Protecting a marijuana shop or production facility is much more difficult than protecting most other businesses. Without access to the banking system, marijuana businesses are often forced to keep pot and cash under the same roof. This can attract all kinds of attention, often the type that is unwanted.
And if unwanted attention turns into an attempted robbery: whom exactly do you call? Local law enforcement is not likely to spring into action to locate your missing marijuana.
Marijuana retailers and processors have to take extreme measures to protect their assets.
For Anthony Darby, CEO of Peninsula Alternative Health in Salisbury Maryland, security was a priority from the very beginning.
“During our build-out we made security our number one capital investment,” Darby said.
The newly opened Peninsula Alternative Health operates out of a 2400 square foot building that was previously an animal shelter. The space was not exactly equipped to protect a cash-only business housing marijuana.
Darby is unwilling to take any chances. He has spent a lot of money on security cameras, shatter sensors, and “other technology to put us in the best situation in case a threat presents itself.”
While Peninsula has only just begun operating, Colorado’s Native Roots is a veteran of sorts in the industry. They are the largest chain of marijuana dispensaries with 20 locations.
“We take security and safety of our staff, facilities and products extremely seriously,” Native Roots communications manager Kim Casey told mg.
Native Roots has implemented well-planned security procedures in all of their shops. During non-business hours, they remove all of their products and flower from the sales area and place them in a secure safe. All Native Roots facilities are equipped with industrial strength locks and secure rooms. So even if someone were able to penetrate their security and gain access to one of the shops after hours, there may not be much they could do once inside.
If visitors during business hours try to steal from Native Roots, they will likely run into trouble.
“Our stores have internal and external cameras as well as locked sales areas that require a receptionist to allow access for patients and customers after a medical marijuana card and/or id is verified,” Casey said.
Canndescent, located in Desert Hot Springs, is a large-scale marijuana cultivator of flower and prerolls. It shares many of the same concerns as Native Roots and Peninsula, but does not deal directly with the public. Canndescent sells their products to dispensaries and delivery services.
While employee theft can be an issue for dispensaries, Canndescent has to prevent it in within an 11,000 square foot facility.
“We have a 30 page security manual that we follow including a live scan of all employees,” Canndescent CEO Adrian Sedlin said.
But Canndescent has not remained operational simply because of a large manual and screening employees. While Sedlin does not want to give away the intimate details of how he protects his facility, he was willing to touch on a long list of methods used to keep his business secure.
“Our current facility has 64 cameras, motion sensors, gate controls, access controls, vibration sensors, two 12-hour rated bank vault doors, man traps, and two panic rooms.”
Managing Your Data Plan
While we tend to think of security in terms of protecting assets or individuals from physical harm, data security is also critical when running a cannabis business. A customers’ personal data is extremely sensitive and can cause real trouble if made public. Not all marijuana users are comfortable going public with their habit. They still may worry about what friends, family, or an employer thinks.
But stolen personal data can also be used to open credit cards, or commit other types of fraud. In 2016, 15.4 million consumers were the victims of identity theft. When the final numbers are out, 2017 is not likely to fair any better. There were several large-scale incidents, including the massive Equifax breach, which exposed sensitive data for up to 145 million people.
Most states with marijuana dispensaries have only legalized medical marijuana. A loss of data in these shops means you could be compromising a patient’s personal medical information.
“We adhere to all HIPPA compliance regulations, and have also implemented some inter controls as well,” Darby said of Peninsula.
Should the systems go down at Peninsula, customer and patient data will still be accessible.
“All of our patient data is stored offsite with redundant backup to ensure we are good stewards of their private information.”
Canndescent does not have to store medical information for individual patients. They deal directly with dispensaries and delivery services but still have a lot of sensitive data to protect. Canndescent’s database houses the spending habits, product preferences, and other data for marijuana businesses.
“We store their information in a password-protected, cloud-hosted, CRM platform,” Sedlin said.
Like Peninsula, if Canndescent’s system goes down, they should still have access to their client data.
With 20 locations and a client base that makes up both recreational customers and medical patients, Native Roots stores personal information for thousands of patients and customers.
Although cannabis is illegal on the federal level, Native Roots is not waiting for federal authorities to reschedule before adhering to federal data privacy regulations.
“We comply with all Federal and State data privacy laws for adult-use and medicinal purchases to support patient and customer safety, regulatory compliance and safety,” Casey said, not looking to elaborate on the specific tactics used.
It Hits The Fan
Even as cannabis businesses are employing cutting-edge security tactics to deter theft, there is always the possibility that someone will be brazen enough to attempt a robbery.
Canndescent, Peninsula, and Native Roots all employ armed security guards that serve as the first line of defense if there is an attempted robbery. Both Canndescent and Peninsula employ former military guards to plan security strategy. Native Roots even has some guards protecting cultivation facilities during non-business hours in order to reduce the likelihood of an incident.
But how the rest of the staff reacts in a dangerous situation could also greatly impact how an attempted robbery plays out.
“Native Roots team members are trained to handle attempted robberies or other known crimes during business hours,” Casey said.
At Peninsula, employees also learn about how they should handle themselves should a potentially dangerous situation arise.
“We have reoccurring training, and drills based around the event of an armed robbery. We have protocols and tools in place to deter or stop and armed robbery from happening,” Darby said.
Sedlin, confirmed that there are protocols in place that his team is expected to follow for handling an attempted robbery, but declined to provide the details.
Surviving in the cannabis business is difficult under the best of circumstances. Dispensaries and producers are often saddled with higher tax rates than normal businesses. And without access to banking, raising capital is extremely difficult. If a shop is the victim of theft or is faced with a lawsuit over compromised personal data, it can be difficult to keep their doors open.