in a state where cannabis is strictly for medicinal use would also be subject to bigger fines. This is because these businesses both have the personal information and medical records of their customers.
Due to the link between financial and medical records, cannabis businesses need to adhere to the HIPAA provisions. Heavy penalties will be imposed on anyone who violates it.
When looking for an MSP, it’s not enough to hire a skilled and experienced cyber security expert. They must also have extensive knowledge of various regulations to help you stay compliant. On top of this, your service provider should provide a plan that focuses on protecting your data while catering to your unique business needs.
Ruthless hackers will continue to exploit new technologies and become more sophisticated. These point-of-sale attacks are nowhere near over, but it doesn’t mean you cannot do something about it.
Working with a reliable cyber security company is the best decision for your cannabis company. Aside from mitigating threats, a managed services provider can help you stay compliant and proactive.
Partnering with an MSP lets you focus on the bigger things. With a dedicated staff for monitoring and security, you can engage employees and serve customers better. Delivering value to stakeholders is also easier—all while furthering the mission of your company.
This one-of-a-kind digital analysis goes deep into diagnosing your actual status, strengths, opportunities and threats (did we mention its FREE?)