With the legal cannabis industry expected to grow to over $20 billion by 2020, this fast growing industry is gaining attention amongst investors and companies looking to ride the wacky tobacky wave.
However, the industry faces a lot of challenges, too. The industry has to deal mostly in cash as the conflict between federal and state laws makes it difficult for those businesses to get business bank accounts. The rules and regulations imposed by local and state governments change with great frequency and requires the industry to be adaptive in how they deal with regulations and required licenses or permits.
But, one real area of concern for both the industry and cannabis consumers alike is data privacy and cybersecurity. As the revenue and customer numbers for dispensaries and growers start going sky high, the potential cybersecurity breaches have been on the rise, too. This is a huge issue for this particular customer base that values their privacy more than most.
As the industry matures, cannabis-centric companies need to be certain that they are following security best practices to keep their data secure and out of the reach of hackers who might be eager to expose customer data, or hold their systems ransom. If attacked, the risk is real and that totally blows for businessmen that would rather be dankrupt than bankrupt.
The reality, however is that the industry doesn’t need to start from scratch when devising its cybersecurity best practices. Those companies that are running their systems in the Cloud, like Amazon Web Services (AWS) or Microsoft Azure, need to take steps to secure their data and systems even though the cloud itself is very secure. Mainstream businesses have the advantage of specific frameworks that set the best practices for security and privacy — like HIPAA, PCI, or NIST 880-53.
While the cannabis industry hasn’t advanced that far to have set specific compliance standards, I could imagine what they could be called:
- TOKE – Total Oversight of Key Environments
- PUFFS – Persistent Unified Framework For Security
- POT – Preventing Ongoing Threats
Until the powers-that-be work on compliance frameworks specific to the cannabis industry, following the guidelines set by CIS, PCI DSS or NIST 800-53 can set organizations on the right path to ensure they are following security and privacy best practices.
If you need help getting started, we’ve got lots of security pros here who will be glad to light you up.