5 Tips for Wineries to Protect Their Business Against a Cyberattack

silhouette of trees lakeside

A version of this article previously published in Wine Business Monthly in July 2021.

Wineries—even smaller family operations—are attractive targets for cyberattack because they store payment-card information, customer demographics, and intellectual property, such as specialized harvesting techniques.

While it might feel intimidating, improving or bolstering your cybersecurity defenses doesn’t have to be an onerous undertaking. Below, you’ll find five key steps to help protect your business.

Who Would Hack a Winery?

This is a question posed by many wineries that think they couldn’t possibly be a target of a cyberattack. However, in early 2021, a large, privately owned Australian winery was a victim of a cyberattack that resulted in a temporary outage of its ordering system and email services.

The winery’s business operations were down for a day. It was suspected that outside hackers were retaliating against the winery’s criticisms of hefty wine tariffs on Australian wine exports, according to a Financial Review article published in March 2021.

Even with this example, the media’s focus on reporting an increasing number of high-profile attacks against large companies that operate in critical infrastructure sectors—such as Colonial Pipeline and JBS—can make it difficult to fathom that a small winery may be a viable target for a cyberattack.

How Can Wineries Protect Themselves Against Cyberattacks When Resources Are Limited?

Wineries that focus their attention on a few key areas can be better aware of their weak points and able to implement measures that improve overall cybersecurity hygiene and lessen the risk of becoming a victim of a cyberattack.

The following five cybersecurity practices are where wineries can get the most bang for their buck.

1. Security Awareness Training for Employees

Most successful cyberattacks start with an employee falling victim to a social engineering attack.

Phishing is a type of social engineering attack in which a cybercriminal sends a fake, but seemingly legitimate-looking, email that makes an urgent request for action, such as changing the payment address of a known vendor.

Another type of social engineering attack is vishing or phone-based impersonation attacks. In a vishing attack, a cybercriminal impersonates someone who comes from a known authoritative source, such as a software provider. In this type of attack, the cybercriminal may pose as an IT technician to gain unauthorized access to your systems.

Employees are typically the first line of defense. One of the best ways to improve cybersecurity and thwart cyberattacks is to have employees trained and educated on best practices for how to recognize and hinder a social engineering attack and other cyberthreats. Important topics that should be covered include the following:

  • Phishing and vishing attacks
  • Safe internet browsing
  • Importance of antivirus
  • Long, complex pass phrases and passwords

There are services that provide annual security awareness training that’s interactive and even entertaining for employees.

2. Network Penetration Testing

Network penetration testing—also known as ethical hacking—is a service provided by cybersecurity consultants. It’s used to identify vulnerabilities and weaknesses in a system that could potentially be compromised by a cybercriminal. Some of these vulnerabilities may be caused by the following:

  • Insufficiently patched system
  • Misconfiguration
  • Out-of-date software

As a result, a cybercriminal may attack and exploit a vulnerability to gain access to the network, steal data, or install a piece of software that provides a remote back door to the network for later use.

Engaging a consultancy with cybersecurity expertise to conduct regularly scheduled network penetration testing can help to uncover nascent vulnerabilities ahead of a would-be cybercriminal.

This testing will make you aware of system vulnerabilities that can be subsequently patched and addressed before they’re targeted for attack. It’s recommended that network penetration testing be performed on a quarterly basis or whenever the IT infrastructure changes.

3. Due Diligence on Third-Party Service Providers

Many wineries outsource the administration of the wine club membership system to a third-party software-as-a-service provider. Similarly, wineries may use an outsourced IT support provider to manage the IT environment, particularly if they have on-premise systems.

In either case, the winery is responsible for ensuring their service providers have solid and sufficient cybersecurity controls to protect the winery’s customer data. If a service provider’s network is breached and customer systems are compromised, the winery’s customers will likely blame winery management for partnering with a third-party with insufficient cybersecurity controls.

Performing continual due diligence of the service provider in the form of requesting and reviewing the results of any third-party attestation of controls reports—such as a Service Organization Control (SOC) 2 audit or PCI Report on Compliance (ROC) audit—will help to provide an understanding of the controls in place for protecting and securing sensitive data.

These audits are conducted by authorized firms that hold a CPA license, or in the case of PCI ROC audits, a Qualified Security Assessor firm designation. As such, you can be assured the audit was performed by an independent and objective third-party with a scrutinizing eye for potential areas of cyber-risk, lacking suitable controls, and operational practices that don’t align with industry-accepted best practices.

It’s recommended that wineries review the results of these audits, which occur annually, to ensure their service providers are safeguarding customer data effectively.

4. Proactive Monitoring

You have a business to run. Cybercriminals know this and they bank on the fact that you aren’t paying attention to system anomalies or strange behavior on your network causing system performance issues.

It’s this lack of continual attention that provides the opening and opportunity for a cyberattack. System audit logs and irregularities deviating from normal system baseline behavior can be very telling. It could mean that a cybercriminal is trying to compromise the system by attempting multiple logins or that enumeration is taking place where a cybercriminal is probing the system to identify user accounts to compromise.

However, upon first glance, this anomalous behavior may be attributed to just the occasional system issue and may be ignored or overlooked. This allows a cybercriminal to successfully install a Trojan remote access back door program that could provide a persistent ingress point and connection for data exfiltration or planned attacks in the future.

To minimize this threat, wineries without a sizeable IT staff can engage outsourced services to proactively monitor system and network behavior using a security information and event management (SIEM) system.

A SIEM system proactively and continually collects, aggregates, and correlates security logs from the various application servers, database servers, network devices, and firewalls within your IT environment. It then analyzes the collected security logs to proactively identify and alert you to potentially malicious activity, and thus, curtail a successful attack.

There are many third-party service providers that offer proactive security monitoring so that you can focus on making wine and running your business.

5. Incident Response Planning

Hopefully, no one reading this article ever falls victim to a cyberattack. Living in today’s ever-connected, always-online world makes the chances of getting hit with a cyberattack small; however, whether that cyberattack is successful or not is largely dependent on the strength of your cybersecurity hygiene.

But what if your winery is attacked? What do you do? This is where having planned protocols in place for dealing with a cyberattack is useful.

These protocols are typically in the form of a formalized, documented, and known incident response plan (IRP). The IRP can be as simple or complex as needed, but it should consider the most plausible types of cybersecurity incidents that could apply.

For example, if your winery’s network is compromised, you may have to make the decision to disconnect from critical services—such as cloud-based or hosted systems that store critical business data—to stymie or limit the impact of the attack. An IRP would detail the steps to do this and may also include sections about what to communicate to customers who have had their information compromised.

An IRP should also include the contact information of the key individuals who will make up the incident response team. The team may include people from the following:

  • IT department
  • Winery management
  • External service providers, such as monitoring services, cybersecurity consultants, and even the local chapter of the FBI

Having documented procedures within the IRP to follow during or after an attack will help to decrease the amount of chaos that ensues while employees try to determine next steps and make critical decisions, such as terminating a connection or powering down a system.


Wineries that focus their attention on a few key areas can be better aware of their weak points and able to implement measures that improve overall cybersecurity hygiene and lessen the risk of becoming a victim of a cyberattack.

Can a Winery Survive a Cyberattack?

Cyberattacks may be levied against a wine club membership system, accounting system, or email system. While some of these systems may be outsourced by a third-party to host and administer, the onus is on the winery to ensure that customer data—including payment card information—is protected and secured.

Wineries are an attractive target because of the customer information that they hold, such as:

  • Payment card information
  • Customer demographics
  • Intellectual property, such as specialized harvesting techniques

If a winery’s club system is hit with ransomware and becomes inaccessible, the ability to process wine club allocations, notify members of specials, and effectively serve club membership is severely hampered.

Worse, the cybercriminal may ask for a ransomware payment to decrypt the club member database. This may place considerable financial hardship on the winery, which could result in a closure of the business.

Can a Winery Eliminate the Risk of a Cyberattack?

The simple answer is no, a business can never eliminate the risk of cyberattack.

Technology changes and the capabilities of cybercriminals constantly evolve with new tools, tactics, and procedures largely and freely available on the dark web to help with the evolution of cybercriminal activity.

There are, however, actions a winery can take to protect its systems and data from cyberattacks. While throwing a lot of time, money, and resources toward cybersecurity in an attempt to eliminate the risk may be impractical and unrealistic—and likely beyond the capabilities of a lot of mom and pop-type wineries—there are still steps you can take.

That’s why incorporating the above five key cybersecurity practices into your winery’s approach to cybersecurity hygiene is a great starting point to help thwart a successful cyberattack and reduce the impact to critical systems and data.

We’re Here to Help

To learn more about how to protect your business from cyber-risks, contact your Moss Adams professional.

You can also learn more about our Wine, Beer & Spirits Practice and additional topics affecting the industry.

Related Topics

Contact Us with Questions