420, Cybersecurity, and the Future of the Cannabis Industry
In April, I always think about every 420 since the beginning of the legalized market.
For many, the New Year is a pivotal time to create new plans, goals, and resolutions. My rebirth time of year has always been in the Spring. This year will mark my 9th 420 as co-founder of MJ Freeway. And for the past 9 years, anticipation of this holiday and the day of 420 has shaped many of my personal and professional goals.
A look back: What we learned from 9 420s.
For years, our biggest challenge as the largest cannabis software company in the world was maintaining our systems to support our clients as they processed 5 times their normal transaction volume. We’ve been live for eight 420s, but that first one in 2011 was the hardest. Our systems slowed drastically due to the overwhelming volume being processed. This was our first 420 with live customers, and we were not prepared for the increased volume. Back then, our servers were not virtual cloud-based servers because at that time, cloud hosting could not support HIPAA. We used dedicated hosted servers, which have to be provisioned manually, and we could not quickly add new resources.
Most of our employees don’t remember a time when 420 was tough for us as a company, but our VP of Technology and I always spend a little time reminiscing and celebrating how far we’ve come.
Since we’ve grown into an enterprise company, now, as 420 approaches, we merely increase client services staff and shifts that week, and increase our system capacity with a few key presses. So, although this article is aimed to help others prepare and learn to protect themselves from future 420 challenges, including cyber security issues, I want to honor our 9th 420 as a company and an industry. The image below briefly recaps our 420s of the past as well as a stunning look at the meteoric growth of our industry by the numbers processed through MJ Freeway’s systems.
Today, as 420 nears, we are hyper-focused on what will become our company’s and the industry’s biggest challenge yet: cyber security. Bill Gates calls cyber security the “biggest problem facing mankind.” And it is certainly the biggest problem facing small businesses and enterprises. Protecting computers, networks, programs, and data from unauthorized access or attacks is not just our goal, but it must be the industry’s goal in order to secure our future.
Our growth: MJ Freeway’s 420 timeline
A mentor told me once, “It’s ok if you continue to have problems as long as you’re not having the same problems. That’s how you know you’re continuing to grow.” The problems of yesterday are no longer our problems today. If you’ve been following our company, you’ll remember the cyber security issues 2017 presented us. As the only enterprise cannabis technology company, we were first to be targeted, and we were unprepared. We were also unprepared for our first 420 9 years ago. We always learn from our mistakes and take massive and immediate action to correct them. It’s even better if you can learn from others mistakes, so we study current cyber security issues to be as well prepared as we possibly can. Many of the security best practices are applicable to any business, not just a technology business, so I’ll also share some actions you can take to protect your business from this growing threat.
Cannabis Businesses & Cybersecurity
If you think you’re not vulnerable to cyber issues today, think again. This interactive site, shows the increasing successful publicly acknowledged data breaches in our world today due to the exponential growth of cyber criminals and the failure of law enforcement to protect us. This is a sobering visual representation of the growth of criminal cyber activity over the last few years.
The Edelman Trust Barometer reveals that trust is in crisis around the world. The general population’s trust in all four key institutions — business, government, non-government operations, and media — has declined broadly, a phenomenon not reported since Edelman began tracking trust among this segment in 2012. In fact, according to the 2018 Edelman Trust Barometer, in the US alone, we have just experienced a 23 point decline – about twice the most significant change ever seen in one country in one year.
Amidst this unprecedented climate, the current administration intends to shut down the office of the coordinator of cyber issues, turning a blind eye to the importance of the cyber security crisis facing our world today.
So, you may be wondering how on earth cyber issues have expanded so quickly over the past several years. To understand this, there are two pieces of technology that are important to understand. Tor & cryptocurrency. Tor is an internet browser that allows you to mask the actual location of your IP address, meaning cyber criminals attacking through a Tor browser cannot be located. Cryptocurrency is the second part of this equation. Contract hackers can be paid in cryptocurrency with complete anonymity. Legal server resources can also be purchased with complete anonymity using cryptocurrency. There are methods of blocking Tor addresses, but not legitimate origination addresses from virtual servers purchased with bitcoin or cryptocurrency. This means all an attacker has to do is buy a legal server with cryptocurrency and then only connect to that server via Tor. From that legal server, they can then launch attacks which can only be blocked once the attacking IP address is identified.
If you’re interested in learning more about how this works and the threat it poses, I recommend the book, “American Kingpin”, about Ross Ulbricht, the founder of the Silk Road, arguably the trail blazer who defined the dark web. There’s also a documentary about Ulbricht called Deep Web. When reading this book or watching the documentary, consider Ross wasn’t even a computer scientist. He was a physicist who taught himself computers. He was also in his twenties and made occasional mistakes. It still took multiple federal agencies and several years to catch him.
What does cybersecurity have to do with cannabis businesses? If you’re thinking cybersecurity doesn’t apply to you as a cannabis business, think again. All it takes is for one unscrupulous competitor to pay someone $5K on the dark web to compromise the password of someone with a high enough access level at your organization to completely mess with your data and business.
6 Tips to Protect Your Business from Cyber Attacks
The top 5 cyber security issues facing us today can all be prevented with good password hygiene. I know this sounds simple, but it’s the most important step you can take to secure your business. Nearly all hacking starts from stolen or compromised passwords. Stealing a password is similar to stealing a physical badge or token. Once someone has it, they can access everything and everywhere that the set of logon credentials can access.
Here are some tips to keep your business safe:
Tip #1: Don’t share passwords
What are some of the ways someone can get your password? Well, the easiest and most obvious is through sharing passwords. Often, to save on software license costs, business owners will direct their employees to share logins. Although tempting and seemingly cost saving in the short run, this is a terrible practice with high risks in the long run. If employees are sharing passwords, and the password is compromised, it’s nearly impossible to determine how the password was compromised. Remember Benjamin Franklin’s famous quote, "Three can keep a secret, if two of them are dead." One password per person is the best strategy.
Tip #2: Use a complex password 12 characters or longer
The next most common way credentials are compromised is through brute force attack. In a brute force attack, automated software is used to generate a lot of consecutive guesses to obtain information like user passwords.
You might be surprised to learn 8 character passwords (which has long been the standard) are fairly easy to brute force. Good software, like MJ Platform, will lock an account after a few bad password tries in order to prevent brute force attacks. However, not all of your systems will have this feature. Therefore, best practice is to use a password 12 characters or longer:
Tip #3: Shred anything sensitive that is written down on paper
A lot of password compromise still occurs through good ol’ fashioned dumpster diving. In fact, the very first hacking book I ever read over twenty years ago noted this as the way 75% of all passwords were gained. I suspect more passwords are now sniffed or brute forced, but it’s a reminder to all of us to take the extra time to shred personally identifying documents and anything sensitive we write down on paper.
Tip #4: Use a secure, private wireless network
Anyone with enough time and patience can use a wireless sniffer to obtain passwords right out of the air with enough physical proximity to the network. This is made infinitely easier if that person is able to guess or obtain the wireless network password and actually join the network to sniff traffic. Don’t give guests your business wireless network password. If you would like to provide guests with access to wireless internet, setup a separate guest only network which you do not use for business activity.
Tip #5: Use unique passwords for every system and change them often
If you remember the infographic earlier, you’ll see that very prominent organizations are being hacked on a daily basis. Half of all Americans, 143M people, had their personal data compromised in the Equifax breach alone last year. By the odds, it is more than 90% probable that some of your personal data was compromised in a security breach in 2017 alone. My last tip is the simplest solution but also the most inconvenient. The absolute very best thing you can do is completely reset all your passwords often. All our software platforms, including MJ Platform, require you to change your password often; however, it is equally important to use unique passwords for each system.
The only thing constant in life is change. As we prepare for another 420 and another year serving this incredible industry, I remind myself the problems of today will not be the problems of tomorrow because we will continue to grow and solve new problems. Remember, as my mentor said, as long as we’re not solving the same problems, we’re growing.
As the cannabis industry celebrates our growth, and as MJ Freeway celebrates its 9th 420 serving the industry and over $10 Billion now processed through our systems to date, we remain vigilant and are constantly taking measures to protect against new threats. Our businesses will always face challenges, but if we share information with each other and watch each others’ backs, I believe we as an industry can continue to create the best industry in the world.