Cybercrime is a threat to businesses in many industries, but the risks are especially acute for marijuana businesses as evidenced by a data breach of multiple cannabis retailers at the end of 2019.
The cyberattack targeted a point-of-sale software company servicing canna-businesses and affected tens of thousands of customers.
Unlike many traditional retailers, canna-businesses are obliged to collect and store customer data, including health information for medical marijuana patients. This makes them especially lucrative targets for cyberattackers looking to cash-in on people’s personal information.
Marijuana cultivators are also potential targets for cybercriminals trying to access trade secrets that might be stored in the company’s database.
To mitigate against these threats and protect your customers as well as your business, here’s four cybersecurity tips.
1. Operate on a “need to know” basis
When working with third-parties, only divulge information that is strictly necessary for the transaction or deal at hand. Proprietary information should be shared on a “need to know” basis.
This applies with regards to workers and colleagues as well. The more people that have proprietary information pertaining to your business, the more weak points there are that could invite a cyberattack.
Employees typically do not need access to customer information or the details of every sale. Only furnish your employees with the information they need to perform their job.
2. Protect your R&D
R&D into marijuana strains is increasingly competitive.
As cannabis growers learn more about the multitude of benefits afforded by varying potencies and combinations of different cannabinoids and terpenes, there’s more incentive for envious rivals to steal these “recipes” in order to gain a competitive advantage.
Marijuana growers must consider where they store their R&D and what credentials are required to access it.
As a cannabis cultivator developing novel strains and hybrids, it’s also important to evaluate your relationships with your distributors. They often need access to certain R&D information in order to be able to effectively sell your product. Make sure that you can trust them and that you don’t reveal information that could make you vulnerable to a cyberattack.
3. Understand fully how your customer information is stored
Where are scanned drivers’ licenses stored? What about paper records of sales? How are they disposed of?
You need a protected network and/or a secure storage area, preferably off-site, separate from your retail outlet or cultivation site.
4. Investigate what cyber insurance options there are for canna-businesses
Though the unique risks of operating a canna-business while marijuana remains federally illegal has made it more difficult for marijuana businesses to obtain decent insurance coverage, there are signs this is starting to improve.
Cyber insurance options for canna-businesses are now more plentiful and less expensive, though the underwriters will still likely carry out additional due diligence that traditional businesses wouldn’t face. This includes inquiring what customer information is collected, how it is stored and how it is accessed.
So make sure you have robust processes in place for each of these points when discussing your coverage with a marijuana insurance agent and you can be more certain, one way or another, that your business is protected against cybercrime.
Leave A Comment