Managing Cybersecurity During Cannabis Industry Growth

How Should You Manage Cybersecurity During Cannabis Industry Growth?

As more and more states legalize cannabis for recreational and medical use, the sector continues to grow and flourish. It’s estimated that the industry value could reach as much as $30 billion in the next five years.

Like any high-value industry, the more it grows, the bigger a target it is for cybercriminals. Are you doing what’s needed to protect your cannabis business?

3 Cannabis Industry Risks To Keep On Your Radar

Third-Party Cybersecurity

According to the Ponemon Institute, 80% of businesses agree that vendor security is important. However, only 60% take action in order to verify it.

There are a number of key facts that expose the role that your vendors play in your security:

• Businesses share confidential information with an average of 583 third parties
• One-third of businesses have no vendor risk management policy in place whatsoever
• The businesses that do undertake third party risk assessments spend an average of 15,000 hours each year doing so

You can’t just hope or assume that your vendors are protecting your data – you need to find out for sure.

Case in point – POS vendor THSuite suffered a major data breach that exposed the private data of more than 85,000 customers. No matter how secure your main location is, that defense doesn’t automatically extend to the vendors you work with. As a part of your “supply chain”, vendors need to be as secure as you are.

Compliance Management

It’s important to note that this industry is a unique one, and the regulations to which it is subject make it complicated to ensure compliance.

An example is Sweet Leaf, one of the largest vertically integrated cannabis businesses in Colorado. Today they have none of the 26 municipal licenses it needed to operate, all because they weren’t compliant.

Denver marijuana regulators saw fit to revoke Sweet Leaf’s licenses after discovering that they were allowing customers to engage in “looping” – a sales scheme that lets customers purchase product many times in one day, exceeding the legal sales limit with which cannabis businesses must comply.

Sweet Leaf came to an agreement with the state regulators, having to pay $2 million in fines, sell their whatever Colorado business permits they still had, and vacate their appeal immediately.

As explored in this case, compliance in the sales process is one of your most important considerations. That can mean anything from making sure your customers don’t have the capability to “loop” their purchases, as well as simply maintaining an accurate and available record of purchases, inventory, and other data.

Physical Security

Are you aware that all dispensaries and grow facilities are required by law to have fully functional video recording and surveillance systems in place?

The following areas of your cannabis business must be monitored in order to guarantee quality in the growing process, as well as security of a controlled product:

• Offices
• Inventory
• Salesfloor
• Stock area
• Parking lot
• Grow facility
• Employee activity

How Can You Mitigate These Risks?

The best way to protect yourself is with a little expert assistance – Veo Verde.

We can put our big business cybersecurity expertise to work for you, implementing best practices, identifying vulnerabilities, and protecting you against the more common and dangerous cybercrime threats in the cannabis world.

Like this article? Check out the following blogs to learn more:

Are You Complying With The BCC Requirements For Video Surveillance?

The Journey To Legalize Recreational Cannabis In California

Cannabis & Computers: A Critical Relationship

Veo Verde

Veo Verde Technology is a division of its larger parent company Alvarez Technology Group. With 20 years of experience providing cutting-edge IT products and services to their customers in California, the administration of Alvarez Technology Group spotted a neglected market in the cannabis industry.