2021 started with a hacker going online to sell personal data they stole from the major cannabis producer Aurora Cannabis. The cybercriminal claimed to have 50GB of sensitive information that he accessed through the cloud. The stolen data contained such information as home addresses and credit card details linked to the company’s customers and employees.
“Aurora’s case just goes to show that even giants are vulnerable to cyberattacks. However, the worrying fact is that the cannabis business is still relatively new, and we can see fresh start-ups being launched every day. Cybersecurity often escapes the list of priorities and is being overlooked by new business owners, which puts valuable data at risk,” says Oliver Noble, a cybersecurity expert at NordLocker, a data encryption solution.
Why do hackers target the cannabis industry?
Companies producing and selling cannabis products are attractive targets for cybercriminals as they handle a vast array of data of the highest sensitivity. For example, it’s a common practise for cannabis retailers to store photocopies of their customers’ IDs as a proof of legal age, whereas companies dealing cannabis produced for medical purposes collect their clients’ health information.
“The online cannabis industry is vulnerable due to its complexity. Smaller e-commerce shops became very popular amid the pandemic, but they are more likely to lack adequate cybersecurity policies and procedures,” explains Oliver Noble.
According to the expert, hackers love exploiting vulnerabilities. After an attack, they expect to be compensated for returning valuable data to the affected business. If the business agrees to pay the ransom, they often want the whole incident swept under the carpet before the responsible institutions learn about it and either impose huge fines or shut the business down for not following data security laws and regulations. To avoid such great risks, some easy-to-implement steps need to be considered.
Practical measures business owners can take to protect their customers’ data
- Provide security awareness training to your employees. Everyone digitally handling customer data must know the potential risks, including social engineering techniques, phishing scams, malicious email attachments that spread malware, etc.
- Provide security awareness training to your employees. Everyone digitally handling customer data must know the potential risks, including social engineering techniques, phishing scams, malicious email attachments that spread malware, etc.
- Provide security awareness training to your employees. Everyone digitally handling customer data must know the potential risks, including social engineering techniques, phishing scams, malicious email attachments that spread malware, etc.
- Provide security awareness training to your employees. Everyone digitally handling customer data must know the potential risks, including social engineering techniques, phishing scams, malicious email attachments that spread malware, etc.
- Provide security awareness training to your employees. Everyone digitally handling customer data must know the potential risks, including social engineering techniques, phishing scams, malicious email attachments that spread malware, etc.
NordLocker is the world’s first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows and macOS, it supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. With NordLocker, files are protected from hacking, surveillance, and data collection. For more information: nordlocker.com.
