Hello and welcome to Kanna Risk Management’s next discussion of Cyber for canna businesses.
The corporate structure for your business includes a board of directors. Odds are good that this group will be heterogeneous, with wealthy men, women and even some employees. In KRM’s research it has been discovered that most directors are bottom-line folks, with profits and return of money a primary goal as they’ve put up the funds to start your business in a new untested sector. And because they are often, if not always, of substantial means, their personal and professional wealth may be at risk.
A complete cyber risk management program is particularly acute for them, your customers and employees. With respect to the latter, see The Wall Street Journal for October 9, 2020, page R2 and the rest of that section.
The Bank Policy Institute has polled member boards and found their representatives are quite alarmed by a lack of protections for them personally and their assets while on cannabis boards. The Institute also found a lack of integration for controlling cybersecurity with a risk management strategy: seed to sale.
In order to protect board members’ assets your cannabis companies must set up, in conjunction with your insureds, a policy group to form a technology-strategy committee. Chit chat about cyber is not enough: implementing an INSURED program, with a tech firm and stable carrier, is the least companies must do because cyber-hackers are becoming savvier and there is more money flowing into the cannabis system. The board needs to be constantly made aware of what your cyber committee is finding out and needs to act on even the slightest irregularity, because cyber attacks are unpredictable and most often come in waves, as the cyber criminals slowly learn the vulnerable aspects of your digital footprint!
Some last thoughts … while not common day-to-day knowledge for board members or canna employees, a Remote Data Port is a Microsoft proprietary protocol that enables remote connections to most computers (in a TCP port 3389), providing remote access to a user over an encrypted channel for access to private information like your financial data. The RDP enables users to access applications from web browsers without proper security, like cannabis businesses and their financial information.
Coveware Scan 2.0 is one program that is maintaining security. Norton and Dell also have tested programs. Crum and Forester say they have a policy to insure against ransomware. They have a 24-hour response team (so they advertise) to meet your legal, financial and recovery issues. The truth is, while banking services are still not available to the cannabis business, simpler, non-digital methodology is safer. That may be temporary as Congress moves to allow banks into the cannabis space: we hope that will be sometime soon. So if you chose not to purchase cyber cover, do remember that prices are going up and will continue to do so as the risks multiply and the scavengers figure out how to access your data.
Summing up, Kanna Risk Management has written about:
1) What cyber attacks are
2) What needs to be in your insurance policy, and
3) What steps need to be taken by the business itself, even with insurance, and most importantly for board and future of the company.
If you have questions or issues please get in touch with us through your brokers. Be safe and prepared.