Keeping your cannabis business secure is difficult at best. With so many security options available, it can be confusing to know where to start. Should you invest in employee training? Use a monitoring program to help detect threats? Require periodic password updates?
We’re all busy, and security has never been more sophisticated than it is today. Articles tell us that some form of security is better than nothing; the opposite is actually true. If you assume you’re safe because you have a few tactics in place, you may be more vulnerable because you miss out on advanced strategies. A false sense of security can put you at more risk.
Instead, take a three-pillar stance to ensure protection against the most common security issues that face today’s cannabis businesses.
Pillar 1 – People
People are the primary target of most cyberattacks. They very often are the weakest link.
That said, people can also be your greatest line of defense if they are adequately trained. It starts with developing a greater sense of awareness around all potential security threats. It goes deeper by looking into specifics that target cannabis businesses.
Training programs should move beyond basic education and offer phishing and social engineering tests that expose people to all types of scams. It’s better to learn in a safe environment than put your data at risk through unawareness.
Pillar 2 – Policies
Cybercriminals make it a full-time job targeting companies looking for weaknesses. Cannabis businesses provide valuable information that offers even more rewards.
To protect yourself fully, you’ll need to develop and revise your security policies to protect you from cyber threats. This process is ongoing – different aspects should constantly be reviewed and upgraded. Include:
- Password policies – credential threat is one of the most common ways in. You can offer protection by changing your password requirements, including longer passwords, letters, numbers, and character combinations, changing passwords every 90 days, and multi-factor authentication.
- Use policy – control employees’ access to freely surfing the internet.
- Access policy – a user should only have access to the data deemed necessary to complete the job.
- BYOD policy – employees now work from anywhere and often work between corporate and their own devices. A BYOD policy should spell out your requirements, including things like VPN for better protection.
- Incident response plan – what action would you take if you suffered a breach? The question isn’t “if” but “when.” An incident response plan can provide you with steps to take and assigned responsibilities in the event of an incident. It allows you to think deeper about the process to be more prepared in the event it happens.
Pillar 3 – Processes
Do you have a schedule for replacing hardware and software? How about a strategy of ongoing installation of security updates? Even something as simple as patch management can leave weaknesses in your processes if you don’t have a plan.
This is also one of the best areas to ask for help. Our help desk service reaches beyond service and provides IT services such as user support to help with new hires and terminations, dark web monitoring to protect your domain and email addresses, and procurement of software and hardware supplies to ensure your security.
Security doesn’t have to be difficult if you take a three-pillar approach. At a time when evolving threats and changes in policy are squeezing your already limited resources, it can be just the right amount of support you need.
For IT Strategy, Security and Compliance, or Help Desk Services, reach out to us at Cannabis Technology Partners 360-450-4759.