Securing Your Physical Business
What are some security terms we should know?
If I can follow a legitimate worker in or out of a building, I can access its infrastructure with ease. The same can be done digitally by “piggybacking” malware onto legitimate packets.
A mantrap is anything that that can lock a person into one place. The minute you’re past one door, you can’t get through the next. It’s like an airlock, minus the vacuum.
First Shooter Response
You need to teach employees the basics:
- How do they respond if somebody walks into the facility with a weapon?
- How do they react in a shooter situation?
- What is the emergency response if there is a problem?
A red team event is when you hire somebody from outside your company to test your system’s limits. They shake the figurative cage and find your vulnerabilities.
What about security robots?
The cannabis industry practically mandates at least one security guard for every facility. Any cannabusiness will see their overhead increase as a result. However, a robot can patrol 24/7 and only has an initial cost. It will diligently patrol without any distractions. Sharp Electronics has a pretty fantastic robot for this purpose.
How do you detect weapons?
Modern metal detectors can be embedded inside of a wall or door jam. You don’t want threats to know that you know about a weapon. You can quietly dial for help before an incident occurs.
Securing Your Cyber Business
How do you defend your business?
A company called DarkTrace uses a heuristic method to detect intrusions. The first week DarkTrace is active, it learns the behavior of your business and employees. By the second week, it is protecting your systems from anomalies.
How do you train employees for cyber threats?
A company called KnowBe4 has a training simulator for phishing and hacking attempts. It sends out unscripted messages to trick employees, with a strange-looking link. It trains employees to recognize when something doesn’t look right.
What’s the goal of phishing?
The majority of attackers are looking for credit card(s) to get a dollar or two. If you ever notice your credit card is getting charged random, small amounts of less than $15, somebody phished you.
How do you prepare for something going wrong?
You build redundancies. They need to be implemented prior to a major event by your IT personnel. Be proactive about implementing redundancies for your systems.
What are some other considerations when it comes to cyber security?
Look at the Whole System
I was recently at a big grow site. They had their entire system on an open WiFi network: computers, sensors, controllers, etc. A saboteur could shut it all down, kill their harvest, and listen while they cried.
Know Your Risks
Each kind of business has different needs:
- Dispensaries are targets for thieves and robbers. Physical security is essential.
- Deliveries have to worry about robbery during their deliveries.
- Online ordering is becoming a big deal and customer information must be protected.
- Any online business needs to prioritize cybersecurity. It would be catastrophic if somebody knew customer information and order history.
If somebody has access to your phone, they might be able to access other systems. Avoid free WiFi networks for this reason. Alternatively, make or use a VPN.
Questions from the Community
Are there risks unique to the cannabis industry?
The system is vulnerable to robbery and theft. It deals primarily in cash, which is a risk. Additionally, the products are worth thousands of dollars and are often shipped with minimal protections.
What are differences in security based on operation size?
Believe it or not, a large facility may not have a lot of money, especially early on. It’s about “hardening” or fortifying a location. If you want to harden a location, what’s your security budget? That determines what you can do.
How has legalization affected security?
Legalization has been really positive for security. It has forced communities to recognize and acknowledge that they were putting people in harm’s way.
However, there is one concern with legalization that doesn’t get mentioned. If you hire a security company to remotely monitor you from another state, make sure that it is legal for them to do so, or you could both be in trouble.