As the digital age grows, so should your cyber security
The cannabis business is lucrative, and there are a lot of really smart people who know their way around any technological system and have chosen to attack the cannabis industry through cyberhacking.
We have had to report on some pretty serious cyberhacking situations within the cannabis industry as of recent months, causing cause for concern.
Last year, MJ Freeway was subjected to an attack that caused too many weeks of server outage, and earlier this month, a breach was reported on transportation and delivery information that again made us need to reiterate the need for cybersecurity.
Here are some tips for cannabis dispensaries that are looking to up the ante on their cybersecurity and ensure they’re proactively securing their customer and most important operational data within compliance regulations and beyond.
Ensure the Security of Your POS System
MJ Freeway is a good example of how cyberhackers could shut down the most vulnerable part of a cannabis retail system, but it also prompted the industry to recognize how cyberhackers work.
With the rise of holding data for ransom through Ransomware, and the ability for hackers to get into systems to change prices through POS, these systems that are designed to help cannabis dispensaries need to be airtight.
Have a security brush up with your POS provider, or check in with them to understand the levels of security they have undertaken to protect your data, their servers, and the privacy of your patients.
Health Insurance Portability and Accountability Act (HIPAA)
Medical cannabis information is technically subject to the regulations of the Health Insurance Portability and Accountability Act (HIPAA) which is intended to maintain security of protected health information. Medical cannabis dispensaries need to be able to demonstrate HIPAA compliance for any patient information they take in as a result of patients obtaining a medical cannabis card.
It’s a good idea to also check into your dispensary POS or ERP software to ensure they maintain standards for HIPAA compliance. Also ensure that when you are collecting information from your customers, that it’s on a need to know basis, and you’re not collecting more data on your patient than is required unless by consent.
Grow Operation Security
Cannabis dispensaries that have vertically expanded to grow their own cannabis shouldn’t be naïve when protecting their grow operations, and those aspects controlled by networks from hackers.
A few years ago, Target’s POS system was breached through it’s HVAC system, which is the store’s heating and cooling system. Through the network they penetrated, they gained access to the store’s POS system and customer information. This proved to the cyber world that nothing is impossible with a hacker’s skill.
The danger of being able to gain access into an HVAC system through a network is that competitors can hire hackers to change heating and cooling in their target’s operations so to destroy crop or complicate the growing cycle.
You can never be too careful to leave gaps in your information.
Ensure Security Across the Board
Integration of platforms is an important thing to be aware of in protecting your cybersecurity. Many dispensaries will choose POS systems as well as Business Management or ERP systems based on their specific needs. The systems available are vast, but not all systems provide high levels of cybersecurity. When integrated with other systems, cybersecurity could weaken if the integrated platforms have not mutually taken efforts to protect cybersecurity.
When integrating POS systems with ERP or other systems designed to help your dispensary’s operations, ensure that all bases are covered and there are no gaps in the integration process that could leave your dispensary’s information vulnerable.
Provide Information on an As-Needed Basis
It’s excellent to use data to empower your employees and budtenders. They can use sales records to see where they excel and align their strategies with their highest levels of performance so to confirm what’s working in their approach with your customer.
Providing data can be empowering, but when using a POS system, use passwords and other protections to ensure that employees are only accessing information that is pertinent to their role and performance.
Put barriers on who accesses what so to ensure you’re not leaving sensitive and confidential information open to curious eyes.
You Can’t Be Too Careful
As an added tip, we’ve been told for decades now to change our passwords regularly. This is a simple, but easy tip to ensuring that your POS or ERP or other systems that are connected to your operations don’t get accessed through the wrong keyboard.
Stay up to date with your cyber security and make it a priority. Take some time with your partners and upper management to do a check on your cybersecurity on a monthly basis to ensure you’re not leaving yourself open to potential attacks. Go the extra mile by hiring a security company that is focused on protecting the security and information of the specific industry.
It’s better to be overcautious and take too many steps to protect your safety than to be complacent and find yourself in a situation like MJ Freeway. These cases prove you can’t be too careful, and even the biggest giants of the cannabis businesses aren’t immune to the skills, talents, and dark motives of cannabis cyberhackers.