Why Now is The Time for Cannabis Companies to Beef Up Their Data Protection

    The current pandemic increases vulnerability in an area where cannabis companies were already vulnerable: protecting their data. 2019 and even the start of 2020 brought about several high-profile data breaches that caught the industry off guard and exposed its data vulnerabilities. This shows the need for IT firms like and what help they can provide for those businesses in need.

    Why now is the time for cannabis companies to beef up their data protection 1

    The current situation: 

    The COVID-19 global pandemic is unprecedented. The toll on human suffering is alarming, and governments across the globe are scrambling to find solutions to mitigate this public health crisis. 

    The global economy has taken a considerable beating, and no industry is immune to the wrath of this pandemic. 

    The cannabis industry, still in its infancy, is especially at risk during these turbulent times, though for reasons not talked about in the media. 

    Despite cannabis being deemed an ‘essential business’ and be able to keep doors open during COVID-19, the industry had still been recovering from an under-whelming 2019, hit hard by over-regulation, high taxes, and the vape crisis. Consequently, companies across the U.S. and cannabis-like Med Men and most recently, Acrridge Holdings have had massive layoffs and are cuttings costs at every corner. 

    In addition to the challenges above, a silent threat that should keep CEOs and company leaders awake at night should be the threat of data breaches. 

    Why does this matter now more than ever? 

    Why now is the time for cannabis companies to beef up their data protection 3

    In the hierarchy of needs, cannabis is fishing to survive and thrive. Like every company right now, cannabis companies are turning to online tools like Zoom meetings, more reliance on cloud-based software, and other online tools to keep them connected and productive. 

    As the transition to turn brick and motor operations to digital, work-from-home environments takes fold, executives should pay very close attention.

    Increases in recent digitization of operations expose a company’s data vulnerabilities, exponentially. To see just how deep these vulnerabilities might go, I recently met with a cybersecurity firm, L.A. Creative Technologies, to see what threats might be out there. 

    Their CEO, Josh Weiss, frequently consults with cannabis companies, and he too agrees that right now is the time for companies to be especially aware and prepared for cyber-attacks and data breaches. 

    To illustrate the point, Josh and his team ran a dark web search of roughly 50 cannabis companies to identify whose information is out there and what companies are most vulnerable. 

    The dark web is not indexed by google and requires special software to access named “Tor.” Once accessed, users can conceal their identity to find anything from private consumer data, to illegal items like mail-order drugs, and even humans that are exploited for human trafficking. 

    The dark web is the darker side of humanity. 

    In their scan 50 cannabis companies, the Creative Technology team discovered several companies whose private company data was on the dark web. One company that will remain anonymous had 132 company emails and employee passwords available on the dark Internet. 

    Why now is the time for cannabis companies to beef up their data protection 5

    Another company, a prominent cannabis media company, had 22 different emails and employee passwords visible on the dark web. I contacted one of the partners of this company and brought this to his attention. His response was that of gratitude, but concern. 

    He stated that they are very concerned with this finding and would be getting their technology team to start evaluating the situation right away. He is “very very concerned” of the implications this could have on his business. 

    So what’s the worst that can happen if your employee’s email and passwords available on the dark web? 

    According to Josh,” there are a few different ways this can play out. The most damaging is when an actual username and password are available in the results – when this is the case, you’ll see this combo tried on the site that got breached (for example Yahoo Email) and besides the combo will be added to an extensive database of username and password combos to try on sites throughout the Internet – since most people reuse passwords everywhere. And even if the password is not available, the username will now be added to spam lists, and an increase in attempts to hack into that username will increase across all sites.”

    Potential Solutions Moving Forward 

    The global pandemic doesn’t seem to be subsiding anytime soon. Thus, cannabis companies will continue to rely on digital operations, keeping data protection, and cyber safety a top priority. 

    This might be the best time for companies to assess their data vulnerabilities and implement safeguards to keep them protected. Awareness is key!

    Simple steps can also be taken in advance of long-term strategic planning. Enforcing two-factor authentication for all cloud accounts is one step in the right direction. 

    Creating backups of all relevant data and developing a disaster recovery plan are also effective solutions in the event of a ransomware attack.

    In the end, there is no better time than the present for cannabis companies to safeguard their digital assets and protect themselves from cyber-attacks. 

    Oddly, this current quarantine situation might have been just what the infant cannabis industry needed to mature its data protection. 


    By signing up, you agree to the Terms of Use and Privacy Policy & to receive electronic communications from NUGL, which may include marketing promotions, advertisements and sponsored content.