As the cannabis industry continues to expand at an exponential rate all over the globe its members face increasing information security threats.
Information security threats can come in various forms, with all of them sharing the common goal of trying to steal data from an entity.
Experian, a leading international data company, is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.
Members of the cannabis industry need to be aware of information security threats and implement strategies to safeguard their data and information from hackers and cybercriminals.
Consumer and Employee Information
Cannabis companies are often a treasure trove for personal information, whether they realize it or not.
All cannabis companies that employ workers possess sensitive information that is used for human resources and payroll purposes.
Job applications and human resource forms often contain a person’s name, address, date of birth, driver license number, and even their social security number.
Many dispensaries and other companies will store customer information in their data systems in order to make the purchasing process faster and/or for marketing purposes.
When that happens it creates a growing target for nefarious actors who want that information.
Medical Patient Information
Medical cannabis clinics and dispensaries that serve patients are also likely to be targeted by bad actors at an increasing rate going forward.
Entities that focus on serving the medical cannabis community often have medical cannabis patient information on-hand, including medical charts, histories, treatments, and diagnoses, in addition to the personal information listed previously in this article.
Medical patient information such as a diagnosis or patient history may not be useful for stealing someone’s identity, however, it’s still extremely private information that should only be seen by a very limited number of people with the patient’s authorization.
Medical-specific information can be used in a number of ways by hackers and cybercriminals to violate a patient’s privacy, even if that doesn’t involve monetary damages.
Proprietary and Controversial Company-Specific Information
The cannabis industry is a massive industry these days, and it’s increasing in size with every passing week.
Billions of dollars are flowing through the cannabis industry, and whenever that amount of money is involved there will always be attempts at corporate espionage.
Unfortunately, some companies will seek to gain an advantage by obtaining proprietary information through corrupt means from their competitors.
The cannabis industry will likely become a popular target for online cyber activists or ‘hacktivists’ as highlighted by Experian in their recent alert.
Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices.
What Can Companies Do to Protect Private Information?
Cannabis companies need to take information security seriously and implement robust safeguards and policies immediately if they have not done so yet.
Below are some of the things that should be involved:
- Physical security measures such as locks, safes, and surveillance
- Technical safeguards such as encrypted communications and password protected databases
- Policies that prohibit the unauthorized use or dissemination of information by members of the company
- Proper training to ensure that company members are aware of what is prohibited, why information security is important, and how to follow protocols that keep information private
Information security will continue to be a major concern in the cannabis industry. Companies that do not take it seriously run the risk of experiencing many problems, including lawsuits by affected parties.
The growing information security threat facing the cannabis industry has one silver lining – it is an opportunity for information security experts to offer their services to a multi-billion dollar industry.