Article
Help protect your winery from cyberthreats using these key strategies
Nov. 6, 2019 · Authored by Troy Hawes, Michael Parker
A version of this article was published in the November 2019 issue of Wine Business Monthly.
Your company’s IT systems are central to its business functions, helping it automate key processes, effectively manage and grow the business, and protect employees and customers’ sensitive information.
Cybersecurity breaches affect approximately 50% of companies in a 12-month period, according to the Ponemon Institute. However, knowing which threats cause the most damage and implementing defenses against them can help your company prevent or efficiently negate threats if they arise.
Following are a few top-trending cybersecurity threats your winery should be aware of and ways to prepare for, or reduce damage caused by, a security breach.
Determine potential threats
To hackers, a winery’s greatest asset is its valuable customer data — specifically customers’ credit card information. As technology rapidly develops, hackers have found new ways to infiltrate company systems and steal this valuable data.
However, knowing how to identify potential threats can help your company avoid or address issues before they affect customer data or cause serious damage. Some common threats impacting the wine industry include the following.
Phishing
Phishing scams take the form of emails that trick employees into providing sensitive information, such as IT system login information, customer payment information, or banking details.
Identification
Phishing emails are typically sent from fake accounts that mimic email addresses of seemingly legitimate sources, such as business partners or management representatives from your own company. However, the sender’s email address will be slightly different from the email address it’s mimicking.
An individual can identify a phishing email from a spoofed or fake email account by verifying the intended sender’s email address. Inspecting the source email address may show that the attacker has used different characters in the address, such as an uppercase l instead of a lowercase i, or they may have extended the email domain by adding additional words to make it look legitimate.
