Question 1

What does an Incident Response Retainer (DP-1) actually include?

Accepted Answer

On-retainer IR capability means we're on call when something happens. Included: written IR runbook customized to your stack, annual tabletop exercise, BEC detection checklist, 4-hour response SLA during declared incidents, and $275/hr for active incident hours.

Question 2

What is BEC and why does it hit cannabis operators hard?

Accepted Answer

Business Email Compromise — attackers impersonate a vendor or executive over email and trick your finance team into wiring money. MariMed lost $650,000 in a single BEC incident. Cannabis operators are targets because they move large cash-equivalent transactions and often lack the internal controls to catch it.

Question 3

How long does a Ransomware Resilience Audit take?

Accepted Answer

Three weeks. We assess your backup architecture, POS vendor security posture, network segmentation, endpoint protection, and recovery procedures. Output: written findings + a prioritized resilience roadmap.

Question 4

We already have an MSP. Why do we need DP-1?

Accepted Answer

MSPs manage IT. They handle uptime, endpoints, and METRC connectivity. Very few have written IR runbooks for cannabis-specific scenarios, run tabletop exercises, or provide on-call IR response. That's not a knock on your MSP — it's just a different scope. We work alongside them, not instead of them.

When ransomware hits your POS, you lose $30,000 a day. We make sure it doesn't.

The gap shows up before the incident.

SKU-based work with clear output.

Incident Response Retainer

BEC/Phishing Defense Sprint

Ransomware Resilience Audit

Assess → Deliver → Document

Assess

Deliver

Document

Built for cannabis operators.

Questions operators ask first.

Find out what's exposed in 90 seconds.