Consulting with a Conscience™

A cruciallogics blog

Written by Amol Joshi
on November 09, 2018

Based on the recent Ontario cannabis store data breach it is our bold prediction that the cannabis industry will be the next biggest target for hackers and bad actors.

It's actually not that bold a prediction — it's common sense. Where there's lot of money there are many attempts to breach. And this is a major new growing industry.

Unfortunately, the headline above is going to be far too common unless the leaders of cannabis industry start taking technology seriously.

That's not to say at all that this is unusual. Unfortunately, like every other industry, technology is the last thing that everyone thinks about.

Why? Because technology is something that seems easily available. You can register a business, buy a computer, sign up for a website, get an email address from your website provider, sign up for storage, get an antivirus, all with very few steps. The problem is security isn't a given.

You bring on employee #1, 2 and 3 — and you already got computers for them, signed them with an email from your web service provider, and generally onboarded them.

This works until you have about 10 employees. Then, keeping track of it starts getting difficult. You find you don't have control, and security is a free-for-all. Sooner than you expect, that lack of control means people start signing up for services that are not corporate approved that may sound great in theory but with no one validating them it's only a matter of time until you're the one on the front page with a data breach.

On average, it takes 46 days to resolve a cyber attack at the cost of $21,555 per day. And it doesn’t end there. A loss of customers, dealing with law enforcement, regulatory fines, public relations nightmare is what follows.

All this could be avoided with one simple word: Standardization

The easiest way to manage security is to standardize.

  1. Standardize on the technologies you and your teams use
  2. Select technologies that integrate well with one another — have a single pane of glass to control permissions and deployment of various technologies.
  3. Proper document management and data classification process and policies
  4. Strategically plan and deploy security defences such as firewalls, antivirus protections, url filtering, etc. What and how you select is a strategic decision: not a technology decision
  5. Centralize your updates and patch management
  6. Educate your staff 

Security is not rocket science — as long as you think about it before it is too late.

CrucialLogics is a Microsoft Gold Partner with deep knowledge of the cybersecurity needs of companies of all sizes. Interested in learning more? We've compiled a collection of resources aimed at business leaders right here.

 Read more about this.

You may also like:


How Secure is Your Organization? Take the Quiz

For the majority of CIOs, security remains a top priority. With nearly 1 million[1] new threats emerging each day, and t...


Are you Ready for Canada’s New PIPEDA Data Breach Reporting Obligations?

Data breaches are inherently costly — but new PIPEDA reporting requirements carry fines of up to $100,000 if businesses ...

Security Digital Transformation

Azure Active Directory: The Foundation of a Digital Transformation

A digital transformation sounds great, but the execution is fraught with issues as you switch to a new security paradigm...