Social Engineering Attacks on the Rise- Don't be a Victim!
First of all, what is a social engineering attack?
Social engineering can be summarized as an act of manipulation, to trick someone into sharing sensitive information or unwillingly downloading malicious software. Social engineering attacks are incredibly successful, as they prey on one’s inherent trust in others. Regardless of the method, the common theme of these attacks is that they are highly calculated, and often hard to detect. Fortunately, you can arm yourself with knowledge and the correct types of coverage to minimize exposure to these risks.
What should I be on the lookout for?
Impersonation Attacks:
It’s no secret that cannabis businesses face more regulation and monitoring than any other industry. Licensees have already jumped through many hoops to obtain their license, and they will do the same to keep it. With this logic, con artists have identified opportunities using impersonation to gain access to the inside of your building or systems. In particular, individuals acting as staff from the C.R.A. (Cannabis Regulatory Agency) are contacting licensees about false upcoming inspections. They are gaining valuable information about the building’s hours of operation, product information, and security to plot their attacks in off hours.
Attackers may also act as the business owner, or someone designated by the owner to arrange pick up or drop off business funds. Innocent employees are under the impression that their superior has given them the direction to comply, and the rest is history.
Vendor impersonation attacks are also on the rise. Communication is received requesting payment in the form of cryptocurrency, but the supposed products are never delivered. There have been mentions made of urgent communications from “vendors” requesting changes to payment directions. Trying to do the right thing, victims help the imposter with whatever they need.
Also reported are attacks of calls from individuals claiming to be calling from the Bureau of Fire Services. Employees are told that they need to drop off items prior to their scheduled inspections. It seems like an innocent request, however the response can divulge important security practices and leave businesses vulnerable.
Cyber Attacks:
The age of technology has warranted a large wave of cyber-crimes. The booming cannabis industry is fairly new, which leaves uncharted and potentially unprotected territory for criminals to wreak havoc.
The use of phishing has been around for over 2 decades- but is still one of the most frequently used methods for exploitation. Hackers try to lure cannabis business owners into clicking malware-infected links that infect the company’s computer system, potentially costing the business thousands in losses. Most business owners are aware of the danger phishing poses- but these attacks can be hard to distinguish from normal emails or links. Perhaps the most troubling factor of phishing success is that methods continue to develop as technological capabilities expand.
Ransomware attacks also prove effective due to their fear-based approach. Hackers compromise systems to gain control, and give business owners the dreaded ultimatum of complying with their demands, or facing the consequences. The Federal Bureau of Investigations estimates that an average of 4,000 ransomware attacks happen in the United States every single day, and leave business owners with an average of $116,000 in losses to remediate the situation.
Cyber Extortion is similar to ransomware, with one major difference. Criminals only accept the ransom payments via cryptocurrency or other digital avenues. This is to protect their identity and continue their crimes undetected.
What steps can a business take to protect itself?
- Always ask for identification or credentials for individuals who appear onsite. For individuals claiming to work for the C.R.A, licensees are encouraged to contact them to confirm identity and any scheduled inspections. They can be reached by email to [email protected].
- Have staff confirm all unusual communications with management or ownership before complying with requests.
- Keep all security measures up to date such as cameras, alarms, and antivirus protection.
- Don’t click emails or attachments from untrusted sources.
- Lock devices while you are away.
- Offer employee security trainings on a regular basis.
- Button up all loose threads by obtaining cyber liability coverage.
What is Cyber Insurance?
Cyber liability protects you in a variety of ways, but it’s most effective at providing financial assistance should you experience an attack. Depending on your policy, these funds can help pay for lost revenue, expenses incurred during cleanup and fines related to noncompliance with federal mandates. Policies also typically offer some form of protection against third-party losses and theft of intellectual property. Policy coverages vary depending on the insurance company, so it is important to outline any exclusions and limitations before you are left vulnerable. Here are ‘8 Reasons Why Your Cannabis Business Needs Cyber Insurance’.
Cannabis insurance can be tricky as it is, so it’s wise to trust the experts when reviewing your coverages. Give us a call today, or request a quote online here.
More Cannabis Industry News
Want to stay up to date on the latest cannabis insurance news? You can find more on important topics in the cannabis industry on our blog.
Or get more information about insurance solutions for the cannabis, CBD, and hemp industries from Spire Insurance Solutions here.
About Spire Insurance Solutions:
Spire Insurance Solutions provides risk management solutions to both the Recreational & Medical Industry. Through a consistent approach, Spire is your expert buyer of insurance and helps companies purchase important Insurance coverages in the evolving Cannabis industry. With years over 45 years in business with experience in assessing risk, our team sees that many cannabis related businesses do not have the coverage they desperately need. Our mission is provide unparalleled and caring service to our clients through our knowledgeable staff and give back to our employees, agency, industry and our communities.
When it comes to insurance, it helps to work with an agency that has both the experience and capabilities to meet your needs. We will help you manage and plan for your potential risks. As professionals, we assess your needs and offer you a variety of insurance products to choose from. Let Spire Insurance Solutions elevate your insurance solution to help your growing business.
Disclaimer: This Blog/Web Site does not provide insurance or legal advice. This site is for educational purposes only as well as to provide you with general information and a general understanding of insurance, not to provide specific legal advice or specific contract advice. Viewing this site, receipt of information contained on this site, or the transmission of information from or to this site does not constitute a client relationship.
The information on this Blog/Web Site is not intended to be a substitute for professional insurance or legal advice. Always seek the advice of a licensed agent in your state pertaining to insurance and legal issues.
Author: Kimberly Park