Person holder a tablet, browsing a website with a stylus in their hand.

Cannabis and tech are increasingly intersecting, especially when it comes to the consumer experience in purchasing their Cannabis. Dispensaries are increasingly deploying kiosks or tablets for customers to place their orders. At the same time, their staff focuses on order fulfillment or answering questions as a play to keep costs down in an increasingly competitive environment.

As with any technology implementation, there are risks and tradeoffs that dispensary operators need to consider before they deploy them. In the case of shared tablets or kiosks, the greatest risks fall around protection of your IT environment and your customer’s data.

What Are The Risks?

There are three core risks to consider with shared tablets or kiosks in your dispensary. Those are around privacy, network security, and risk of business interruption.

As consumers interact with these tablets, there are a number of things you’ll generally ask to process their order. This means customers are entering Personally Identifiable Information (PII) or even Protected Healthcare Information (PHI) to complete their transaction. As a shared system, you have to ensure that other customers cannot obtain another’s data which could subject you to negative publicity at best, or fines, or even loss of licensure at worst. For those who operate in States that require compliance with the Health Insurance Portability and Accountability Act or HIPAA for short, the fines or penalties for unintended disclosure can come fast and swift.

Additionally, as these devices need internet access, you are likely connecting them to your local network. Connecting them to your local network can present the potential for malicious customers to explore your IT environment or use them for other nefarious purposes that can link your environment to their actions, such as credit card fraud.

Lastly, you want to register ownership of the tablet or kiosk. Suppose the device is not enrolled or managed by you. In that case, a malicious party could register it to their account, allowing them to snoop, install malware, copy any data that may have been entered by customers, remotely control, disable the device, or even report it as stolen, which can lead to significant interruption to your dispensary.

Things to Consider When Deploying Tablets or Kiosks

If you are looking to deploy kiosks or tablets in your dispensary, there are a number of things you should keep in mind before making them a part of the customer experience:

  • Avoid Cheap Products. It can seem like a wise financial decision to purchase the cheapest tablet or kiosk you can, but you may quickly find that the cheap tablet doesn’t come with updates or contains suspect software. Both of which would put you as a target to regulators the second something goes wrong. Consider purchasing authentic Apple iPad’s or Android tablets from major vendors such as Samsung that come with a guarantee of serviceability and support. For kiosks, avoid those that don’t run an OS that your IT is familiar with.
  • Update Your Devices Regularly. Ensuring your technology is kept up to date is important in reducing the risk that exploits can be run on the devices. If your device can no longer update, and it’s been longer than six months, replace it out of precaution as part of a good device management policy.
  • Use Anti-Malware Software. Any device can get infected with malware. Be sure that any devices connected to your environment are running anti-malware or similar software and that any alerts are centrally received by someone who can review them.
  • Register Your Devices. For apple tablets, there is a way to register them to your business leveraging Apple Business Manager, which ensures that a malicious party can’t link the tablet to their personal iCloud and control it remotely, disable it, or claim it’s stolen. Samsung also offers a similar functionality to link their Android tablets to a specific account.
  • Configure Mobile Device Management (MDM). MDM can help you restrict the activity that can occur on the tablet or kiosk. Microsoft Intune, JAMF, or AirWatch are just three options worth consideration. Be sure to choose one that allows you to restrict the web browser to only your dispensary site and doesn’t cache anything.
  • Set an Administrative Password. Set a password on your kiosks or tablets when someone attempts to open any control panel or settings page. We recommend setting it unique per location and only sharing it when absolutely necessary to staff.
  • Turn off Autocomplete. While MDM can assist in this, be sure that autocomplete is disabled on any browser on a shared device, so it does not retain any customer information. This includes any predictive text features on the mobile device that could end up showing a frequent customers email, name, or phone number, which could violate privacy laws.
  • Streamline the User Experience. Never ask your customers to register an account or login on to a shared device such as a tablet or kiosk. By doing so, users may forget to log off or choose poor passwords that expose their accounts. Instead, focus on streamlining the experience by only asking for what information is absolutely necessary to process the transaction. For most, name and phone number are sufficient.
  • Contain your shared devices from your IT network. This may require the assistance of an IT professional. Any kiosks and tablets that are usable by customers should be segmented from your regular IT network to help separate the traffic and reduce risks to your network environment from compromise, malware infection, or disruption.

It may seem like a lot, but by taking these into consideration, you’ll ensure an efficient experience for your customers while protecting your growing dispensary from privacy claims or other headaches that take away from your mission—providing your customers with a great Cannabis buying experience.

Featured photo from Pexels by Photo by Roberto Nickson.

Chris works as an Information Security professional in the Cannabis industry. They have over 20 years of experience in IT and work to share threat intel and mentor the next generation.

Ditch The Meta Pixel on Your Website

Previous article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *