top of page
Everyone is Being Hacked
In today’s technology dependent society, data is king. All industries, public and private, depend on data to achieve operational success. As a result, cyber criminals want to steal data to use for their own financial gain. It turns out though; cyber criminals have specific taste when it comes to stealing data. Intuition may lead one to believe that cyber criminals prefer large companies as prey due to the tons of data they use. However, trends indicate that cyber criminals target small to medium businesses more than they target large companies. No businesses are immune to this threat, including marijuana dispensaries. In fact, according to a January report (source), a data breach recently occurred at three marijuana dispensaries, which exposed tens of thousands of customers’ data. Below are four reasons that cyber criminals choose to focus on small to medium size businesses.
Small businesses have profitable data – Most all small businesses use electronic data as a part of their daily business operations. This usually includes customer personal data, payment data, supplier data, vendor data and more. In short, a business does not have to be large in order to have information that criminals can use for their own profit.
Use a small business to hack others – large businesses often use a variety of small or medium size businesses as support for their daily operations. As a result, if a cyber-criminal infiltrates the systems of a small business, then they will likely gain access to data at the larger business as well. Cyber-criminals may also use this strategy to attack other interconnected small to medium size businesses.
Fewer Resources - large businesses employ an arsenal of employees and contractors in an effort to thwart cyber criminals. Smaller businesses, however, do not have the same resources to combat cyber-crimes. Smaller businesses also do not have the same level of technology and system defenses that large companies utilize. This puts small and medium size businesses at a disadvantage. Cyber criminals understand that they do not have to use the same amount of effort to attack a small business, as they must expend to infiltrate a larger business.
Redundancy and Recovery – If a small business incurs a significant cyber-attack, then recovery is often a long and challenging path. For many small businesses, especially those without cyber insurance, recovery may not even be an option. The costs involved in fighting lawsuits, regulatory penalties and systems recovery may be too significant for the business. Often, it makes more sense for the business to close its doors rather than walk the long and expensive path of recovery. As a result, small and medium size businesses are more likely to pay ransoms to cyber criminals in an effort to minimize the recovery time and cost. Cyber criminals are well aware of this fact, which further leads them to target small and medium size businesses.
As a result, cyber threats to the cannabis industry in particular continue to increase. Cyber criminals use various strategies to infiltrate cannabis dispensaries. These strategies include email-based attacks, ransomware attacks, video surveillance, internet of things and cyber extortion. Cannabis dispensaries are especially at risk since most of the information they maintain is protected health information. As a result, this data earns cyber criminals more than regular data.
For small and medium size businesses, such as cannabis dispensaries, cyber risks may seem like an uphill battle. If small businesses do not have large company resources, then what can they do? Good news is here for small and medium size business owners. Below are two helpful resources.
The FBI is working to combat cyber crime
The FBI is evolving its practices in an effort to prevent systemic cyber-crimes in the US. When cyber-attacks occur in the US, the FBI works to hold those responsible accountable. Just like any other crime, the FBI takes each one seriously. The FBI has developed various taskforces that work to continuously monitor and prevent cyber-crimes. Network intrusion and ransomware remain two key priorities of the FBI. These two crimes remain a significant exposure for cannabis businesses, as they are with all small businesses. Related to each of these priorities, the FBI issues ever-evolving guidelines to help small businesses preventatively address each of these exposures. Many of these best practices do not cost money, but rather require businesses to enforce computer and network policies. For example, below is a list of best practices businesses should implement to minimize the potential impact of a ransomware attack (source). Most of these guidelines involve no cost or low cost preventative actions.
FBI’s steps to prevent ransomware attacks:
Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
Ensure anti-virus and anti-malware solutions are set to automatically update and conduct regular scans.
Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed and only use administrator accounts when necessary.
Configure access controls, including file, directory, and network share permissions appropriately. If users only need read-specific information, they don’t need write-access to those files or directories.
Disable macro scripts from office files transmitted over e-mail.
Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Back up data regularly and verify the integrity of those backups.
Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
2. Cyber Insurance
Despite any businesses’ best efforts, cyber-crimes will occur. Therefore, all businesses need to consider the many benefits of a cyber insurance policy, especially businesses such as cannabis dispensaries that manage sensitive customer data. A cyber insurance policy not only provides a risk transfer mechanism for potential cyber losses, it also provides the business with a cyber-loss prevention partner. Most insurers provide preventative cyber resources to their insureds in an effort to minimize the chance of a loss. For small businesses, this is a really effective and economical solution to help manage cyber exposures.
Each day more and more companies fall victim to cyber hacks looking for a quick financial gain. The cannabis industry is simply the latest victim in this ever-changing battle. All businesses need to know the potential losses that may occur in their business. By also understanding the prevention tactics, businesses can take simple, effective and economic steps to minimize the chance of a cyber loss. The FBI and cyber insurers both act as partners in the fight against cyber-crime. Ultimately, our agency is here to help you and your business take the first step in preparing a plan that will address cyber exposure in your business.
With more employees working remotely due to Covid-19. The unsecured home computers act an access point for hackers to gain and compromise your organizations data.
Cyber Insurance Pros can assist in:
Our licensed professional are standing by to assist you with your Cyber Liability Insurance needs. We offer coverage options and monthly automatic payments.
Call us at (877) 225-2699 or get a Cyber Insurance Quote online.
bottom of page