Tag Archives: complex

Growing the Seed of Sale: Integrating Security with Business Opportunity

By Ryan Schonfeld
No Comments

Anyone in the cannabis industry is well aware that theft of crops can economically devastate a grower. Security is critical, and thankfully, growers and dispensaries have many tools available to protect their investment. There is simply no excuse for not having a solid security posture to keep your business in compliance, from public-private partnerships to advanced security tools – in fact, it’s required in most jurisdictions.

In 2020, nationwide cannabis sales increased 67%, and support for legal marijuana reached an all-time high of 68%. New Frontier Data found that U.S. legal cannabis market is projected to double to $41.5 billion by 2025.

The industry’s advancement impacts numerous areas such as job and tax revenue creation and providing a wide variety of valuable opportunities. For cannabis facilities to keep up with the market expansion and experience success, they must face two significant challenges: achieving adequate security and efficient business operations. Though both can be seen as separate concerns, growers and producers must merge processes and solutions to tackle the issue as a whole.

Dispensaries are prime targets for burglary. Defending your storefront requires a comprehensive security plan

Along with rapid growth, dispensaries face traditional security risks, such as workplace violence and retail theft, while cybersecurity risks have also become more prevalent. These potential issues make it clear that the stakes are high, and as the potential impact on a business rises, the need for real-time, predictive response increases. Insider threats are another issue plaguing the industry when you look at the rate of theft, diversion and burglary that is attributable to employees.

The cannabis market is complex: it’s expanding rapidly, has to meet essential regulatory requirements and faces high-security risks. Therefore, security needs to be looked at holistically since it can be challenging to determine where a potential threat may originate.

With security top of mind, it is critical to move away from responsive behaviors and seek ways to manage security in a manner that gets ahead of threats, prevent them before they happen and respond to them in real-time. But does a grower or retailer have the time and expertise to manage all this while keeping an eye on how security affects the business?

Remote Security Operations

The ability to comply with government regulations and protect a valuable cannabis crop at all stages of its journey from seed to sale makes security systems a mission-critical asset for cannabis growers. Security operations centers create a safer and more productive environment and provide state-of-the-art tools to protect employees, retail locations and grow facilities. But some businesses in the cannabis market may not have the resources or space to have their centralized security operations, leading them to piece-meal security together or do the best with what they can afford at the time. Running these facilities can also be prohibitively expensive.

Security operations centers create a safer and more productive environment and provide state-of-the-art tools to protect employees, retail locations and grow facilities.

But new options take the process of security off the table. The business can focus on the growth of its core functions. Remote security operations services allow companies to take advantage of advanced security services typically only possible in larger enterprise environments. These services are offered on a subscription basis, delivered through the cloud, and are entirely customizable to detect risks unique to your business operations while saving each company significant expense.

Centralized security operations centers leverage intelligent tools, standard operating procedures and proven analytic methods to provide cannabis facilities with the information and guidance necessary to mitigate issues like retail or grow theft before they can have a significant impact.

The integrated, holistic response center staffed by experienced operators and security experts delivers a comprehensive security and regulatory compliance method. This approach is designed to provide complete data about what is happening across a cannabis business, from seed to sale, and how individual events can impact the company as a whole. As a result, stakeholders get the security intelligence they need, without the high overhead, personnel investments and complex daily management.

For those businesses in the cannabis market looking to supplement their security operations with other workforce but may not have the budget or infrastructure to do so, remote security operations services are something you should consider. With the experts handling all the heavy lifting, leaders can focus on growth. And, right now, in the cannabis industry, the sky is the limit in terms of opportunity.

Top 5 Cybersecurity Threats To The Cannabis Industry

By Lalé Bonner
No Comments

Is your cannabis business an attractive target for cyber criminals? With the influx of investment to this market and new businesses opening frequently throughout the United States, the legal cannabis industry is a prime target for cyber criminals.

Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.Cannabis industry hackers pick their targets by vulnerability, exploiting consumer or patient data to darknet black markets and forums. The impact can be devastating to both the business and their consumers. With new laws on protecting consumer and patient data on the horizon, businesses that do not adequately protect that data, could face stiff fines, in addition to losing the trust of their customers.

So, how do these attacks present themselves? Recent studies implicate employees as the “weakest link” in the cybersecurity chain due to a lack of cybersecurity best practices and training. Implementing safeguards and providing employee training is imperative to the cybersecurity health of your business.

Now, let’s identify the top 5 cybersecurity threats to the cannabis industry and some valuable tips for protecting against these criminal hacks:

PhishingPhishing is a form of cyber-attack, typically disguised as an official email from a trustworthy entity, attempting to dupe the recipient into revealing confidential information or downloading malware. Don’t take the bait! 91 percent of cyber-attacks start as phishing scams, with most of these lures being cast through fraudulent emails.

  • Tips: Do not download attachments from unknown senders!
  • Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.

Password ManagementPassword complexity is key to protecting against cyber breaches. When it comes to data hacking, 81 percent of breaches are caused by stolen or weak passwords. With a password often being the only barrier between you and a data breach, creating a complex password will dramatically decrease those password-sniffers from obtaining your sensitive information.

  • Tips: Create passwords that are at least 12 characters in length – include letters, numbers and symbols (*$%^!), and never use a default password. This will fend off brute-force attacks.
  • Change passwords every six months to a year, keeping them complicated and protected. For IT Managers, make using a password manager mandatory for all employees. (Pro-tip: LastPass is free).Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.

Public Wi-FiBeing able to connect in public spaces, while a modern marvel of convenience, leaves us wide open to cyber-attacks. Whether you are in an airport or café, always err on the side of caution.

  • Tips: Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.
  • Browse in a “private” or “incognito” window to avoid saving information. If you have a VPN, use it. If not, then do not handle any sensitive data.

BYOD: Beware of Bad Apps: Using personal devices for work has become the norm. In fact, approximately 74 percent of businesses have bring-your-own-device (BYOD) policies or plans to adopt in the future.

With these platforms providing greater access to mobile apps, comes greater responsibility on the part of the end user.

  • Tips: Password protect devices that will be used for work (and, any device in general).
  • Only download applications from a trusted, authorized app store. Do not use untrusted play apps.
  • Mobile device protection is recommended for any device being used on a business network.

Whether it is an app from an unauthorized website or a lost/stolen device that was not password protected, cyber criminals do not need much to compromise critical data.Avoid logging into a SaaS application on a public computer or public Wi-Fi network.

SaaS Selectively: Keep Sensitive Data Safe: SaaS (Software As A Service) are cloud-based software solutions and chances are you are using one of these SaaS solutions for work purposes. IT is typically responsible for implementing security controls for SaaS applications, but ultimate responsibility falls on IT and the end user jointly. Here is what you can do to help keep these solutions safe:

  • Tips: Avoid logging into a SaaS application on a public computer or public Wi-Fi network.
  • Never share your SaaS login credentials with unauthorized persons over digital format or in person. Lastly, if you need to step away, always lock your screen during an active session.

While these tips will help keep your consumer/patient data from falling into the wrong hands, always have a plan B- backup plan! Your plan B must incorporate saving important data to a backup drive daily. Most likely, there is already a backup protocol in place for your mission-critical work data; however, for sanity’s sake, back up your BYOD devices as well.