Based on the recent Ontario cannabis store data breach it is our bold prediction that the cannabis industry will be the next biggest target for hackers and bad actors.
It's actually not that bold a prediction — it's common sense. Where there's lot of money there are many attempts to breach. And this is a major new growing industry.
Unfortunately, the headline above is going to be far too common unless the leaders of cannabis industry start taking technology seriously.
That's not to say at all that this is unusual. Unfortunately, like every other industry, technology is the last thing that everyone thinks about.
Why? Because technology is something that seems easily available. You can register a business, buy a computer, sign up for a website, get an email address from your website provider, sign up for storage, get an antivirus, all with very few steps. The problem is security isn't a given.
You bring on employee #1, 2 and 3 — and you already got computers for them, signed them with an email from your web service provider, and generally onboarded them.
This works until you have about 10 employees. Then, keeping track of it starts getting difficult. You find you don't have control, and security is a free-for-all. Sooner than you expect, that lack of control means people start signing up for services that are not corporate approved that may sound great in theory but with no one validating them it's only a matter of time until you're the one on the front page with a data breach.
On average, it takes 46 days to resolve a cyber attack at the cost of $21,555 per day. And it doesn’t end there. A loss of customers, dealing with law enforcement, regulatory fines, public relations nightmare is what follows.
All this could be avoided with one simple word: Standardization
The easiest way to manage security is to standardize.
- Standardize on the technologies you and your teams use
- Select technologies that integrate well with one another — have a single pane of glass to control permissions and deployment of various technologies.
- Proper document management and data classification process and policies
- Strategically plan and deploy security defences such as firewalls, antivirus protections, url filtering, etc. What and how you select is a strategic decision: not a technology decision
- Centralize your updates and patch management
- Educate your staff
Security is not rocket science — as long as you think about it before it is too late.
CrucialLogics is a Microsoft Gold Partner with deep knowledge of the cybersecurity needs of companies of all sizes. Interested in learning more? We've compiled a collection of resources aimed at business leaders right here.