Cannabis Security: 9 Pro Tips to Protect a Growing Industry

Cannabis Security: 9 Pro Tips to Protect a Growing Industry


This is Part 1 in a two-part series covering the Security Industry Association’s (SIA) recently held Vertical Insights Symposium on Cannabis Security. Part 1 will explore how security managers can protect cannabis establishments, and Part 2 will examine how security professionals can use best practices when working with such establishments.

In the past, robbers used to target banks if they wanted large sums of cash quickly, but with many states legalizing cannabis, cannabis retail stores have become easy targets. This is because marijuana is still illegal per federal law, meaning those businesses are very cash-reliant because they aren’t able to accept credit cards—and many experts believe the federal government will not make marijuana legal anytime soon. Meanwhile, legal sales at the state level are expected to total $33 billion this year.

As a result, security is a top priority.

Here are 9 ways security managers can protect cannabis establishments, with professional insights offered during SIA’s recent symposium:

1. Training

Security managers should ensure their staff is properly trained, via virtual exercises and drills, to provide adequate security to cannabis establishments, including knowledge of applicable state laws.

They should also know how to respond to a variety of incidents such as:

  • Active shooters, or those attempting to kill people in a confined space;
  • Burglaries, or theft involving unlawful entry, usually when a business is closed; and
  • Robberies, or theft with force or threat of force when a business is open.

Additionally, in some states, some employee training is state-mandated for all employees and focuses on both security aspects and de-escalating situations.

2. Video Surveillance and Lighting

Furthermore, security professionals should ensure their cannabis facility has a high-quality 24/7 video surveillance system to protect products, assets, and people. State laws dictate the type of surveillance that is required, along with how long footage should be archived. Often, indoor and outdoor surveillance is required, and it is also a good deterrent of employee theft.

Proper perimeter lighting is also recommended, if not required.

Advanced technologies security professionals should consider include:

  • 360-degree cameras, which are used to cover large areas;
  • Focal cameras, which are best in point-of-sale areas;
  • Video analytics, which pick up suspicious activities such as vehicles driving into a closed facility’s parking lot;
  • Cloud, or the ability to store surveillance footage remotely;
  • Remote access whereby one operator can check multiple sites;
  • Talk-down ability, or the ability to talk down to intruders, identifying their description and telling them to leave or police will be contacted;
  • Redundant servers, or backup drives available in case one stops working; and
  • Advanced GPS tracking for cash and high-priced cannabis products.

John Cohen, the agent in charge of the Marijuana Enforcement Division for the Colorado Division of Revenue, says Colorado sees fewer criminal behavior issues with businesses that incorporate the latest video security technologies. Fines can be levied, and licenses could be suspended for a lack of proper surveillance.

3. Security Guards

Security managers can decide to have armed or unarmed security guards protecting the entryway based on state law during the business’s busiest times. Some hire off-duty police officers.

Security guards can help with conflicts between customers, medical issues, and slip and fall incidents and can help de-escalate other tense situations. 

Justin Wilmas, president of Netwatch North America, says it’s more important for cannabis businesses to have on-site security than regular retail. “It is a very big target so the security concerns, security risks, are much, much greater.”

4. Quality Control

Security professionals should work with cannabis facilities in following applicable state laws to ensure the quality of products. “Legal marijuana is tracked, taxed, and tested,” Cohen notes, adding that if someone does get sick, it can be traced to the cultivation and batch to put a hold on it.

Facilities should follow state law as they test for:

  • Pesticides
  • Microbials
  • Mold
  • Mildew
  • Metals

5. Underage Compliance

Security professionals need to ensure that access to the retail floor is limited to those who meet the minimum age set under state regulations. According to the Insurance Institute for Highway Safety, some states have no minimum age for medical marijuana, while the minimum age for recreational marijuana is 21 for all states that allow it. 

Some states require staff to verify identification at the door and at the point of sale, as well as conduct undercover sting operations to ensure compliance. Although most businesses have ID-checking devices, facilities near colleges can have issues with underage students trying to sneak in.  

“The legal marijuana industry has similar security challenges like the pharmaceutical industry, the tobacco industry, and the alcohol industry,” Cohen says.

6. Locks

Security professionals should ensure the business has proper locking mechanisms. Retail businesses may require customers to be buzzed in, and cultivation areas are often required to have certain types of fencing.

Additionally, states may have requirements for certain types of electronic or keypad access locks, requiring access control recordkeeping.

“Businesses that had trident-type doors with multipoint locking systems weren’t affected by the burglaries as much as the businesses that didn’t have the latest and greatest security for front doors and back doors,” Cohen adds regarding his experience in Colorado, which was one of the first states to legalize recreational marijuana.  

7. Securing Product

Security managers should work with cannabis facility management to ensure it is locked in a vault when the business is closed, thus treating the product as a jewelry store would treat its finest jewelry.

While locks might stop some from gaining access, Cohen warns, “the robberies we had were pretty dynamic with weapons, but they are very quick.”

8. Fraud

Security professionals should be on the lookout for scammers, some of whom will impersonate businesses selling legal marijuana and use fake websites. Others will pretend to be owners of cannabis businesses, many of whom are not actively involved in their businesses, tricking managers and employees to give them cannabis or money from a safe. “This scam has cost the industry hundreds of thousands of dollars,” Cohen says, adding that Colorado has focused on educating cannabis facilities about scams.  

9. Cyber-Risk and Data Privacy

Like any other business, cannabis businesses are susceptible to cyberattacks, which are just as serious as physical security concerns. However, attackers who provide proof that customers have purchased medical marijuana could damage their reputations. A ransomware attack could also make a company’s computer systems inoperable unless the cannabis business pays a fee. 

Attorney Michael Sampson, partner of the Leech Tishman law firm, says cannabis businesses should work with security professionals to protect data privacy and provide cybersecurity by having the following:

  • Written information security policy—procedures on ensuring confidential data is protected and who is protecting it;
  • Internal privacy program—information a company collects on individuals and how it is used;
  • Website privacy notice and terms and conditions—information collected on websites regarding customers and how it is used;
  • Multifactor authentication—provides additional security on websites and requires users to prove something they have, something they are, and something they know;
  • Oral confirmation of wire transfer instructions—provides additional security from scammers who might convince a manager they are the owners of the business;
  • Training—ensures employees are properly taught company procedures;
  • Penetration testing—creates simulated cyberattacks to show vulnerabilities that need to be fixed; and
  • Cyber-insurance—covers business liability for a data breach, including sensitive customer information.

When it comes to training, video surveillance, lighting, security guards, quality control, underage compliance, locks, securing product, and fraud, security professionals should consult their local state government for applicable regulations.

Stay tuned for Part 2 of this article series on Wednesday, Aug. 10.



Source link

admin

Leave a Reply

Your email address will not be published. Required fields are marked *