Help Protect Your Winery from Cyberthreats Using These Key Strategies

A version of this article was published in the November 2019 issue of  Wine Business Monthly.

Your company’s IT systems are central to its business functions, helping it automate key processes, effectively manage and grow the business, and protect employees and customers’ sensitive information.

Cybersecurity breaches affect approximately 50% of companies in a 12-month period, according to the Ponemon Institute. However, knowing which threats cause the most damage and implementing defenses against them can help your company prevent or efficiently negate threats if they arise.

Following are a few top-trending cybersecurity threats your winery should be aware of and ways to prepare for, or reduce damage caused by, a security breach.

Determine Potential Threats

To hackers, a winery’s greatest asset is its valuable customer data—specifically customers’ credit card information. As technology rapidly develops, hackers have found new ways to infiltrate company systems and steal this valuable data.

However, knowing how to identify potential threats can help your company avoid or address issues before they affect customer data or cause serious damage. Some common threats impacting the wine industry include the following.


Phishing scams take the form of emails that trick employees into providing sensitive information, such as IT system login information, customer payment information, or banking details.


Phishing emails are typically sent from fake accounts that mimic email addresses of seemingly legitimate sources, such as business partners or management representatives from your own company. However, the sender’s email address will be slightly different from the email address it’s mimicking.

An individual can identify a phishing email from a spoofed or fake email account by verifying the intended sender’s email address. Inspecting the source email address may show that the attacker has used different characters in the address, such as an uppercase l instead of a lowercase i, or they may have extended the email domain by adding additional words to make it look legitimate.


In a ransomware breach, hackers gain access to a company’s systems by using malicious software to infiltrate its security mechanisms. They then encrypt the company’s data, making it impossible for employees to access critical data or conduct business until a demand—or ransom, usually in the form of cryptocurrency like Bitcoin or Monero—is satisfied.

However, paying the ransom doesn’t guarantee the hacker will decrypt the data. That means it’s critical for a company to have reliable backup data as well as a tested incident response plan in case a ransomware attack occurs.


Typically, ransomware attacks are triggered by a phishing email that diverts the victim to an infected web page, which, unbeknownst to the user, downloads the ransomware program. Once the program is downloaded, it automatically begins encrypting the hard drive of the effected workstation and infecting other systems on the network.

Phishing emails are commonly used to trick individuals into initiating the ransomware infection process. However, teaching employees how to recognize phishing emails can lower the risk of a successful ransomware attack. Companies can also protect systems by installing recent security patches from their vendors and verifying that antivirus software is running on all network systems.

Direct Data Breaches

Direct data breaches occur when a company stores all or the majority of its critical business data on unencrypted laptops, tablets, or mobile devices and the device itself is compromised.

For example, if a winery stores its wine club membership database on a single company laptop that is lost or stolen, a hacker need only gain access to the computer itself to access the company’s bank information, membership demographic information, and customer cardholder data.

These breaches are especially damaging if the company hasn’t replicated its membership database to another source, such as a cloud service, or regularly backed up its data. This is also dangerous to business continuity because the single instance of the data could become inaccessible due to hardware failures or data corruption.

Assess Your Vulnerabilities

After identifying potential threats, your company can begin assessing its vulnerabilities. In addition to lack of awareness, many wineries have vulnerabilities from failing to develop adequate processes around the following:

  • Data controls
  • IT systems access, security, and use
  • Incident response

Implement Data Controls

Creating a system of controls is critical for having adequate defenses against cyberthreats. Here are a few primary controls your company can implement to help prevent or reduce damage.

  • Strong user authentication. Using multifactor authentication, wherein a one-time passcode or biometric reader as well as individual login identifications and passwords are necessary to authenticate a system user, can help thwart a breach by an attacker who has access to user identifications and passwords.
  • Role-based access controls. Role-based access controls limit the number of employees who have administrator access within a particular system. This can help reduce a breach’s impact if the compromised user account has limited access to sensitive data.
  • Data leakage prevention. Lack of data leakage prevention, such as allowing employees to extract data and transfer it to personal cloud-storage locations, creates significant IT vulnerability. These storage locations may include Dropbox, Google Drive, OneDrive, or portable media such as USB thumb drives or portable hard drives. When a network isn’t monitored for unauthorized data exfiltration, information can be lost, stolen, or deleted.
  • Computer and mobile device encryption. Computer and mobile device encryption is an essential part of keeping your winery and your customers’ sensitive information safe. Strong encryption that has been implemented on server, workstation, and mobile-device storage can prevent sensitive data from exposure—even if the device has been lost or stolen.

Integrate Your Software System

When a company’s payment and data-management processes aren’t integrated, it can create opportunities for error and inefficiency, increase the risk of a cyberattack, and decrease the effectiveness of your incident response plan efforts.

Integrated enterprise resource planning (ERP) and cloud-based systems can greatly increase operational efficiencies and reduce risk by providing the following:

  • Automated processes. Automated processes significantly decrease the likelihood of phishing scams and direct data breaches. For example, if an automatic system or preapproved protocol doesn’t exist for transferring funds or information, an employee is more likely to engage with a scammer instead of directing them to an online client portal.
  • Real-time visibility. Real-time visibility allows your company to see and be alerted about data shifts as they occur. This can help your business monitor data across multiple branches and quickly respond to a threat as it occurs.
  • Centralized data. Centralizing data on a server or in a cloud-based location allows your company to increase protections, decrease direct-data breaches, and quickly recover from an attack—provided there are appropriate backup and recovery processes in place. It also allows your professionals to safely access data from anywhere through remote access or a cloud-based storage browser. 

Develop an Incident Response Plan

It’s important to develop a recovery plan before an attack occurs. Your incident response plan should be applicable to the types of attacks that are most likely to impact your company, and each member of the designated incident response team should understand their role in the aftermath of a disastrous event.

In the event of a successful data breach, your company should follow these steps:

  • Notify your IT support provider about the suspected phishing email.
  • Block any further emails originating from the sender’s email address.
  • Educate the victim of the phishing email and all other employees about recognizing future attacks.
  • Review logs on critical systems for any suspicious data exfiltration activities.
  • Notify local law enforcement or local FBI chapter.
  • Isolate the propagation of the ransomware as much as possible.
  • Enact your incident response plan to begin the recovery process.
  • Restore data from offline backups or remote backup systems.
Direct Data Breach
  • Determine if the device that has been lost or stolen utilized whole-disk encryption.
  • Identify the type of data that was stored on the lost or stolen device.
  • Request the user of the compromised account or device change their network password and passwords to other online accounts with cached credentials.
  • Engage your legal department, local law enforcement, and insurance carrier if there is a high probability that customer data will be exposed.
  • Initiate breach notification procedures to the victims of the attack, when appropriate.

Create an IT Process

Developing a comprehensive, preventative IT process can help your company assess current risk and stay on top of future risks as they emerge. Your IT process may vary depending on the size or scope of your business.

Small Business Approach

If your company has fewer than 100 employees or less than $25 million in revenue, the following IT security process will likely stay within your security budget while helping you deter and address future threats.

  • Start the conversation. Your company’s ownership and management should discuss the company’s IT risk and potential threats.
  • Establish a proactive risk approach. Develop an approach for staying up-to-date on top-trending threats and consistently monitoring your IT environment. This could include holding monthly cyber-risk meetings or hiring an outside advisor.
  • Create a system. Create policies to govern user behavior and protect company, customer, and employee data. Make sure your system’s security controls help enforce those policies.
  • Provide ongoing employee education. Ongoing education is especially important for small businesses because their technologies for protecting systems and data may be less robust. That means there are more opportunities for individual employees to make decisions that compromise your data. Educational opportunities make each employee aware of potential threats and their role in protecting the company.

Larger Business Approach

If your company has more than 100 employees or more than $25 million in revenue, the following IT security process will help you monitor risks and protect your company.

  • Conduct a cyber-risk assessment. Large companies may need to hire externally to conduct an initial cyber-risk assessment. An assessment identifies potential risk areas that can help threats materialize and recommends improvements for addressing them.
  • Identify controls. Establish or strengthen controls revealed by the cyber-risk assessment. Controls could be technical, administrative, or physical in nature, and should apply enterprise-wide. Examples include implementing data leakage prevention solutions, instituting a mobile device security policy, and adding surveillance cameras to server rooms.
  • Create policies and procedures. Assess and review your company’s controls regularly, and create policies that govern how frequently cyber-risk assessments must be performed. These policies should identify who is responsible for planning regular assessments and how frequently they should occur.
  • Provide educational opportunities. Providing ongoing training opportunities can help your company stay aware of emerging threats and steps each employee can take to protect company data. Regularly testing employees’ awareness by periodically simulating attacks will help indicate if additional training is necessary.

We’re Here to Help

Developing a proactive cybersecurity plan can help your company neutralize or prevent an attack before it compromises data and causes reputational damage. To learn more about identifying, addressing, and preventing cyberthreats, contact your Moss Adams professional, watch our webcast, or view our cybersecurity guide.

Contact Us with Questions

Enter security code:
 Security code