Director of Engineering David Drake and Director of Client Success Kelly Beaver share insights on cybersecurity and digital threats in the cannabis industry in a recent article for Marijuana Venture.
“A really high percentage of attacks that work right now are based on social engineering, whether it’s a phone call that comes in or a phishing email,” explains Drake. “Criminals that are trying to breach networks are going to be looking for things like phone numbers or email addresses to be valid, because they want to increase the size of their attack surface.”
The article further outlines that as daunting as digital threats may seem, almost none of them would work without help from someone on the inside, explaining that “the first – and most often only – line of defense against cybercrime is an educated workforce.”
“If you are not putting security parameters in place, then you are just leaving your front door open,” said Beaver. “Some people set up their security with their login and password set as ‘Admin.’ You went through all the trouble to buy a nice security system but didn’t change the standard password?”
The article also discusses that while the very term “cybersecurity” evokes the idea of a digital line of defense, many business owners and operators are unaware of the actual physical threats they installed themselves at their businesses. Beaver says a lot of cannabis businesses have IT infrastructure as one of the last budgeted items. In many cases, business owners simply take the internet router they received from their service provider for free instead of spending a little extra for something much more secure.
"If you are not putting security parameters in place, then you are just leaving your front door open"
-Kelly Beaver, Director of Client Success
Drake and Beaver explain there are steps businesses can take to protect themselves against cybercrime. Drake says it is relatively safe for businesses to use services and software that have strong security protocols, like two-factor authentication, but having good training and standard operating procedures in place that address cybercrime tactics is an important first step.
To read the full article, click here.