When Cannabis Technology Fails – Risks and Solutions

Top Technology Concerns Within The Cannabis Industry

Recently Metrc, has come under scrutiny following a lawsuit from a former-employee alleging that the nation’s largest seed-to-sale tracking software provider was actively involved in a conspiracy to allow for “illegal interstate” cannabis sales. Marcus Estes, who worked as an executive vice president for a year at Metrc, alleged that the company did not identify questionable activity within its data to California state regulators despite having a $40 million annual contract with the state requiring that they “flag irregularities.”

With this news, we thought this would make an opportune time to raise awareness about some of the risks cannabis businesses face when it comes to cybersecurity and what to do with technological failures.

 

1) Seed-to-Sale Compliance

What make this Metrc story newsworthy is that of all the technological elements associated with a cannabis business, perhaps none are more essential to operational readiness than the seed-to-sale system. Seed-to-sale is more often than not a requirement for cannabis licensure and is essential for documenting and tracking cannabis from its plant form to its final product form on a dispensary shelf.

Having a compliant seed-to-sale system is crucial for any reputable cannabis business. But it’s not just about selecting the right technology vendor for your needs. Operators will need to continuously monitor the systems in place. From a compliance perspective it’s always recommended to maintain constant oversight, perform regular check-ins and audits of the systems, and be an active business when it comes to relations with the seed-to-sale provider.

 

2) Cybersecurity and Hacking

In a poll from MJBiz Daily, 59% of cannabis companies said that they had not taken steps to prevent cyberattacks. Ransomware attacks are a constant in business operations these days, not just with cannabis. Recently companies and business as varied as DaVita, Kuala Lumpur International Airport, and IKEA have gone through the grueling process of dealing with malware attacks.

One of the shrewdest and easiest steps a cannabis business can do to better address the risk inherent with hacking and cybersecurity is to address the culture of such and make employees more cognizant of the risk. As observed in an NCIA blog, “Any cultural shift at an organization needs to start from the top, and that includes security. Security culture needs to be driven from the top. Adopting proper policies and procedures to properly safeguard organization networks and personnel is key. This includes regular employee training. As many as 95% of attacks are caused by human error.”

 

 

How to Handle Cannabis Technology Irregularities

There are countless irregularities which can occur in the realm of cybersecurity. But what exactly can one do to address these irregularities and bolster their own risk management strategies?

 

1) Make Technology Security Part Of Business Culture

The first, as mentioned earlier, is to make sure the cannabis business has a culture which understands the inherent risks of cybersecurity and technological failures. This involves having robust policies and procedures, training which occurs at the time of hiring new employees and annually, and offering anonymous reporting structures. Leveraging AI tools for both the training and documentation can help streamline this process immediately and long-term.

 

2) Maintain and Document Security Practices

Additionally, it’s vital to invest in cannabis security hygiene. This includes multi-step authentication, cybersecurity specific trainings and guides to address phishing or smishing, and reviewing best practices with vendors used. When such security issues arises, what should you do? When in doubt, raise concerns up the proper channels within your cannabis business. Be sure to document the irregularities thoroughly, including with timestamps. If necessary, discuss matters with legal counsel and be sure to notify the necessary state agencies too.

 

3) Utilize Partners with Proven Cannabis Security Expertise

Ultimately, the risks for cybersecurity are high for any business, but are even higher for a business such as one in cannabis which relies on technology for operational compliance and has less vendor options available than other businesses to work with. Finding the best—from vendors to employees to SOPs—is essential for good, smooth, and compliant practices.

With decades of cannabis security experience, Canna Advisors is here to help address these concerns for pre-licensed and operational cannabis businesses. Contact our team of consultants or book an hourly consultation to find out how we can help galvanize your security plan.