In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.
FBI: Scammers Exploit Security Weaknesses on Job Recruitment Websites to Impersonate Legitimate Businesses, Threatening Company Reputation and Defrauding Job Seekers.
In an unclassified Public Service Announcement, the FBI is warning the public and companies about scammers utilizing job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money. Scammers spoof legitimate companies to post fraudulent job postings on commonly used employment-oriented networking sites. The lack of strong security verification standards on one recruitment website allowed anyone to post a job on the site, including on official company pages. Those postings would appear alongside legitimate jobs posted by the business, making it difficult for applicants and the spoofed company to discern which job posting was real and which one was fraudulent. Scammers also replicate legitimate job postings, alter the contact information, and post the now-fraudulent job announcement on additional networking sites. Since early 2019, the average reported loss from this scheme is nearly $3,000 per victim, and many victims have also reported that the scheme negatively affected their credit scores.
According to the full announcement, the FBI recommends “companies should consider taking steps to protect their brand and reputation from scammers who use their name, images, and likeness to commit fraud through fake job postings. Job seekers who are unaware they have been scammed may write negative reviews of the victim company; thus, adversely impacting the company’s ratings on career websites and social media platforms. Additionally, if a company is often associated with fake job postings, candidates may seek jobs with competitor companies rather than risk being scammed.”
State lawmakers are considering new legislation that would lengthen prison sentences for those that target cannabis businesses. According to Cannabusiness Association spokesperson Aaron Pickus, a running tally among member businesses puts the number of robberies since mid-December at roughly 30. Many of them have been armed robberies, he said.
The failure of Congress to pass the Secure and Fair Enforcement (SAFE) Banking Act continues to put cannabis businesses at risk. In a moment for potential optimism, Congressman Ed Perlmutter, D., Colo., stated last week that he has attached the SAFE Banking Act to an existing bill called the America Competes Act which passed the U.S. House of Representatives this week.
Additional reported dispensary robbery events this week include:
As the police have been criticized for their lack of response to the continued disturbance of the trucker protest, Ottawa Police Chief Peter Sloly indicated on Wednesday that “there may not be a policing solution to this demonstration” and that he and other commanders were “looking at every single option, including military aid to civil power” to end it. Prime Minister Justin Trudeau indicated on Thursday that sending in the Army was “not in the cards right now.” The Royal Canadian Mounted Police (RCMP) have approved a request from the city of Ottawa for additional resources.
The blaring of horns by the truckers is creating a major disturbance in downtown Ottawa and the situation may soon get to a tipping point with local residents. Some images from social media show structures being erected, and supplies ferried in, indicating that the protesters do not plan to depart the area on their own accord anytime soon. The protests are threatening to spread outside of Ottawa. A GoFundMe page that had raised millions has recently been halted. In Toronto, hospitals say they are tightening security around their sites and suggesting that workers wear plainclothes when coming into work this weekend as the city prepares for the “Freedom Convoy” protest. The Winnipeg Police Service is urging people to avoid driving downtown due to an active protest Friday.
A copycat protest in the U.S., being called the “Convoy to D.C. 2022,” encouraging a convoy from California to D.C. was being organized on Facebook before the page was removed. While organizers say that the U.S. plans are still being finalized, they say March 1st has been established as the hard deadline if it doesn’t happen before then. Some coordination is being done on the Telegram group https://t.me/FreedomConvoy/OttawaToDC.
Cities which will have protests could see disruptions to businesses, particularly in downtown corridors. This could impact the ability of staff or customers to reach stores, or impact delivery drivers or armored cars for cash deposits to safely reach dispensaries. Additionally, as the protests continue to expand, the great of a trucker strike which would further impact the already stressed supply chain is a real concern.
During a keynote address at the Ronald Reagan Presidential Library and Museum FBI Director Christopher Wray outlined the threat posed by China to U.S. national security. The threat’s complexity is rooted in the intrinsic entanglement of the American and Chinese economies, which is fueled by a high U.S. demand for Chinese-made products and a steady exchange of students between American and Chinese borders. Wray stressed that China has pulled no punches about capitalizing on this interconnectedness to chase economic superiority.
“When we tally up what we see in our investigations—over 2,000 of which are focused on the Chinese government trying to steal our information or technology—there is just no country that presents a broader threat to our ideas, our innovation, and our economic security than China,” Wray said, adding that the Bureau opens a new counterintelligence case against China about twice a day.
When considering mitigation strategies around insider threats and intellectual property theft, organizations may want to reference a recent TLP:GREEN FBI Liaison Information Report (LIR) titled “Bluetooth Peer-to-Peer Sharing Used to Bypass Security Systems and Facilitate the Acquisition of U.S. Intellectual Property Secrets”. In the LIR, which is attached to this daily report, the FBI recommends that “Companies and CDCs should maintain robust security protocols for access to their research and IP, particularly for employees who are working from home and using devices that may have access to company files. Companies and CDCs should carefully monitor the use of company provided devices and maintain awareness when employees download files to their work provided devices.”
The FBI has identified the following best practices, which may assist private sector partners to protect their sensitive data and intellectual property:
- Disable Bluetooth P2P sharing on all work provided devices
- Create an access control list to restrict employees/users to only have access to the files they need
- Monitor the frequency of confidential files downloaded to company devices
- Conduct periodic physical checks on device logs to determine the use of Bluetooth P2P sharing
The Cybersecurity and Infrastructure Security Agency (CISA) invites you to join a two-hour security webinar to enhance awareness of and response to an active shooter event. Preparing employees for a potential active shooter incident is an integral component of an organization’s incident response planning. Because active shooter incidents are unpredictable and evolve quickly, preparing for and knowing what to do in an active shooter situation can be the difference between life and death. Every second counts. Upcoming sessions that still have open availability include:
- Region 4- Tuesday 08 Feb.
- Region 6- Tuesday 15 Feb.
- Region 1- Wednesday 16 Feb.
- Region 5- Thursday 17 Feb.
- Region 2- Tuesday 01 Mar.
- Region 2- Wednesday 02 Mar.
- Region 3- Thursday 10 Mar.
Severe weather season will waste no time kicking into gear this year, although the worst of the storms and tornadoes may once again focus on areas outside of the traditional Tornado Alley. AccuWeather is predicting that 2022 will feature a near to slightly above-normal number of tornadoes across the U.S. with April likely to be the busiest month in terms of tornadoes. More than 200 twisters are projected to touch down in April, most of which will spin up across the central U.S.
Check out the latest blog highlighting issues important to cannabis security!Tweet