Ohio has legalized recreational cannabis. Click HERE to learn more about cannabis business opportunities in Ohio.

Identifying Weak Spots in Your Dispensary Security

Identifying Weak Spots in your Dispensary’s Security

The state-to-state legalization of cannabis is in full swing with varying compliance laws in each state. The presence of cash, product, and the collection of patient’s information make cannabis businesses a prime target for criminals.

Dispensaries must take a more end-to-end approach to their security compared to other types of retail stores. If you are the owner of a licensed marijuana dispensary, you already utilize a multi-layered security plan that complies with the law. However, understand that compliance does not mean your dispensary is invulnerable. 

A powerful security system has several layers in place to serve as a backup, in case one of them should fail. These layers include physical security, cybersecurity, and well-trained staff.

Physical security 

Security Guards

Visible security is a deterrent to crime. Your security guards should be armed, vigilant, and located at each point-of-entry into the dispensary. The guards must understand that they are to maintain a zero-tolerance policy on any customer or employee activities that could present a perceived threat to your dispensary, staff, and other customers. While this may seem obvious, hiring inexperienced guards can be costly for your dispensary.

Safes and Vaults

Understand that a burglar can make it past the armed personnel at the doorway to gain access to cash and cannabis products. Some may even bypass the door entirely and infiltrate your store by smashing through your walls with demolition tools or picking locks. State-of-the-art vaults and safes are imperative for your dispensary’s security as a backup to armed security and secure entry points. Your vaults should be bulletproof, equipped with alarms, and entry tracking. 

Surveillance Cameras

As a dispensary owner, you can think of your security cameras as your best friend. They will always tell the truth, and you should see how they’re doing from time to time. Double-check the angles of all your cameras. Are there blind spots? If so, eliminate them. You want to have visible access to every inch of your store.

Although you have now verified that you can see the entire space, you should still actively watch the cameras. There are two reasons for this. Number one, you can monitor the interactions between customers and employees. These interactions will provide incredible insight into the flow of your and employee behavior. Number two, technology fails! Don’t wait until something happens that requires you to check the footage. If it has been months since you’ve done so, there is a possibility that a camera has failed, and you won’t have access to your valuable footage. If you are required to check the cameras for whatever reason, it probably is not a good thing; you’ll want the footage to be there. Additionally, some state laws require you to keep the footage for 45-90 days. If you haven’t been checking up on your cameras and one happens to be down, you are noncompliant with state laws and risk losing more than profit, but your license. 

While the on-site security of your dispensary is an integral part of your business’ stability, it is imperative that you also keep a close eye on your cybersecurity.  


With any business, the financial losses associated with a data breach can be devastating, more so than any product or cash theft. A 2018 study conducted by IBM and the Ponemon Institute determined the global average cost of a data breach to exceed $3 million. This study factored in the mandatory components of data breach response: remediation, notification, and credit monitoring, which are.  Additionally, a 2012 study by the U.S. National Cyber Security Alliance concluded 60% of small businesses that have suffered a data breach have gone out of business within six months. Given that most cannabis dispensaries are small businesses, this number means your data security is of the utmost importance when it comes to ensuring your success. Don’t allow your ignorance about technology to sink your business. The security of your customer’s information, point-of-sale system, inventory manager, and all digital activities can be threatened three ways via technology: ransomware attacks, email attacks, and cyber extortion.

Ransomware Attacks

These attacks are sophisticated cyber attacks. It is a type of malicious software that hackers can insert into your computer system, causing it to shut down or become inaccessible. To be allowed access to your files, you must pay the attackers an exorbitant fee. If you do not pay the ransom, your data and files will be destroyed; or worse, used by the hackers for personal gain.

Email Attacks

You may be wondering, “How can an attacker embed ransomware into my computer system?” Unfortunately, technological advances have made it relatively easy. Typically, the codes can be condensed into a link that, when clicked, automatically embed the software wherever the attacker wants it to go.  The links are most commonly shared through email. These “phishing” emails are not as easy to spot anymore; instead of masking themselves as a cruise line claiming you just won a free cruise, hackers are posing as co-workers, customers, clients, and business partners. Believing the emails were sent from a trusted source, unsuspecting employees and even business owners click the link or open the attachments that download the malicious software. 

Make sure that everyone with emails attached to your organization or those using technology on your premises are aware of these phishing emails; one click can be fatal for your dispensary. A lot of the time, the email comes through as spam or has a very similar email to someone trusted with only one or two letters out of place.

Cyber Extortion

While ransomware attackers are not necessarily interested in your data, cyber extortionists prefer access to sensitive information that they can use to threaten your business.  

Cyber extortion is common within the cannabis industry because of the stigma surrounding the usage of the plant. With access to a dispensary’s customer database, hackers will attempt to extort high-profile patients who may not want the public to know that they are using marijuana, regardless of its legality. These patients include politicians, business executives, professional athletes, entertainers, clergy, etc. While cyber and physical security breaches can devastate your business, it is more likely that financial loss will stem from someone you’ve hired.


According to experts, almost 90% of financial and product loss in the marijuana industry can be chalked up to employee theft. You must minimize your employees’ ability to pocket cash through methods like voided transactions, providing unauthorized discounts, and using their employee discount excessively to friends or family.

While not all employees are thieves, they are still an integral part of your dispensary’s security. That is why staying on top of training and development is crucial. Be sure that your employees are well aware of emergency protocols, how to detect threats (physical and cyber), and how to respond to threats.

If you are looking for a full guide on how to open a dispensary, please click here.