Reading Time: 2 minutes

Expert provides 5 practical tips for cannabis businesses to secure their customer data


2021 started with a hacker going online to sell personal data they stole from the major cannabis producer Aurora Cannabis. The cybercriminal claimed to have 50GB of sensitive information that he accessed through the cloud. The stolen data contained such information as home addresses and credit card details linked to the company’s customers and employees.

“Aurora’s case just goes to show that even giants are vulnerable to cyberattacks. However, the worrying fact is that the cannabis business is still relatively new, and we can see fresh start-ups being launched every day. Cybersecurity often escapes the list of priorities and is being overlooked by new business owners, which puts valuable data at risk,” says Oliver Noble, a cybersecurity expert at NordLocker, a data encryption solution.


Why do hackers target the cannabis industry?


Companies producing and selling cannabis products are attractive targets for cybercriminals as they handle a vast array of data of the highest sensitivity. For example, it’s a common practise for cannabis retailers to store photocopies of their customers’ IDs as a proof of legal age, whereas companies dealing cannabis produced for medical purposes collect their clients’ health information.

“The online cannabis industry is vulnerable due to its complexity. Smaller e-commerce shops became very popular amid the pandemic, but they are more likely to lack adequate cybersecurity policies and procedures,” explains Oliver Noble.

According to the expert, hackers love exploiting vulnerabilities. After an attack, they expect to be compensated for returning valuable data to the affected business. If the business agrees to pay the ransom, they often want the whole incident swept under the carpet before the responsible institutions learn about it and either impose huge fines or shut the business down for not following data security laws and regulations. To avoid such great risks, some easy-to-implement steps need to be considered.


Practical measures business owners can take to protect their customers’ data


  1. Provide security awareness training to your employees. Everyone digitally handling customer data must know the potential risks, including social engineering techniques, phishing scams, malicious email attachments that spread malware, etc.
  2. Ensure secure password management. Since passwords remain one of the main ways we protect access to our online accounts, they need to be strong, unique, regularly updated, and safely kept in a password manager. Employ multi-factor authentication as a secure mark of authenticity for an added layer of your network protection.
  3. Start to encrypt files containing your customers’ and employees’ personal information to avoid data leaks. Business encryption solutions like NordLocker make sure important information kept both on corporate computers and in the cloud is always protected from prying eyes with strong encryption.
  4. Store up-to-date backups of your information in an encrypted cloud to keep the chances of data loss as slim as possible. If an attack is successful, there will still be an unaffected older version of the files that you can access.
  5. Use a VPN for a safe company-wide internet connection. To avoid outside risks, employees need a secure connection, and here’s where a VPN (virtual private network) comes into play. It creates a secure encrypted tunnel between a device and the internet website or the company’s server. A VPN protects the connection from third-party access, including hackers ready to breach the system.