02 Jun Your Winery Customer Data: Is It Secure?
Is Your Winery Customer Data Secure?
It should come as no surprise to anyone that we are a nation under siege by cyber warriors looking for another payday. All you have to do is read the news every day to learn about another big retailer, government agency or financial institution being hacked by some unknown domestic or foreign entity trying to get financial or other personal data from customer databases. And yet, closer to home in wine country, there is still not a full understanding of the role we and our employees play in safeguarding personal customer data.
I believe much of this comes into play around wine club processing and allocation releases. Many wineries are cash flow dependent on wine club processing and allocation releases for their financial operating needs. These functions are generally in the hands of the staff that may or may not be trained in PCI compliance or data security (What is PCI? Read this: http://bit.ly/1Y34dSc). In fact, most smaller(and even some larger) wineries don’t have formal written privacy policies and data management procedures in place and training required of staff beyond general POS and web order processing. And yet the responsibilities for running wine clubs and allocations, and managing customer data, while important from an operating perspective, also exposes the winery and ownership to substantial liabilities and risk in the event of a data breach ie. Getting hacked and having customer credit card and other personal info stolen.
What prompted this topic was an email I received last month from a prestigious Russian River Winery, as follows:
After sending the winery owner a private message letting him know of my displeasure in having his winery send my credentials (user name and password) in the same email, he sent me the following response:
I appreciate you bringing this issue to my attention. Apparently, our team is not aware of the compliance infraction nor the potential downside. I will discuss it with everyone and moving forward avoid doing this again in the future.”
It was less than a year ago that a major wine industry software company got hacked and had credit card data stolen from 80+ wineries, some major ones included. The platform allowed wineries to send out emails that were auto-populated with usernames and passwords of the wine club and allocation list members. I was one of them and I received an email just like the one above from a winery at which I was a wine club member. At that time, I complained to the winery about their practice and was told that it was “a new employee” who had not been trained properly. A month later, their eCommerce provider was hacked, and my data stolen. While nothing bad ultimately happened to me, it had serious financial repercussions for the software company(who ultimately upgraded their technology to prevent similar future hacks), and to the wineries involved, since they were ultimately liable.
Based on the recent allocation release email above that I received, a year later, the problem still exists in the wine industry. It is the responsibility of winery ownership and management to make sure that they and their employees understand what data privacy and security really means, and to receive the appropriate training related to maintaining customer data security.
Here’s why it matters:
In addition to the federal government’s legal requirements and penalties, the State of California statutes provide for penalties and civil rights of action by injured parties resulting from data breaches and negligence caused by companies storing personal customer data. To make matters worse, once data breaches occur, most business owners find out that their standard commercial property and liability insurance does not cover the costs of cleanup, litigation, and notifications, which can be very labor intensive and expensive.
7 Ways to Protect Your Customer Data
So, what to do?
- Train existing and all new employees on their responsibilities in regards to protecting customer data.
- Conduct a PCI compliance self-assessment to learn the pitfalls and assess your internal vulnerabilities.
- Limit access to sensitive customer data to only those employees who need it.
- Do simple background checks on new hires that will have access to customer data. It is an inexpensive way to avoid known risks in hiring.
- Update your computer systems with the latest anti-virus and spyware software.
- Lastly, rely on professionals. Consider bringing in an outside security expert to do a periodic audit of your systems and business processes before you get hacked or a breach occurs.
Take heart, you can protect yourself and your customers. The loyalty that is hard earned through building trusting relationships with your winery visitors, wine club members, and website customers can be maintained by following the suggested steps above. And if your employees and customers know you are mindful of the importance of data security on an ongoing basis, you will further build trust and maintain those valuable relationships that all wineries depend on.