Wineries that focus their attention on a few key areas can be better aware of their weak points and able to implement measures that improve overall cybersecurity hygiene and lessen the risk of becoming a victim of a cyberattack.
The following five cybersecurity practices are where wineries can get the most bang for their buck.
1. Security Awareness Training for Employees
Most successful cyberattacks start with an employee falling victim to a social engineering attack.
Phishing is a type of social engineering attack in which a cybercriminal sends a fake, but seemingly legitimate-looking, email that makes an urgent request for action, such as changing the payment address of a known vendor.
Another type of social engineering attack is vishing or phone-based impersonation attacks. In a vishing attack, a cybercriminal impersonates someone who comes from a known authoritative source, such as a software provider. In this type of attack, the cybercriminal may pose as an IT technician to gain unauthorized access to your systems.
Employees are typically the first line of defense. One of the best ways to improve cybersecurity and thwart cyberattacks is to have employees trained and educated on best practices for how to recognize and hinder a social engineering attack and other cyberthreats. Important topics that should be covered include the following:
- Phishing and vishing attacks
- Safe internet browsing
- Importance of antivirus
- Long, complex pass phrases and passwords
There are services that provide annual security awareness training that’s interactive and even entertaining for employees.
2. Network Penetration Testing
Network penetration testing—also known as ethical hacking—is a service provided by cybersecurity consultants. It’s used to identify vulnerabilities and weaknesses in a system that could potentially be compromised by a cybercriminal. Some of these vulnerabilities may be caused by the following:
- Insufficiently patched system
- Out-of-date software
As a result, a cybercriminal may attack and exploit a vulnerability to gain access to the network, steal data, or install a piece of software that provides a remote back door to the network for later use.
Engaging a consultancy with cybersecurity expertise to conduct regularly scheduled network penetration testing can help to uncover nascent vulnerabilities ahead of a would-be cybercriminal.
This testing will make you aware of system vulnerabilities that can be subsequently patched and addressed before they’re targeted for attack. It’s recommended that network penetration testing be performed on a quarterly basis or whenever the IT infrastructure changes.
3. Due Diligence on Third-Party Service Providers
Many wineries outsource the administration of the wine club membership system to a third-party software-as-a-service provider. Similarly, wineries may use an outsourced IT support provider to manage the IT environment, particularly if they have on-premise systems.
In either case, the winery is responsible for ensuring their service providers have solid and sufficient cybersecurity controls to protect the winery’s customer data. If a service provider’s network is breached and customer systems are compromised, the winery’s customers will likely blame winery management for partnering with a third-party with insufficient cybersecurity controls.
Performing continual due diligence of the service provider in the form of requesting and reviewing the results of any third-party attestation of controls reports—such as a Service Organization Control (SOC) 2 audit or PCI Report on Compliance (ROC) audit—will help to provide an understanding of the controls in place for protecting and securing sensitive data.
These audits are conducted by authorized firms that hold a CPA license, or in the case of PCI ROC audits, a Qualified Security Assessor firm designation. As such, you can be assured the audit was performed by an independent and objective third-party with a scrutinizing eye for potential areas of cyber-risk, lacking suitable controls, and operational practices that don’t align with industry-accepted best practices.
It’s recommended that wineries review the results of these audits, which occur annually, to ensure their service providers are safeguarding customer data effectively.
4. Proactive Monitoring
You have a business to run. Cybercriminals know this and they bank on the fact that you aren’t paying attention to system anomalies or strange behavior on your network causing system performance issues.
It’s this lack of continual attention that provides the opening and opportunity for a cyberattack. System audit logs and irregularities deviating from normal system baseline behavior can be very telling. It could mean that a cybercriminal is trying to compromise the system by attempting multiple logins or that enumeration is taking place where a cybercriminal is probing the system to identify user accounts to compromise.
However, upon first glance, this anomalous behavior may be attributed to just the occasional system issue and may be ignored or overlooked. This allows a cybercriminal to successfully install a Trojan remote access back door program that could provide a persistent ingress point and connection for data exfiltration or planned attacks in the future.
To minimize this threat, wineries without a sizeable IT staff can engage outsourced services to proactively monitor system and network behavior using a security information and event management (SIEM) system.
A SIEM system proactively and continually collects, aggregates, and correlates security logs from the various application servers, database servers, network devices, and firewalls within your IT environment. It then analyzes the collected security logs to proactively identify and alert you to potentially malicious activity, and thus, curtail a successful attack.
There are many third-party service providers that offer proactive security monitoring so that you can focus on making wine and running your business.
5. Incident Response Planning
Hopefully, no one reading this article ever falls victim to a cyberattack. Living in today’s ever-connected, always-online world makes the chances of getting hit with a cyberattack small; however, whether that cyberattack is successful or not is largely dependent on the strength of your cybersecurity hygiene.
But what if your winery is attacked? What do you do? This is where having planned protocols in place for dealing with a cyberattack is useful.
These protocols are typically in the form of a formalized, documented, and known incident response plan (IRP). The IRP can be as simple or complex as needed, but it should consider the most plausible types of cybersecurity incidents that could apply.
For example, if your winery’s network is compromised, you may have to make the decision to disconnect from critical services—such as cloud-based or hosted systems that store critical business data—to stymie or limit the impact of the attack. An IRP would detail the steps to do this and may also include sections about what to communicate to customers who have had their information compromised.
An IRP should also include the contact information of the key individuals who will make up the incident response team. The team may include people from the following:
- IT department
- Winery management
- External service providers, such as monitoring services, cybersecurity consultants, and even the local chapter of the FBI
Having documented procedures within the IRP to follow during or after an attack will help to decrease the amount of chaos that ensues while employees try to determine next steps and make critical decisions, such as terminating a connection or powering down a system.