In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.
Cybersecurity
ASTM Introduces Retail Cybersecurity Standard
ASTM International, the international standards development organization, has proposed a cannabis standard for establishing retail cybersecurity protocols. Their D37 cannabis committee is currently working on the development of the standard. The standard will be critical in establishing best practices for protecting databases in dispensaries, like inventory data, customer and patient information. The guide, currently being developed by subcommittee D37.05, addresses “the company or government organizational need to mitigate the likelihood of cyberattacks and reduce the extent of potential cyberattacks, which can leave sensitive personal data, corporate information, and critical infrastructure vulnerable to attackers,” reads the scope of the project.
Breach Ruling Shows Importance of Legal Advice Early After Cyber Incident
Companies that think they may have suffered a data security incident should consider involving their legal advisers as early as possible in the response and investigation process to avoid suffering the same fate as Rutter’s convenience stores, which was ordered to turn over a data breach report to opposing lawyers. The decision came with a July 22 ruling by U.S. Magistrate Judge Karoline Mehalchick, who said the report – authored by consultancy firm Kroll Cyber Security, LLC – could not be shielded from discovery, as Rutter’s attempts to fend off a lawsuit filed by customers who were financially affected by the 2018-19 breach. How that ruling impacts the ultimate outcome of the lawsuit remains to be seen, but legal experts point to lessons for companies on how to approach incident response, even before they’ve confirmed that an incident has even occurred.
Physical Security
Close to $30k Worth of Marijuana Concentrates Stolen from Colorado Springs Dispensary
Nearly $30,000 worth of marijuana concentrate was stolen from a Colorado dispensary around 4 a.m. Monday. Two suspects were able to force their way into the Daborado Dispensary near Mountain Shadows Park using a metal pry bar that was left behind at the scene. A surveillance video captured the two suspects. “The whole thing didn’t seem very professional, they were pretty scattered because it took them so long to get the door open. But it seemed like they were familiar with the floor plan. They were able to target the most expensive, top-quality concentrate,” said dispensary manager Marissa Fonseca.
The fact that the thieves seemed to know the floor plan so well indicates they had done some level of reconnaissance in the past. While there can be a fine line between a potential robber scoping out a floor plan, and a new shopper exploring different products, it is key that employees remain vigilant in order to identify suspicious activity. The Cybersecurity & Infrastructure Security Agency (CISA) promotes the OHNO approach – Observe, Initiate a Hello, Navigate the Risk, and Obtain Help – helps employees observe and evaluate suspicious behaviors, and empowers them to mitigate potential risk, and obtain help when necessary. This can be a valuable resource when putting together an employee training program focused on employee vigilance.
Natural Threats
Retailers Face Tough Decision on Requiring Masks Again
Retailers are considering reimposing facial coverings for customers following new guidance from the Centers for Disease Control and Prevention (CDC), setting the stage for a return to the mask wars that defined much of the pandemic until just a couple of months ago. Most nationwide chains previously crafted their mask rules around the CDC’s guidance, but many of those same companies were quiet on the subject Wednesday, a day after the CDC announced its updated guidance. However, industry groups indicated that mask mandates could very well return. Retail Industry Leaders Association President Brian Dodge said in a statement that “masks may be necessary again in some circumstances” as CDC guidance evolves and the delta variant spreads. While this piece focuses on retail, the entire sector can expect to experience these challenges, from hotels to stadiums, fairs to convention centers, leaders will have to make decisions as CDC, state and local guidance continues to change. Masks remained a point of contention throughout the pandemic until regulations were eased within the past several months, and a perceived step back in regards to personal freedoms will not be taken lightly in some communities. As we’ve observed a number of mask protocol incidents throughout the pandemic, changing policies will continue to be challenged by some, leading to potential escalation or social media antics. As organizational procedures change, providing clear guidance to employees on both policy and how to respond to escalation will be important across the Sector.
Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!
Check out the latest blog!
Tweet