software-as-a-service Archives - Cannabis Industry Journal

Is your cannabis business an attractive target for cyber criminals? With the influx of investment to this market and new businesses opening frequently throughout the United States, the legal cannabis industry is a prime target for cyber criminals.

Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.Cannabis industry hackers pick their targets by vulnerability, exploiting consumer or patient data to darknet black markets and forums. The impact can be devastating to both the business and their consumers. With new laws on protecting consumer and patient data on the horizon, businesses that do not adequately protect that data, could face stiff fines, in addition to losing the trust of their customers.

So, how do these attacks present themselves? Recent studies implicate employees as the “weakest link” in the cybersecurity chain due to a lack of cybersecurity best practices and training. Implementing safeguards and providing employee training is imperative to the cybersecurity health of your business.

Now, let’s identify the top 5 cybersecurity threats to the cannabis industry and some valuable tips for protecting against these criminal hacks:

Phishing: Phishing is a form of cyber-attack, typically disguised as an official email from a trustworthy entity, attempting to dupe the recipient into revealing confidential information or downloading malware. Don’t take the bait! 91 percent of cyber-attacks start as phishing scams, with most of these lures being cast through fraudulent emails.

Tips: Do not download attachments from unknown senders!
Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.

Password Management: Password complexity is key to protecting against cyber breaches. When it comes to data hacking, 81 percent of breaches are caused by stolen or weak passwords. With a password often being the only barrier between you and a data breach, creating a complex password will dramatically decrease those password-sniffers from obtaining your sensitive information.

Tips: Create passwords that are at least 12 characters in length – include letters, numbers and symbols (*$%^!), and never use a default password. This will fend off brute-force attacks.
Change passwords every six months to a year, keeping them complicated and protected. For IT Managers, make using a password manager mandatory for all employees. (Pro-tip: LastPass is free).Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.

Public Wi-Fi: Being able to connect in public spaces, while a modern marvel of convenience, leaves us wide open to cyber-attacks. Whether you are in an airport or café, always err on the side of caution.

Tips: Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.
Browse in a “private” or “incognito” window to avoid saving information. If you have a VPN, use it. If not, then do not handle any sensitive data.

BYOD: Beware of Bad Apps: Using personal devices for work has become the norm. In fact, approximately 74 percent of businesses have bring-your-own-device (BYOD) policies or plans to adopt in the future.

With these platforms providing greater access to mobile apps, comes greater responsibility on the part of the end user.

Tips: Password protect devices that will be used for work (and, any device in general).
Only download applications from a trusted, authorized app store. Do not use untrusted play apps.
Mobile device protection is recommended for any device being used on a business network.

Whether it is an app from an unauthorized website or a lost/stolen device that was not password protected, cyber criminals do not need much to compromise critical data.Avoid logging into a SaaS application on a public computer or public Wi-Fi network.

SaaS Selectively: Keep Sensitive Data Safe: SaaS (Software As A Service) are cloud-based software solutions and chances are you are using one of these SaaS solutions for work purposes. IT is typically responsible for implementing security controls for SaaS applications, but ultimate responsibility falls on IT and the end user jointly. Here is what you can do to help keep these solutions safe:

Tips: Avoid logging into a SaaS application on a public computer or public Wi-Fi network.
Never share your SaaS login credentials with unauthorized persons over digital format or in person. Lastly, if you need to step away, always lock your screen during an active session.

While these tips will help keep your consumer/patient data from falling into the wrong hands, always have a plan B- backup plan! Your plan B must incorporate saving important data to a backup drive daily. Most likely, there is already a backup protocol in place for your mission-critical work data; however, for sanity’s sake, back up your BYOD devices as well.

Last week at the MJBizCon, a major cannabis industry event held annually in Las Vegas, urban-gro launched the first technology line for cannabis growers utilizing Internet-of-Things (IoT). urban-gro, a cultivation technology company for commercial-scale growers, announced the launch of announced Soleil® Technologies, an integrated portfolio of hardware, software, and services that uses IoT.

“The solution suite includes per-plant sensing, environmental monitoring, machine diagnostics, fertigation management, lighting controls, inventory management, and seed-to-sale tracking,” reads the press release. IoT is essentially a network of devices embedded with sensors and software that allow the devices to connect and exchange data. IoT devices are used extensively in the food industry, including for integrated pest management, restaurant food safety and management and tracking product conditions such as temperature and humidity throughout the supply chain, among other uses.

Soleil consists of three primary lines:

Soleil 360 is the cloud-based software-as-a-service (SASS) platform that integrates all Soleil solutions.
Soleil Sense is the brand for all of urban-gro’s low-power wireless sensors that deliver data with the scale, precision and resolution needed for analytics and machine learning.
Soleil Controls is urban-gro’s product set for climate and irrigation controls, lighting systems, and other focused controls.

The core, low-power sensor that makes this unique was licensed from Edyza, a wireless innovator that specializes in low-power wireless grids that scale. urban-gro then developed on top of that sensor, including its cloud-based management, analytics, what the sensors detect and cover, etc., to make it ideal for cannabis growers.

According to Brad Nattrass, urban-gro’s chief executive officer, finding an IoT solution that can easily scale was a key goal for their business. “When evaluating the most advanced market-ready sensor technology available, it was crucial that we deliver a solution that can easily scale to thousands of sensors in order to satisfy the needs of large-scale commercial cultivators,” says Nattrass. “The introduction of Soleil demonstrates urban-gro’s commitment to going beyond simply supplying equipment, to truly serving our clients as an ongoing technological innovator and advisor, enabling cultivators to leverage today’s more advanced technologies to rise above the competition.”

“Cultivators will be able to monitor substrate moisture and EC (electrical conductivity) levels on a per plant basis, as well as track key environmental metrics like temperature, humidity, air movement, and probability of infestation,” reads the press release. “With multiple device options, cultivators can choose between several deployment options.” With the data hosted on the cloud, users can access it through web browsers, Android and iOS devices.

According to Jay Nichols, a representative of urban-gro, they have hired (and is hiring) code developers, product developers, etc. in order to expand this unit. Plant sensors are just one piece of the system, with the goal to automate the entire cultivation process, including controlling lights, pest management, irrigation and fertigation. They say it will be available in late Q1/early Q2.