Hi everyone. Today we’re going to take a slight detour from our normal publications about cannabis and cannabusinesses to talk about how you can protect yourselves and your companies online.

Many people approach online security the way that they might approach real life security - just hide the valuable things, right?

Well, usually the type of people who would attempt access your systems online aren’t the same as common thieves. These people are typically smarter and have more sophisticated methods to get at the things they want. So here are a few tips to protect yourself online!

1. Don’t use the same, simple password.

I’m sure many of you have heard this, but it bears repeating. A chain is only as strong as its weakest link. If you have a weak password on any website, you are potentially opening yourself up to a variety of attacks. You want your password to be memorable, but not easy for a computer to figure out. Try using an entire sentence as your password. Or use a phrase or idiom you commonly say. This makes it very difficult for computers to brute force their way into your account, while also making your password very memorable.

2. Don’t install anything you don’t trust.

I wish I had known this when I was in middle school. I spent a lot of time fixing my stupid mistakes. If you don’t entirely trust where a program or file is coming from… don’t use it! It’s that simple. Some antivirus programs also allow you to scan new programs/files, but they’re not perfect.

3. If you don’t know… ask!

One of the great things about the internet is that while it can be risky, it’s also a great source for information. If you’re ever worried about something or you’re not sure if it’s safe, there are a large variety of communities around the internet that can help you. From simple question-and-answer sites like Quora, to technically savvy communities like Tom’s Hardware, you can usually get the information you need.

4. Don’t trust anybody you don’t know, and sometimes you shouldn’t even trust people you do know.

This might seem paranoid, but it’s generally good advice to live a life free of malware on your computer. Common computer viruses and scams like to trick you into trusting someone who sounds smart, or they like to pose as people or companies that you know. After all, it’s general human nature to be more trusting than distrusting. If you see a “strange” email from somebody you know, their account may have been compromised.

Your greatest vulnerability when you’re online is the nut behind the wheel keyboard. If you want your company to be protected, this is the best place to start. So how do we train our employees to be safe when online?

1. Learn the signs of a scam.

This might seem kind of obvious, but it can actually be really difficult to parse out what’s fake from what’s real during the course of the work day. For example, Growers Network has been the target of several phishing attacks over the past few years. Some of these attacks were very complex and tried to glean credit card information or other financial information from us. I’m happy to report that we very quickly identified these attacks and prevented any harm from occurring. But your team needs to know what the signs are. While this is by no means a comprehensive list, here are a few hints that an email may be phishing:

1. Bad spelling or grammar. Many of these attacks focus on targeting large numbers of individuals, so often the phishing attack isn’t too detailed.
2. Any links in the email may redirect to the wrong URL. For example, instead of going to WellsFargo.com, they may go to WellFargo.com or WLFGO.com. They can even be completely random URLs. Always check to make sure you are on the right site! If not, get out of there!
3. They use generic language. Many phishing attacks are often vague and could apply to nearly anybody. If they say that your credit card is having issues, instead of clicking a link, call the company and ask them what’s wrong with your credit card. If it was a phishing attack, usually the person on the phone will be able to identify that you were being phished.
4. The email may come at an unexpected or seemingly random time. This could be a point in time when you don’t expect someone to send accounts receivable or billing information, or the email could come at non-business hours when the company in question might be at home, asleep.

That email from 4 in the morning? Definitely from me.

2. Regularly drill your employees.

If you have an IT department, they may be able to help you with this. Essentially, you want to get your employees used to regular attacks so that they can quickly identify what is real and what is not, without exposing them to real risks. This is a strategy that is referred to in the security industry as “red teaming” or a “penetration test.” By acclimating your employees to these drills, they can identify the real thing when it does happen. Additionally, you can also find the weak points in your organization without experiencing a real attack.

3. Hire a security service to help.

While a security service cannot stop an employee if they make a bad decision, they can help train your staff or implement machine learning on your network to protect against these events. While Growers Network does not offer these services directly, many of the security consultants on our community do. If you are interested in learning more, consider joining the community and speaking with one.

Related Article: Cannabis Business Security: Physical and Digital

The best IT department is one you never have to talk with, because they’ve done their job(s) so well. And there are many ways to protect your computers and systems if you keep up with it.

1. Don’t use insecure software.

Some companies place a heavy emphasis on security in their software, and some are a little bit more lax. If you are purchasing a new piece of software that has online connectivity, always ask what security it has. If you can’t find a convincing answer, you should probably look for some other software. For example, Internet Explorer was notorious among computer experts for the number of vulnerabilities it had, while other browsers such as Firefox maintained much stricter security.

2. Update your software!

Yes, I know. I too hate the little notifications that there’s a new version of Acrobat Reader or Flash or Java. It’s pretty annoying to have to update everything all the time. But those updates often contain vital security updates that may protect your system from more sophisticated attacks. So make sure your team is staying up to date!

3. Use a VPN.

A VPN stands for a “Virtual Private Network.” Essentially, a VPN makes you practically invisible to the rest of the internet (and government agencies!), and a very hard target to pin down. A variety of different companies offer VPN services, and if you have any technically minded staff, they should be able to help you set one up.

So that’s a pretty short list of steps you can take to protect yourself online. What did we miss? Anything you’d like us to cover?

Resources:

1. Want to learn more about subjects similar to those touched upon in this article? Check out our articles on subjects such as:
   1. Largest Cannabis Growers in North America (2017)
   2. Women in the Cannabis Industry: Stay Strong
   3. Advanced POS Systems
   4. 5 Awesome Cannabis Strains for Small-Space Growing
   5. The Best Way To Educate Your Dispensary Customers