<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=120264438549966&amp;ev=PageView&amp;noscript=1">

Cannabis IT Security: What Every Cannabis Company Needs to Know - Guest Blog with GeekTek

For many, the Covid-19 pandemic means business has ground to a halt. For the cannabis industry, the opposite is happening.

Demand is increasing as customers find themselves stuck at home, with their medical (and recreational) needs magnified. Sales have increased more than 30 percent for some firms.

At the same time, home delivery has become the norm for our everyday essentials. For the cannabis industry, this means a massive increase in business, in particular online ordering, bringing an even greater need to ensure robust and airtight data security practices.

Cannabis companies now more than ever need to ensure they have their security framework in place and locked tight to manage the intensive growth they are experiencing.

Cannabis IT Security - Why You Shouldn’t Overlook It

One of the issues with the cannabis industry is that we tend to focus on what can seem like the ever-changing regulatory requirements, as well as other fast-moving changes in our industry. But in doing so we can neglect the everyday parts of our business that should be standard operating procedure, such as endpoint and network security.

The Costs

For the cannabis sector, a further concern is that because it’s still a nascent industry, many players simply aren’t aware of how damaging a security breach could be for their business.

In California, in particular, the California Confidentiality of Medical Information Act mandates that if those firms that operate as a medicinal cannabis provider have a security breach and patient records are exposed, the organization will be fined $1,500 per record. This can obviously destroy a business financially, making it potentially impossible to recover.

Increased Scrutiny

It’s also important to remember that as an industry, cannabis is not necessarily perceived in a favorable light by either state governments or local law enforcement, which can add to the problems you will face if a breach occurs.

All these competing factors for cannabis players need to be borne in mind when considering your security posture. If you stay focused and ahead of the curve, they won’t be factors that impact your business; but get your security wrong and fall victim to one of the endless threats vying for your data, and you risk facing a significant, and perhaps impossible, struggle back to business as usual.

Cannabis IT Security Best Practices

Players in the cannabis sector should be focusing heavily on endpoint and network security right now. These will ensure that your database security is at its highest level, protecting both your customer data and your intellectual property.

Work with your cannabis security company or IT services provider to ensure certain security measures are met as a matter of course, as while endpoint and network security are critical in any industry, in a sector like cannabis that deals extensively with patient data and intellectual properly, these elements of security cannot be left to chance.  

To ensure that you don’t fall foul to a breach that could expose these key elements of your business, there are a number of basic steps that you must have in place.

Disk Encryption

Firstly, full disk encryption should be enabled on all of the systems you're using - all your PCs, Macs, and so on. Phones typically have this built in already, and more and more PCs are also shipping with it already installed, but don’t make any assumptions - be sure that encryption is on all your current equipment.


You also need to make sure that everyone has a password. While we may only be using our devices in our homes at the moment, a password is still critical for data security in order to ensure that no one else in the house can access staff devices, especially considering they may well contain, or give access to, sensitive patient data.


Other basic essentials include at least a consumer-level antivirus and ransomware software installed on everything. There are a considerably higher number of phishing attempts happening right now around Covid-19 - in particular a lot more spearfishing than we've seen before - so having protections in place in case a staff member clicks on one of these links is critical in preventing getting an infection on a PC that could spread into the corporate network.

Network Security

Remember, your staff will currently be accessing patient data from home, with many making the assumption that their home network is secure. But in reality, is this true? The router may still be using the default password, or perhaps their WiFi doesn’t even have a password. Don’t leave these things to chance, your data security depends on it. Talk to your service provider about a comprehensive review to ensure all these potential exposure points are tightly sealed. 

Cannabis IT Security - A Key to Present and Future Success

It’s critical to understand that we are in a different reality now, with a work-from-home routine that wasn’t in place a few weeks ago and that wasn’t prepared for. Given this, now is the right moment for cannabis companies to assess their security situation and ensure that it is robust enough to handle the multiple, and unexpected, security factors we are currently facing.

The opportunity for growth in 2020 is potentially huge for the cannabis sector so don’t put that at risk by not addressing your basic security needs - needs that if lacking, could destroy your business.

Thank you to GeekTek, a Los Angeles IT services and managed services company that has worked with countless cannabis companies throughout North America to set up, secure, troubleshoot, and optimize their technology, for contributing this post. Flourish is committed to IT and data security. We are working towards ISO 2700 and SOC II certification, regularly perform penetration tests, and have full time staff dedicated to securing our infrastructure to ensure our clients are protected. 

Download Our METRC Best Practices Guide