Cannabis Retail Data Security

Cannabis retail data security is critical for the smooth day to day operations of a cannabis store. Losing client data can cripple customer verification systems. Not only does losing data throw a wrench into daily operations, it also lowers client trust. Nobody likes having their personal information and government ID’s leaked onto the internet.

Securing data prevents situations like the MJFreeway hack in early 2017 linked here (and the more recent hack linked here). In this technological world, business owners need to be up to speed with dispensary data security. The days of pen and paper are over.

Simple steps cannabis retailers can take to make sure their data is safe.

1. Take regular offline backups of dispensary data

A dispensary’s POS or inventory management solution needs to allow them to make automatic offline data backups on a regular schedule. Backups can reset dispensary data to a previous save point and minimize losses. This ensures that data losses are recoverable, avoiding catastrophic failures that prevent day to day operations.

2. Set dispensary data security roles for staff to limit access to sensitive data

Budtenders shouldn’t have access to company-wide reports. Discounts and sales history editing must not be available to everyone. Ensure that proper permissions are setup to prevent untrained employees messing with critical store data. A cannabis retail POS or management software provider should always have security rules and locks in place for you to manage employee permissions.

3. Always be up to date with POS software providers and know what security measures they take

Take the time and ask your POS provider these important questions:

  • How does your POS provider store dispensary data? Find out if they host servers themselves or if they use services provided by another company. Typically, POS companies that host their own servers are more prone to hacks if they are not well educated in the latest data security measures. If hosting is provided by multi-billion dollar corporations like Amazon, your data is generally safer.
    • What are their in-house security protocols like? No matter how robust and impenetrable a system can be, it still cannot prevent someone from looking over your shoulder and stealing your passwords.
    • Does your POS provider have measures in place to prevent employees from working in insecure networks?
    • Are they accessing your store data while in line at Starbucks?

Ask and learn how and when your POS provider accesses your dataIt is an immediate red flag if they cannot answer your questions.

Learn more about Greenline’s stance on data security here.

Greenline does not monetize customer sales data and can help you keep your data secure while managing sales and inventory effectively. If you are interested in learning more, you can schedule a Greenline demo.

Dispensary Internal Security with Event Logs

However, recording and tracking every action in your store creates a vastly unmanageable list. The key to a great event logging system for dispensary internal security is readability.

In summary, proper event logs should track all of the following:

  • What type of item was moved (tracking is not limited to products and can include cash movements and shift start/end)
  • Type of action performed (know if an action is a sale, transfer, update, purchase, or loss)
  • Time stamps for every action (see exactly when actions are performed to the second)
  • Employee tags for every action (understand who is accountable for that action)
  • Locational tags for all product movements (know where product is bought, sold, and transferred from)
  • Can assign additional notes to actions (for increased detail on why an action is performed)
  • Ability to filter by locations, employees, and products. (be able to find what you want when you want it)

Not only is event log tracking critical for smooth dispensary operations, it is also necessary for future compliance. it’s best to track absolutely everything if you feel any uncertainty about what compliance reporting requirements will be.

Be prepared to provide your cannabis governing agency any data they may demand of you. Diligent dispensary owners would get started with event logging as soon as possible. Having robust historical records will save you the pain of scouring excel files and manually creating reports.

A proper POS should be able to provide excellent dispensary internal security with event logs automatically.