What’s the biggest security threat to your cannabis business today?
If you read the headlines, you might think it’s related to someone stealing merchandise, or maybe an employee clicking on a phishing email and opening up your data to risk.
Those can be serious to a growing business. But there’s something else that business owners rarely consider until it’s too late.
Outside threats can lead to a lot of damage.
Yet it’s your employees who may be your highest risk. Not just the disgruntled employee who quit last week, but also your top sales team members who are helping you build your business.
To reduce the risk of a phishing attack, it takes just a few simple rules:
- Provide consistent training to employees to help them recognize phishing messages
- Have a strategy in place on what to do if a phishing attack takes place
- Keep devices and platforms current at all times
But employee opportunity risk is different.
Think about your star employee for a moment. They do everything. They handle sales. They talk to your suppliers. They understand secret recipes. They have access to financial data.
They seem happy.
But what if a competitor offers them an incredible deal they can’t pass up?
Suddenly, all of that knowledge walks out of your door, and through the door of your competition. And they bring all of their expertise with them.
A recent report on security risk found that a business has a one in three chance of losing intellectual property when an employee quits.
A good employee has a depth of knowledge. And they are more likely to continue working in the same industry even when upgrading and taking a new position.
That same report found that 71 percent of all business owners have no idea what or how much sensitive data departs when an employee quits.
This doesn’t mean you should start doubting your top employees. What it does mean is it’s time to create clearly defined policies for added protection.
Start by redefining every role. Is there a reason a new employee has access to financial information? Your first step is to create a thorough job description for each employee. Then clearly define what they need access to before handing over the keys to all your tools. Most applications have a variety of user levels, from view-only to admin. Ensure users only have the access they need.
Next, build a security system to understand what’s happening. This includes periodic reports that analyze who is accessing what, and follow the trails of information as people move in and out of your business.
Finally, be upfront with every employee. No matter how much you consider an employee to be a friend, they are an employee first. Due diligence starts with a clear strategy, and practical rules.
They might even be able to help you build a more secure business.
But it starts with the strength of a policy first.
For IT Strategy, Security and Compliance, or Help Desk Services, reach out to us at Cannabis Technology Partners 360-450-4759.