Tag Archives: symbol

Top 5 Cybersecurity Threats To The Cannabis Industry

By Lalé Bonner
No Comments

Is your cannabis business an attractive target for cyber criminals? With the influx of investment to this market and new businesses opening frequently throughout the United States, the legal cannabis industry is a prime target for cyber criminals.

Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.Cannabis industry hackers pick their targets by vulnerability, exploiting consumer or patient data to darknet black markets and forums. The impact can be devastating to both the business and their consumers. With new laws on protecting consumer and patient data on the horizon, businesses that do not adequately protect that data, could face stiff fines, in addition to losing the trust of their customers.

So, how do these attacks present themselves? Recent studies implicate employees as the “weakest link” in the cybersecurity chain due to a lack of cybersecurity best practices and training. Implementing safeguards and providing employee training is imperative to the cybersecurity health of your business.

Now, let’s identify the top 5 cybersecurity threats to the cannabis industry and some valuable tips for protecting against these criminal hacks:

PhishingPhishing is a form of cyber-attack, typically disguised as an official email from a trustworthy entity, attempting to dupe the recipient into revealing confidential information or downloading malware. Don’t take the bait! 91 percent of cyber-attacks start as phishing scams, with most of these lures being cast through fraudulent emails.

  • Tips: Do not download attachments from unknown senders!
  • Never share personal information (login and passwords, social security numbers, payment card information, etc.) over email.

Password ManagementPassword complexity is key to protecting against cyber breaches. When it comes to data hacking, 81 percent of breaches are caused by stolen or weak passwords. With a password often being the only barrier between you and a data breach, creating a complex password will dramatically decrease those password-sniffers from obtaining your sensitive information.

  • Tips: Create passwords that are at least 12 characters in length – include letters, numbers and symbols (*$%^!), and never use a default password. This will fend off brute-force attacks.
  • Change passwords every six months to a year, keeping them complicated and protected. For IT Managers, make using a password manager mandatory for all employees. (Pro-tip: LastPass is free).Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.

Public Wi-FiBeing able to connect in public spaces, while a modern marvel of convenience, leaves us wide open to cyber-attacks. Whether you are in an airport or café, always err on the side of caution.

  • Tips: Be cautious with network selection as hackers set up free Wi-Fi networks that appear to be associated with an institution.
  • Browse in a “private” or “incognito” window to avoid saving information. If you have a VPN, use it. If not, then do not handle any sensitive data.

BYOD: Beware of Bad Apps: Using personal devices for work has become the norm. In fact, approximately 74 percent of businesses have bring-your-own-device (BYOD) policies or plans to adopt in the future.

With these platforms providing greater access to mobile apps, comes greater responsibility on the part of the end user.

  • Tips: Password protect devices that will be used for work (and, any device in general).
  • Only download applications from a trusted, authorized app store. Do not use untrusted play apps.
  • Mobile device protection is recommended for any device being used on a business network.

Whether it is an app from an unauthorized website or a lost/stolen device that was not password protected, cyber criminals do not need much to compromise critical data.Avoid logging into a SaaS application on a public computer or public Wi-Fi network.

SaaS Selectively: Keep Sensitive Data Safe: SaaS (Software As A Service) are cloud-based software solutions and chances are you are using one of these SaaS solutions for work purposes. IT is typically responsible for implementing security controls for SaaS applications, but ultimate responsibility falls on IT and the end user jointly. Here is what you can do to help keep these solutions safe:

  • Tips: Avoid logging into a SaaS application on a public computer or public Wi-Fi network.
  • Never share your SaaS login credentials with unauthorized persons over digital format or in person. Lastly, if you need to step away, always lock your screen during an active session.

While these tips will help keep your consumer/patient data from falling into the wrong hands, always have a plan B- backup plan! Your plan B must incorporate saving important data to a backup drive daily. Most likely, there is already a backup protocol in place for your mission-critical work data; however, for sanity’s sake, back up your BYOD devices as well.

California Manufacturing Regulations: What You Need To Know

By Aaron G. Biros
No Comments

In late November, California released their proposed emergency regulations for the cannabis industry, ahead of the full 2018 medical and adult use legalization for the state. We highlighted some of the key takeaways from the California Bureau of Cannabis Control’s regulations for the entire industry earlier. Now, we are going to take a look at the California Department of Public Health (CDPH) cannabis manufacturing regulations.

According to the summary published by the CDPH, business can have an A-type license (for products sold on the adult use market) and an M-type license (products sold on the medical market). The four license types in extraction are as follows:

  • Type 7: Extraction using volatile solvents (butane, hexane, pentane)
  • Type 6: Extraction using a non-volatile solvent or mechanical method
    (food-grade butter, oil, water, ethanol, or carbon dioxide)
  • Type N: Infusions (using pre-extracted oils to create edibles, beverages,
  • capsules, vape cartridges, tinctures or topicals)
  • Type P: Packaging and labeling only

As we discussed in out initial breakdown of the overall rules, California’s dual licensing system means applicants must get local approval before getting a state license to operate.

The rules dictate a close-loop system certified by a California-licensed engineer when using carbon dioxide or a volatile solvent in extraction. They require 99% purity for hydrocarbon solvents. Local fire code officials must certify all extraction facilities.

In the realm of edibles, much like the rule that Colorado recently implemented, infused products cannot be shaped like a human, animal, insect, or fruit. No more than 10mg of THC per serving and 100mg of THC per package is allowed in infused products, with the exception of tinctures, capsules or topicals that are limited to 1,000 mg of THC for the adult use market and 2,000 mg in the medical market. This is a rule very similar to what we have seen Washington, Oregon and Colorado implement.

On a somewhat interesting note, no cannabis infused products can contain nicotine, caffeine or alcohol. California already has brewers and winemakers using cannabis in beer and wine, so it will be interesting to see how this rule might change, if at all.

CA Universal Symbol (JPG)

The rules for packaging and labeling are indicative of a major push for product safety, disclosure and differentiating cannabis products from other foods. Packaging must be opaque, cannot resemble other foods packaged, not attractive to children, tamper-evident, re-sealable if it has multiple servings and child-resistant. The label has to include nutrition facts, a full ingredient list and the universal symbol, demonstrating that it contains cannabis in it. “Statute requires that labels not be attractive to individuals under age 21 and include mandated warning statements and the amount of THC content,” reads the summary. Also, manufacturers cannot call their product a candy.

Foods that require refrigeration and any potentially hazardous food, like meat and seafood, cannot be used in cannabis product manufacturing. They do allow juice and dried meat and perishable ingredients like milk and eggs as long as the final product is up to standards. This will seemingly allow for baked goods to be sold, as long as they are packaged prior to distribution.

Perhaps the most interesting of the proposed rules are requiring written standard operating procedures (SOPs) and following good manufacturing practices (GMPs). Per the new rules, the state will require manufacturers to have written SOPs for waste disposal, inventory and quality control, transportation and security.

Donavan Bennett, co-founder and CEO of the Cannabis Quality Group

According to Donavan Bennett, co-founder and chief executive officer of the Cannabis Quality Group, California is taking a page from the manufacturing and life science industry by requiring SOPs. “The purpose of an SOP is straightforward: to ensure that essential job tasks are performed correctly, consistently, and in conformance with internally approved procedures,” says Bennett. “Without having robust SOPs, how can department managers ensure their employees are trained effectively? Or, how will these department managers know their harvest is consistently being grown? No matter the employee or location.” California requiring written SOPs can potentially help a large number of cannabis businesses improve their operations. “SOPs set the tempo and standard for your organization,” says Bennett. “Without effective training and continuous improvement of SOPs, operators are losing efficiency and their likelihood of having a recall is greater.”

Bennett also says GMPs, now required by the state, can help companies keep track of their sanitation and cleanliness overall. “GMPs address a wide range of production activities, including raw material, sanitation and cleanliness of the premises, and facility design,” says Bennett. “Auditing internal and supplier GMPs should be conducted to ensure any deficiencies are identified and addressed. The company is responsible for the whole process and products, even for the used and unused products which are produced by others.” Bennett recommends auditing your suppliers at least twice annually, checking their GMPs and quality of raw materials, such as cannabis flower or trim prior to extraction.

“These regulations are only the beginning,” says Bennett. “As the consumer becomes more educated on quality cannabis and as more states come online who derives a significant amount of their revenue from the manufacturing and/or life science industries (e.g. New Jersey), regulations like these will become the norm.” Bennett’s Cannabis Quality Group is a provider of cloud quality management software for the cannabis industry.

“Think about it this way: Anything you eat today or any medicine you should take today, is following set and stringent SOPs and GMPs to ensure you are safe and consuming the highest quality product. Why should the cannabis industry be any different?”