By Scott Thomas
This is part three of a series on how to plan, build, and assemble a robust security system for your cannabis business. In part one, we focused on video management systems. In part two, access control. This article focuses on cybersecurity considerations.
When it comes to cybersecurity, most people these days are aware they need to protect their personal computers, internet-connected point-of-sale devices, and data centers. Yet today, everything from light bulbs and fridges to video cameras and access control systems can be connected to the internet — and every single device that can be controlled online or that connects to your network can be a point of weakness for your network.
That’s not hyperbole. Even something as innocent as a color-changing LED light bulb that you can control from your smartphone can be a potential vulnerability. In 2020, security researchers revealed they were able to exploit a weakness in the wireless protocol that allowed users to control the brightness of this type of bulb. They described how this tiny flaw in the protocol could allow hackers access to a home network to install malware and send data through the network, and gain access to other Internet-connected devices in the home. The manufacturer of these light bulbs has since released a patch that addresses this weakness.
The cybersecurity risks of IP-connected cameras and access control systems are even greater. Several companies have been banned from doing business in the United States because of back-door security flaws in their hardware that allowed unauthorized entry from outside sources. If a security camera is hijacked, not only can the hacker pull video from it to spy on what’s happening in that space, but the device can also be employed in a distributed denial of service (DDOS) attack on a website or server or create an entry point into your network to insert malware or ransomware. If hackers then gain access to your point of sale software, they could even monitor transactions, steal personal credit information, and compromise customer privacy.
That doesn’t mean that you shouldn’t take advantage of the many benefits of the internet of things (IoT) devices. It does mean you need to be aware that there are risks to consider, and that it’s worth your time and attention to learn about the steps to take to protect your internet-connected devices as well as your network.
Reduce your exposure to threats
During the COVID-19 pandemic, we all learned the importance of washing our hands frequently to reduce the spread of the virus. When it comes to computer viruses, changing your password is like washing your hands – it’s a simple but effective way to reduce your exposure.
Good cyber hygiene includes simple steps like changing default passwords right away, updating passwords regularly, and never reusing passwords. It’s the first step to “hardening” your network, making it as difficult as possible for hackers to find and exploit vulnerabilities.
The best approach to harden your network against intrusion is to ensure there are multiple layers of protection. Each protective measure is like a piece of Swiss cheese – each slice has some holes in it, but if you layer enough slices together, you can cover all the holes.
Here are some of the essential layers of protection you’ll want to put in place:
Ensure everyone in your organization updates their passwords regularly; opt for multi-factor authentication for users if available
Regularly update system software and device firmware
Train employees to identify phishing and spam emails, and make sure everyone knows never to share passwords or click suspicious links
Buy internet-connected hardware only from trusted companies with a strong reputation for cybersecurity
Choosing systems with built-in layers of defense strengthens your organization’s cybersecurity the minute they’re up and running. Built-in security functions like data encryption and endpoint protection are obstacles for threat actors that make it harder to penetrate your systems.
Software updates are vital to keep your organization secure. Prioritize updating the software and firmware on all your devices, as this allows them to function at their optimal level. Product updates often provide critical fixes for new-found vulnerabilities.
Choose a security software partner with cybersecurity as a priority
When selecting your security software partner, make cybersecurity a priority. Cloud-based software companies should have teams of specialists mandated to watch for emerging cyber threats, updating and patching software, and vetting third-party hardware providers. Select a partner that offers systems with built-in defense functions and who will regularly update and patch software and hardware on your behalf.
Most vendors offer their customers hardening guides — tips on how to keep your system secure — so ask the right questions to ensure you receive your vendors’ relevant data and privacy protection policies. Some vendors even maintain a cybersecurity resource center for clients with real time alerts on vulnerabilities, and work only with trusted partners who have the same commitment to cybersecurity as they do.
Ask your provider about their cybersecurity protocols, including:
What self-testing and penetration testing do they do on their own products?
What are their internal cybersecurity protocols for their employees (including password management and multi-factor authentication)
How transparent are they about responding to threats? How proactive are they in this area?
Do they monitor their partners’ devices as well as their own software to detect and respond to vulnerabilities?
When it comes to cybersecurity, the best solution is to create layers of protection. Everyone has a role to play in keeping your network and your data secure. Every employee, every connected device, and every partner has a role to play. The good news is that simple steps go a long way. Follow basic cyber hygiene protocols, harden your system, and choose to work with only trusted partners with a proactive and transparent approach to cybersecurity.
In Case You Missed It