Cybersecurity Challenges



As we approach the end of 2018, companies around the globe are facing increasingly innovative, advanced threats from those outside their internal networks and systems — whether rogue individuals or teams sponsored by nation-states.

While external threats can easily capture the attention of everyday citizens, seasoned security professionals will also be aware of the threats posed by insiders: Employees and contractors alike can access proprietary (and even highly confidential) information. Unfortunately, this trust can be abused, as evidenced by numerous access control scandals that have occurred in the past decade. Cases range from Edward Snowden’s historic leak of highly-classified National Security Agency files to a former UCLA Health System employee sentenced to federal prison for violating HIPAA.

So we’ve compiled a list of the top six cybersecurity issues that could affect workplaces in 2018. It includes threats that can develop both inside and outside of a company’s networks, further highlighting the dynamic threat environments that today’s businesses must tackle.

businessman hand pointing to padlock on touch screen computer as Internet security online business concept

External threats: 3 common tactics used in today’s security landscape

Cybersecurity challenge #1: Ransomware

Ransomware is one of the most aggressive tactics used by today’s hackers. These threats take a computer, and sometimes even entire networks, as hostage. Often, all the files and data previously stored on a system become inaccessible until the victim (i.e. someone in the workplace) hands over a ransom fee, typically paid in cryptocurrency like bitcoin.

Cybersecurity challenge #2: Cloud-based services and computing

The creation of software as a service (SaaS) solutions has enabled companies in every industry to become more agile. Companies no longer have to pay for bulky, expensive software, as SaaS solutions are all based in the cloud and are available for only a small monthly fee.

But SaaS solutions also present novel security threats, in part due to the current insecurities of APIs and various hardware vulnerabilities.

Cybersecurity challenge #3: The Internet of Things

The Internet of Things (IoT) is on the fast track to fundamentally change how future economies will operate. The ability to place a sensor on everyday objects for very little cost is certainly exciting, but can present a nightmare scenario for security professionals. IoT devices are notoriously insecure and can be easily exploited for their computing power for use in bonnet-based DDoS or ransomware attacks.

How can workplace professionals address external threats?

While the security needs of each business are unique, there are a few universal guidelines that can help protect against external cyber-attacks:

  • Conduct frequent cyber risk assessments.
  • Implement sensible data security safeguards and monitoring systems: Use data encryption, multi-factor authentication, or a disaster recovery as a service (DRaaS) solution.
  • Create a framework for ongoing threat management, operational oversight, risk management, and regular reviews of contracting businesses with whom you’ve partnered; document plans to handle threats and mitigate the impact of attacks with a data backup solution in place.
Hand presenting against serene landscape with city on the horizon at night

Internal threats: Understanding threats from within your organization

Cybersecurity challenge #4: Access to confidential information

Most external threats are easy to recognize and identify. But internal threats are far more ambiguous, especially when it involves access control and information flow within a company.

For example, let’s say an individual with access to confidential information downloads a file that doesn’t directly relate to their work. Is this a malicious attempt to steal company information? Or is this a case of simply mistaking one file for another?

Cybersecurity challenge #5: Information flow among various devices

Most employees today will bring their own devices to work — for example, smartphones, tablets, and laptops. But if these devices are doubling as both work and personal devices, this could compromise your company’s confidential information or data.

Cybersecurity challenge #6: Managing employee credentials

Ensuring that only the proper employees and contractors have access to confidential or compartmentalized business information can be the difference between a strong security environment and falling prey to insider cyber threats.

How can workplace professionals address internal threats?

Every company has a unique threat landscape when it comes to insider threats. To effectively defend against such cyber-attacks, here are several solutions:

  • Implement strong confidentiality policies that are understood and defined as a part of the employee onboarding process.
  • For the duration of an employee’s tenure, continue to conduct basic security trainings, restrict the use of personal devices for work activities, and restrict access to information that is not applicable to an employee’s role within the company.
  • When an employee chooses to resign from the company, ensure the offboarding process removes their access to sensitive information. Additionally, conduct exit interviews and follow-ups for each employee that moves on to other opportunities.

Today’s modern, globalized workplace demands a strong understanding of possible cybersecurity issues. Both external and internal threats can significantly damage a company’s bottom line and reputation.

Develop a documented cybersecurity incident response plan

A robust cybersecurity incident response plan will incorporate a deep understanding of the unique aspects of today’s common external and internal threats.


WJ Cousins and Associates can help you with your cybersecurity challenges. Contact us to start a conversation to protect your business.

[ Click here to view the original article ]


As a business leader, you have a duty of care to your employees: You’re legally obligated to provide a safe workplace environment by anticipating potential threats and taking action to prevent violence and harassment. By ensuring workplace stability, you can build a stronger company culture and protect your most important corporate assets — including your employees.

In the 1990s, the Department of Justice found that 12.5 persons out of every 1,000 were victims of violence in the workplace each year. Workplace violence is sadly all too common — which is why its prevention should be a key component to any comprehensive corporate security policy. But whether you’re leading a startup or enterprise organization, instituting meaningful change can prove complicated.

Workplace violence defined

Congress created the Occupational Safety and Health Administration (OSHA) to assure safe and healthful working conditions for working men and women by setting and enforcing standards, and by providing training, outreach, education and assistance.

The OSHA defines violence in the workplace as:

”Any act or threat of physical violence, harassment, intimidation, or other threatening disruptive behavior that occurs at the work site. It ranges from threats and verbal abuse to physical assaults and even homicide. It can affect and involve employees, clients, customers and visitors.”

Types of workplace violence

The Federal Bureau of Investigation (FBI) has identified four types of workplace violence:

  • Type 1: Violent acts by criminals who have no other connection with the workplace but enter to commit robbery or another crime.
  • Type 2: Violence directed at employees by customers, clients, patients, students, inmates, or any others for whom an organization provides services.
  • Type 3: Violence against coworkers, supervisors, or managers by a present or former employee.
  • Type 4: Violence committed in the workplace by someone who doesn’t work there but has a personal relationship with an employee — an abusive spouse or domestic partner.

Workplace stability: Why preventing workplace violence matters

A single incident of workplace violence can lead to significant harm — but these consequences may go unnoticed by you or your corporate officers for lengthy periods of time.

But it’s important to address workplace violence immediately because a lack of trust can erode even the healthiest of working environments, leading to workplace instability and a lack of team cohesion. In the long run, disgruntled employees may even begin to look elsewhere to advance their careers.

In addition, your brand identity, which you’ve carefully crafted quarter after quarter, year after year, can be destroyed in an instant.

Your business could also sustain significant financial losses. An incident of workplace violence could lead to lowered productivity, property damage, and loss of sales in the wake of your business’s damaged reputation. And because you can be held liable for violating your duty of care to your employees, you might even face litigation — leading to high legal expenses. It’s estimated that workplace violence costs businesses over $120 billion per year.

Strategies to prevent workplace violence

Harassment policy: Most larger companies will have harassment policies already in place, but smaller organizations located in states with newly-enacted legislation against workplace violence may need to create policies from scratch. Avoid relying on boilerplate language and always consult your company’s legal counsel when drafting policies. Your policy declarations will form the backbone of your intent to maintain workplace stability.

Incident reports: You’ll gain the strongest insights into the working environment from front line managers who work directly with employees on a day to day basis. Create a channel for your managers to document employee complaints and incidents. The procedure should be clear and repeatable, and if you need to craft new policies, respect your employees’ time. Treat reports seriously, discreetly, and within the vein of accepted HR procedures.

Top-down approach: The best way to effect change is to push change from the top levels of the corporate hierarchy down to the lower levels. Business leaders should play an active role in designing and implementing violence prevention programs. If the officers at the top of the organization cannot lead by example, then the actions of others throughout the company cannot be properly held accountable.

Open communication: You’re more likely to find out about — and, accordingly, be able to act on — unwanted incidents if your company culture encourages honest communication, and your management team is open to constructive criticism. Fortunately for today’s leaders, many businesses have already implemented communication and iterative refinement as part of their product development process. This is where “cross-pollination” can come into play: Take inspiration from existing methods for communicating internally, and more importantly, take stock of how your teams can push improvement.

Build on what works: HR is your best asset when developing workplace prevention policies — but are you empowering them to sit at the table in a meaningful way? That said, don’t saddle the responsibility for developing and implementing entire policies for your workforce on HR alone. Getting management intimately involved as well can help produce more meaningful change to the company culture.

Implement effective strategies to prevent and address workplace violence

The ethical, moral, and legal demands upon business leaders have never been clearer: You and your officers have a duty of care to foster workplace stability and maintain a safe, healthy working environment for your employees.

[ Link to original article ]

We are truly living in an uncertain time. Are you as tired of hearing that as I am of saying it? Probably, but sadly it’s true. And because of that, uncertainty is what we are all feeling right now. Whether it’s uncertainty from conflicting information, to what this situation is currently doing to ourselves, our families, our organizations – to just a general fear of the unknown – all of us are affected in one way or another.

RISK MANAGEMENT: A process of evolution

Defining your Risk Management process, the “what works for you”, is a challenge that many family offices, corporations and governments struggle with on a regular basis. External or self-imposed vulnerabilities can expose you to a variety of threats, to include global pandemics like COVID-19. Security and intelligence professionals understand the current threat landscape surrounding everyday operations and quality of life, and work around the clock to keep their clients safe and informed.

Do you have a plan to mitigate risk in your family or organization?

Creating a risk management plan is a complex undertaking that involves intelligence collection, security management, and solution based resources. A security professional’s risk assessment process is based on years of experience typically stemming from one of three areas; law enforcement, military, or intelligence.

To gain an understanding of a risk or “threat matrix” to a person’s lifestyle, supply chain, or business ecosystem, one must first learn what threats are present. These are the proverbial, “known, likely and or suspected threats”. A sound professional then utilizes intelligence tools, security best practices, and global threat monitoring resources to gain a thorough understanding of potential threats.

Threats come in many forms, some are self-induced while others are external man-made looking to steal information or sabotage operations. Natural risks such as storms, earthquakes and global pandemics are unpredictable and contant. Determining a threat matrix is found in the DNA of each client, meaning lifestyle, travel, exposer, activities, current political beliefs, religion, disinformation, cybersecurity, or business practices. Once a risk management team has determined a clients perceived threat matrix, the risk management process progresses to an assessment of vulnerabilities.

Determining a client’s vulnerability is an involved process. It begins with asking the right questions, while performing closely sourced intelligence collection analysis after vulnerabilities have been identified. A well-informed security professional looks to understand what countermeasures are in place, meaning what procedures, policies, and tactics are being used to mitigate the current perceived threats and present vulnerabilities.

Following evaluation, a well trained professional will be able to determine client risk, which is to measure the impact, also known as impact analysis. This is where potential loss, exposure, lasting and short-term effects, and viability of all factors (threats, vulnerabilities, and countermeasures) are discovered. Impact analysis will significantly reduce monetary risk by exposing financial vulnerabilities, thwart business and supply chain interruptions, prevent litigation, and in extreme cases protect from potential bodily harm or loss of life.

How confident are you that you risk management plan will measure up during a crisis?

Creating a plan is only part of the solution: People and organizations tend to stop after an assessment is performed and a plan created. This approach may work in some cases, but you could be unintentionally leaving yourself open. Tabletop exercises (TTX) are key to the success of your risk management program. They are designed to evaluate the strength and viability of your plan and plug any remaining gaps.

Don’t go it alone, security experts bring years of experience and industry best practices to fortify your Risk Management Program.

[Link to article]

Mitigating your security risk begins from the outside. Conducting practical assessments allows your organization to identify vulnerabilities to your infrastructure, resources, and staff – and buy-in for effective preparedness starts at the top.

Strong support and participation from organizational leaders promote a safe, secure, and productive work environment. Never merely “check the box” to meet a requirement. The risk vs. reward of potential litigation can be motivating enough to invest in improvement, and a proper assessment can act as an insurance policy against loss, financial or otherwise.

Conducting an assessment requires honesty and objectivity. If you find something wrong, it’s easy to say, “oh, that rarely happens” or “we can just ignore it this time” – don’t do it. Things that stick out during an assessment may happen all the time; you just don’t notice them. While we’re all hesitant to put our deficiencies on display, an assessment isn’t a pass/fail event; it’s simply a snapshot of where you are at that moment. A third-party assessment team can provide an objective viewpoint some find unable to give themselves. Going it alone can be a lot like grading your own test.

Assessments should consist of physical inspections of your facility’s perimeter, exterior, interior, safety/security systems, and networks, as well as a review of access control, visitor management, and emergency response protocols. Competent assessors don’t just look at the physical aspects. They conduct interviews with random staff members. Doing so gains valuable insight into day-to-day activities and can identify general safety and security concerns that may otherwise never come to light.

However, it’s not all about security. Just as a propped open door negatively affects access control, malfunctioning or expired life safety equipment (e.g., fire extinguishers, AEDs, eye-wash stations, etc.) is also a vulnerability that you should address.

Time is a factor, and assessments take time. A comprehensive walkthrough can take upwards of 8-hours or more, depending upon the facility – and that doesn’t even take into ac- count the initial analysis and reconnaissance, report development, and corrective action planning. However, it’s worth the opportunity to see your facility as you never have before. We’ve witnessed department heads, building supervisors, school principals, and even maintenance staff – folks who spend more time than most in their facilities – display amazement at what they’ve never noticed in their daily routines. While some may see that as complacency – we don’t – we see it as a common occurrence in places we are most familiar. If you don’t know what you’re looking for, you’re not going to find it.

Assessments cover the entire perimeter, facility exteriors, parking lots, vehicle and pedestrian entrances, hallways, offices, common areas, conference rooms, maintenance areas, roofs, and basements. Assessors need to test lighting, test door hardware and windows, test alarms and P/A systems, test everything they can! Options for improvement are higher if you are willing to be thorough. And it all starts with your methodology.

The methodology that guides the assessment determines the outcome. The North Group’s assessment methodology considers guidance and recommendations from the U.S. Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), Federal Bureau of Investigation (FBI), U.S. Department of Education, American Society of Civil Engineers (ASCE), Occupational Safety and Health Administration (OSHA), and all levels of emergency response agencies, as well as lessons learned from our combined experience conducting assessments nationwide. Additionally, our methodology applies concepts of CARVER (Criticality, Accessibility, Recuperability, Vulnerability, Effect Recognizability) + Shock, Crime Prevention Through Environmental Design (CPTED), DHS Best Practices for Anti-Terrorism Security (BPATS), and industry-specific requirements.

This bottom line is that conducting assessments can feel daunting but should never be overlooked. An objective analysis of your security capabilities will not only reveal things you never knew were (or weren’t) there, they provide the opportunity to improve in many ways. As leaders, we should continually strive to positively affect the overall facility environment and project a confident, proactive outlook to our employees.

[Link to article]

We understand that the corporate market has unique needs due to current susceptibilities and advise our clients based on real-time data. 

Managing cyber risks within your business and current operating landscape can be troubling and even more frustrating. Due to the current threats and risks, we are offering free enterprise and private client risk assessment consultations. Every client has a unique “risk DNA”. We evaluate risks based on your business structure, operational footprint, vulnerabilities, current countermeasures, and impacts. We use various intelligence and risk management schools of thought to help clients better understand stakeholder liability and enterprise risk.

Impactful Cybersecurity Statistics

Below are some statistics that can give you a good idea of the overall impact of cyber-attacks

  1. 62% of businesses experienced phishing and social engineering attacks in 2018 (per Cybint Solutions)
  2. The worldwide information security market is forecast to reach $170.4 billion in 2022. (Gartner)
  3. On average, only 5% of companies’ folders are properly protected. (Varonis)
  4. Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
  5. 71% of breaches were financially motivated, and 25% were motivated by espionage. (Verizon)
  6. 52% of breaches featured hacking, 28% involved malware, and 32–33% included phishing or social engineering, respectively. (Verizon)
  7. Between January 1, 2005, and April 18, 2018, there have been 8,854 recorded breaches. (ID Theft Resource Center)
  8. While overall ransomware infections were down 52%, enterprise infections were up by 12% in 2018. (Symantec)
  9. The top malicious email attachment types are .doc and .dot, which make up 37%; the next highest is .exe at 19.5%. (Symantec)
  10. By 2020, the estimated number of passwords used by individuals and machines worldwide will grow to 300 billion. (Cybersecurity Media)

[Link to article]

Investopedia gives this definition for understanding supply chains, “A supply chain encompasses a series of steps involved to get a product or service to the end-user. The steps include moving and transforming raw materials into finished products, transporting those products, and distributing them to said end-user.”

An effective risk management strategy can help identify and prevent possible disruptions.

With the ever-growing threat of foreign intervention, supply & demand concerns, as well as economic uncertainty, supply chains for medical stocks, food, and raw materials are susceptible to disruption – whether through theft, counterfeiting, or even destruction. A current high-risk situation is the delivery of the COVID-19 vaccine.

How will your supply chain handle risk management during these uncertain times?

No matter your opinion regarding its effectiveness or whether or not to receive the vaccine, there are questions about the safety and security of transporting it to its final Point of Distribution (POD) – not to mention securing it after it arrives. Using our COVID example, once the vaccine is developed and produced, the process is to load it onto subzero freezer trucks for transport to receiving areas – where state health agencies take custody of the shipment. The vaccine is then sent to predetermined, county-level staging areas (Nodes) and, from there, assigned to a designated site for distribution to the population. These mass dispensing sites can be anything from a hospital or urgent care center to a local pharmacy or school. These sites are where security becomes the most significant concern.

While federal and state law enforcement agencies closely monitor the transportation piece – where the number of vehicles is relatively limited, how can we manage security when dispensing sites can potentially number in the thousands? It is unrealistic that local law enforcement has the capacity to provide the personnel required.

[Link to article]

Dan Humiston: [00:00:00] Just a quick announcement before today’s show that November is Investor Month for the entire month of November. We will be featuring twelve Cannabis investors. So if you’re a Cannabis company that’s raising capital earning credited investor that’s looking for a firm to manage your Cannabis investments. Make sure to listen to Raising Cannabis Capital in November and get ready for twelve Cannabis Investor episode.

Bill Cousins: [00:00:28] My security methodology is to be proactive, not reactive. For example, police department there used to just responding to the incident and handling the incident once they arrive. My methodology, which is the Secret Service methodology, is let’s prevent anything from even happening.

Dan Humiston: [00:00:51] From MJ MJBulls Media, it’s the Raising Cannabis Capital show. I’m Dan Humiston. And on today’s show, how this former Secret Service agent is applying to the Cannabis industry the same skills and techniques he learned protecting the president of the United States.

Bill Cousins: [00:01:18] Today in Raising Cannabis Capital, we are joined by Bill Cousins, founder of WJ Cousins and Associates. Bill, welcome to the show.

Bill Cousins: [00:01:26] Thanks, Dan.. Appreciate it.

Dan Humiston: [00:01:28] Well, like so many of the guests on our show, I bet 10 years ago, if would have said, you know, you’re going to end up in the Cannabis industry, you wouldn’t have believed it.

Bill Cousins: [00:01:37] That’s so true. I never in my wildest dream did I ever imagine that I would be in this industry.

Dan Humiston: [00:01:42] And for our listeners, the reason why is because Bill spent 35 years of your life in law enforcement, starting with being a police officer just outside of Detroit, then moving to a distinguished 22 year, 22 year career in the United States Secret Service. So I’d say you’re an expert at keeping people and property safe. Well, thank you. Yeah. And I suspect that’s one of the reasons why W.J. Cousins and Associates is fast becoming one of the leading Cannabis security companies. I think for you to start off with today, let’s start at the beginning. A state passes a law making cannabis legal and puts together a license application. Every application that I’ve ever seen calls for a detailed security plan. So a prospective licensee will hire a firm like yours to help them put together a plan. What do you provide? How detailed information are they looking for in those applications?

Bill Cousins: [00:02:37] So how it usually works is this will have what will referred to as an applicant for a license in the state. That individual will get approved by the state, get pre-approved. Now, once they’re pre-approved, in other words, they had their finances and their backgrounds checked and they were cleared. Then they can move into the actual putting in for a license at a location. They’ll get a location. They’ll come to me and say, OK, Bill, I have this facility. I have this building. Help me to write a security plan that will be state compliant. And at that point, what I do is I work with the architect. I worked with the applicant who’s now the client. I work with their attorney, and then I work with selected integrators. And I will write this security plan from movements to how they’re going to do background checks, how they’re going to handle arrival departures and secure transport, how the patients will enter in and out of the building, how the employees will enter in another building. And then we get into cameras, the number of video surveillance cameras, the locations of those cameras, the megapixels and so forth. We helped design a vault to keep the Cannabis as well as the currency safe within the building. We do the I.T. secure room. And what that is, is the state has a strict mandate that the envy and recording devices has to be locked up in a separate room with cameras covering the room. We do the locking mechanisms, whether they get to the old fashioned lock and key or they go too, with proximity card and reader would do lighting for the exterior as well as the interior to make it a safe environment for customers that come in. Wow.

Dan Humiston: [00:04:24] It reminds me of the stories that I heard about when you guys would do an event for the president and you’d go into a venue and all the work that you would have to do. I mean, it’s very similar to a different scale, but it’s the same type of process, isn’t it?

[00:04:39] Dan? It’s very similar. I took the skills I learned from the Secret Service on how to protect people and facilities. And I just adopted him to the medical marijuana field.

Dan Humiston: [00:04:49] If our country trust you with the president secure here, I suspect they’ll be pretty comfortable with protecting a dispensary or a grow facility. Well, let’s fast forward now. The license has been awarded and business is up and running. What type of securities services does an ongoing enterprise need?

Bill Cousins: [00:05:06] Well, even before the businesses opened, they need somebody who is going to manage the installation of the security technology, the cameras, the locks and the alarms. So I provide those services also. And then once they’re open. What I do is I will stay on as an advisor, trusted advisor to them. I will do the background checks of prospective employees. I will come in and audit, make sure that they’re totally compliant with the state requirements. I will also act as their representative with the state inspectors that do come in. So if the inspectors are coming in to do a routine audit, I will be there. If the inspectors want to come in and look at video, I will also be there to act as their representative. And because of my past, I am able to establish a very strong, positive relationship with the state inspectors on.

Dan Humiston: [00:06:09] I want to take a quick break. Thank you for listening to today’s show. As the leading Cannabis podcast network, we’re constantly adding new Cannabis podcast to support our industry’s growth. And that’s why we’re so excited to announce our newest podcast, The Cannabis Breakout, which premieres October 25th. The show’s about the thousands of Americans who remain in prison for violating Cannabis laws that have long since been overturned. The Cannabis breakout gives Cannabis political prisoners a voice. If you’re a former Cannabis prisoner or have a loved one who is a Cannabis prisoner, we want to share your story. Please go to MJ Bolls dot com and sign up to be a guest.

Dan Humiston: [00:06:52] People don’t appreciate it sometimes when you think about Cannabis security. But not only is there a lot of cash. Way more cash in it Cannabis facility than in most businesses just because the banking issues, but also your main product. Could we move quickly in the black market? Criminals. They look at this as an opportunity. I suspect more than most businesses.

Bill Cousins: [00:07:14] That’s very true. Dan, my security methodology is to be proactive, not reactive. For example, police department there used to just responding to the incident and handling the incident once they arrive. My methodology, which is the Secret Service methodology, is let’s prevent anything from even happening. So that’s where I separate myself from some of the others.

Dan Humiston: [00:07:39] I heard you say something. Failing to plan is planning to fail. Exactly. You got it. You know, it’s scary. But I mean, it’s the nature of the business until we get this banking laws cleaned up. Speaking of accidents or unfortunate encounters, which we do our best to prevent in even in the best scenarios. Sometimes they’re unavoidable. When that happens, there’s potential for litigation going from like a slipping file to an actual armed robbery or an employee theft or something. But that may result in litigation. And at that point, they’re going to need experts. Do you provide some guidance or some assistance in those situations?

Bill Cousins: [00:08:16] Yes. I’ll routinely work with either the plaintiffs or the defendants attorneys in the matter and give my advice and counsel whether or not the provisioning center or the licensee was or was not negligent. I’ll give testimony in depositions in the court case if necessary.

Dan Humiston: [00:08:35] Well, what’s next? What’s next for W.J. Cousins and associates?

Bill Cousins: [00:08:39] Well, we’re very fortunate. We’ve made a great number of contacts. I’ve done over 80 security plans just in the state of Michigan. We’ve expanded into Illinois, Missouri, and I’ve done work in Nevada. I’m also getting is raising capital. No way, Wolf. A lot from my clients, they say. Do you know anybody that’s interested in investing in. You know, I’ve been fortunate in my life. And I have a few individuals that I know personally that want to get into the investment portion of the Cannabis business. So I connect them.

Dan Humiston: [00:09:09] It’s crazy. But the name of the show is Raising Cannabis Capital. And a lot of our listeners are those type of people. They’re looking for a good opportunity or a connection to a good opportunity. And like you said, with over 80 installs already and more on the way, you know which ones are the good ones and which ones are the bad ones. It’s exciting. And with Illinois, is it going to be huge with the wreck bill going into effect in January? I’m sure there’s a lot of opportunity there for you.

Bill Cousins: [00:09:35] Yeah, there is. I’ve partnered with other security experts like myself who just happen to be from the Secret Service. And so we collaborate on these projects. When you’re good, your reputation takes you to the next level.

Dan Humiston: [00:09:49] There’s no doubt about it. Well, we’ve been speaking with Bill Cousins from W.J. Cousins and Associates. And and I’ve I’ll have all of his contact information on the MJBulls website. Bill, thanks for being on the show today.

Bill Cousins: [00:10:00] Thank you, Dan..

Dan Humiston: [00:10:02] Yeah, this is exciting stuff. Let’s plan to have you back on soon.

Bill Cousins: [00:10:05] Anytime.

Dan Humiston: [00:10:08] Thanks for listening to Raising Cannabis Capital. To learn more about today’s guest, to become a guest. Visit our website at Hemp. Today’s show is produced by MJBulls Media with original music produced in part by Jamie Humiston. I’m Dan Humiston and you’ve been listening to the Raising Cannabis Capital podcast.

[Link to article]

As a business with highly transportable valuables, weed and cash, cannabis companies have to keep security top of mind long after they fill out their license applications. Recently, Grown In asked readers who they turn to for security consulting. Here are five firms our readers are talking about.

5th Meridian Group – website

Based in Southeast Missouri’s Cape Girardeau, Michael Allen and partner Andrew Juden are former military aviators turned firefighters who have advised multiple Missouri license-winners on their applications. Their firm, 5th Meridian Group, also provides locally-sourced armed guards, secure transport for cash and cannabis within Missouri, product diversion investigations, as well as security system installation for cultivation centers and dispensaries.

Missouri law requires a security manager for every cannabis facility, as well as security training for every cannabis facility employee. But Allen says that’s often not enough for many cannabis businesses.

“People will decide to not use armed security or security officers thinking, ‘An armed robbery in this area is probably not going to occur.’ However they fail to realize the impact of that one robbery,” cautions Allen. “When it does happen to a cannabis facility, the damage it does, if someone is injured or killed, they fail to realize the damage it does to the facility, to the brand name, to the employees.”

M&R Electronics – website

It’s one of those rare, once in a career opportunities when something falls into your lap,” said Scott Superfine, the third generation owner of security firm, M&R Electronics. Mitch Kahn, the president of Grassroots was referred to him by a security system manufacturer to fix the installation of a system Grassroots had purchased for a dispensary. Superfine’s company, “clear[ed] up the mess. They asked us to do their next dispensary, and their first cultivation site, and now we’ve done work for them in 15 states, 30 to 40 dispensaries, and off to the races we went.”

“It was one of those things, where both sides realize they have an investment in each other. We looked at it as being a fiduciary of their money,” said Superfine. 

M&R focuses on the design and installation of security systems. While most of their business is primarily in Illinois, M&R has become a national company for the cannabis business.

“We’ve done just about every kind of building for clients in the last five years. And they’re all different because there’s no synergy on a state by state basis. They all have different requirements,” said Superfine. “In Pennsylvania you have to have two years of video storage. In Michigan you have less than three weeks. Every state and opportunity is a new challenge.”

Sapphire Risk – website

With seven years of cannabis security consulting experience in thirty states, Sapphire Risk’s Managing Partner Tony Gallo says, “One of the biggest mistakes I see from people applying, they are not willing to make the commitment to win the license. They are willing to spend $100,000, but not $120,000. If you are going to apply, you need to understand what it’s going to cost to get that license. I’m going to commit and get the license.”

Based in Dallas, Gallo called Grown In from Tacoma, Washington, where he was conducting a security review for a client dispensary who experienced a break in last week. Besides security reviews, Sapphire Risk assists with application writing and designing day-to-day procedures, like cash management, to building out onsite security systems and training. 

A retail security expert, Gallo held security positions at Macy’s and Sears, and managed security for international pawn shop chain EZcorp’s 1,300 stores.

“It’s a big miss in this industry: A lot of times people feel, ‘Oh they’re not going to steal from me.’ [Cannabis] is not a unique industry. People in retail steal. That’s just how it happens,” said Gallo.

Silver Star Protection Group – website

Owned by Daniel Farrell and his twin brother Ed, Daniel was a hedge fund manager and Ed was a retired U.S. Marshall when Daniel was helping Revolution Global in Chicago with their Series A round capital raise. Ed became Revolution’s security consultant for their dispensary and cultivation sites in 2015, and based on that work, the Farrells then assisted Union Group with security plans for their dispensaries in Illinois in 2016. Their business has only grown since then.

“One of our core competencies is writing the applications. We’ve been first or second for most applications. We want to help layout your store. We’ve been doing dispensaries for five years. We understand how the flow of traffic works. If you win a license, we want to make sure you build it out the right way. We’ll sit down with the chief of police, go to the zoning meetings, and testify to the city council.”

Once a cannabis facility is operating, Silver Star will provide on-site security, annual security training for staff, post orders for security officers, and with transporting cash.

“We work with people that got into it for the right reasons,” said Farrell. “Being in a dispensary day in, day out, we see it. Hearing people’s personal stories. It’s rewarding. People don’t understand that aspect of the business.”

WJ Cousins & Associates – website

A retired Secret Service agent, Bill Cousins ended his 31-year law enforcement career as agent-in-charge for Detroit in 2014. Then during his second career, while running global security for some Michigan manufacturing companies, Cousins advised Michigan cannabis regulators on security standards for licensing. 

“My philosophy is to be preventative ahead of time. Don’t be reactive. Know this type of incident may occur and have plans to mitigate the incident and help secure the enterprise,” said Cousins. “It could be anything from a tornado to a fire, or armed robbery, or more violent, an active shooter. Be prepared for it, the leadership can’t sit there and say, ‘Now what do we do?’ They have to have hardcore plans, documented, written.”

Cousin’s firm has cannabis clients in Nevada, Missouri, Illinois, Michigan, and Ohio, providing application writing support, designing security plans for dispensaries, cultivators, processors, testing labs, and secure transport. The firm also conducts internal investigations. 

“In our litigious society, we all know somebody is going to be sued for something. If you’re not ready for that lawsuit, it could cost you your business,” said Cousins, who also acts as an expert witness for clients. “If you don’t have a person with the horsepower to defend it, you’re just going to add more zeros to the check you’re going to write them. That’s my concern about the industry, there’s too many charlatans.”

[Link to article]