Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Cannabis dispensaries: Security and risk considerations for continued growth

February 7, 2020
in Internet Security
Cannabis dispensaries: Security and risk considerations for continued growth
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Israeli firm files patent for blockchain-based method to track cannabis products
The solution can be applied to mark, track, and manage the supply chain of cannabis plants and all cannabis-based products.

In the US, cannabis is fully legal (medical and recreational) in 11 states and Washington, DC. For medical use, it is legal in 33 states. This is a flourishing industry, with one study conservatively estimating it will reach $30 billion by 2025. As dispensaries set up shop, they face many of the same risks as other businesses.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

The fast-growing cannabis industry will become a prime target for cybercriminals:

  1. It’s a young yet rapidly growing industry that hasn’t fully implemented risk management or security strategy or thinks it’s too small to need one.
  2. State law requires point-of-sale systems to track every plant, product, and person associated with the production and sale of marijuana.
  3. Digitally enabled operations and sales conducted primarily online or through a mobile app for convenience must address compliance, as well as compliance with advertising restrictions.

The recent news of a data breach at point-of-sale vendor THSuite also shines a light on third-party risk management and customer privacy.

  • What happened: Researchers at vpnMentor discovered an unsecured Amazon S3 bucket owned by THSuite.
  • Where did this data come from: 85,000 files of sensitive data from various marijuana dispensaries around the US and their customers, including personally identifiable information (PII) for over 30,000 individuals.
  • What data was exposed: Scanned government and employee IDs, full names of patients and staff members, dates of birth, phone numbers, physical addresses, email addresses, medical ID numbers, cannabis used, price, quantity, and receipts. For some dispensaries, this also included information like product lists, taxes paid, sales, returns, and discounts.
  • What makes it a target: Mostly small businesses, little or no cybersecurity protection, and a trove of payment card industry (PCI) PII. For those handling medical transactions, protected health information (PHI).

Third-Party Risk

THSuite is not the first vendor in this industry to experience issues. MJ Freeway, a “seed-to-sale” tracking and business software for the legal cannabis industry, experienced a data breach exposing customer data in 2016, an attack involving theft of source code in mid-2017, and another cyberattack that disrupted operations in late 2017. MJ Freeway is a third-party POS system provider for many dispensaries. The 2017 cyberattack disrupted service for many of its customers, causing a ripple effect across the legal marijuana industry and sending profits up in smoke.

Third-party relationships such as vendors, service providers, suppliers, and, in this case, growers are critical for business growth and innovation. For the cannabis industry, third-party technologies connect growers with dispensaries and help dispensaries better service customers and more efficiently comply with rigorous state regulations. However, companies should remember that they are fully accountable and responsible for any negative consequences that may result from third-party relationships. Whether it’s an outage, a breach, a ransomware attack, or any number of other incidents, your customers will blame you when things go wrong.

Regulatory risk

Cannabis has become a viable medical product for treating conditions such as Parkinson’s disease, cancer, arthritis, and neurological disorders. Dispensaries that distribute medical marijuana to treat illnesses are considered healthcare providers under HIPAA. The Department of Health and Human Services, the agency that enforces HIPAA, takes the position that a medical marijuana dispensary may be a healthcare provider because a medical “prescription” is necessary to obtain “treatment.” By this application, the patient medical data exposed in the THSuite breach could be subject to HIPAA violations, which can result in hefty financial penalties; in recent years, HIPAA settlements have reached the multimillion-dollar range.

Financial and investment risk

Dispensaries that operate as cash-only carry risks, too. They are a target for theft and require greater investment in physical security measures and added labor costs to manage and oversee this type of business. But regardless of whether a dispensary is cash-only or relies on a cannabis POS vendor to process payments, the current asymmetry between US federal and individual state laws is an additional complication. You can legally sell cannabis but cannot move the money electronically, so traditional financial institutions won’t touch these transactions.

Wall Street is getting high on cannabis investment. For institutional investors, private equity, and venture capital firms, the cannabis industry offers tremendous growth potential. However, failure to implement privacy, security, and risk management best practices will be costly and could impact future legislation.

Reputational and privacy risk

Whether it’s your business that experiences a security incident or breach directly or whether it’s a third-party partner that does, the reputational risk is there — for you. Customers may go to competitors if they don’t trust you to protect their privacy, especially in states where there is choice and competition, such as California. Dispensaries in states where legalization is relatively new aren’t immune to reputational risks either, whether that’s the result of an IT outage, overly long lines, or running out of stock and being unable to handle demand.

Also, a data breach is one thing; mishandling consumer data is another. This is a privacy risk and a breach of trust. If you collect customer data for the purpose of marketing to them, do you have their consent to do this? Consider how you inform customers about their privacy rights, what data you collect, and why. How you protect data and your approach to privacy is a differentiator for business today.

Join Forrester’s complimentary webinar to hear how IT leaders can transform their organizations with a customer-first mindset while their competitors play wait-and-see this year.

This post was written by Analyst Alla Valente and Principal Analyst Heidi Shey, and it originally appeared here. 

Credit: Zdnet

Previous Post

Neogen partners with Ripe.io to assess blockchain for food safety and animal genomics

Next Post

Conversational Bots: Delivering Leads and Conversions

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Conversational Bots: Delivering Leads and Conversions

Conversational Bots: Delivering Leads and Conversions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The Bayesian vs frequentist approaches: implications for machine learning – Part two
Data Science

The Bayesian vs frequentist approaches: implications for machine learning – Part two

March 1, 2021
Google’s deep learning finds a critical path in AI chips
Machine Learning

Google’s deep learning finds a critical path in AI chips

March 1, 2021
9 Tips to Effectively Manage and Analyze Big Data in eLearning
Data Science

9 Tips to Effectively Manage and Analyze Big Data in eLearning

March 1, 2021
Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ
Machine Learning

Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ

March 1, 2021
The Future of AI in Insurance
Data Science

The Future of AI in Insurance

March 1, 2021
Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The Bayesian vs frequentist approaches: implications for machine learning – Part two March 1, 2021
  • Google’s deep learning finds a critical path in AI chips March 1, 2021
  • 9 Tips to Effectively Manage and Analyze Big Data in eLearning March 1, 2021
  • Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates