When it comes to bottling and distributing our wine to the rest of the world, New Zealand winemakers turn to WineWorks to get the job done.

Around 400 Kiwi wineries send their product to one of WineWorks’ facilities in Blenheim, Hawke’s Bay or Auckland for lab testing and certification, bottling, warehousing and distribution. With 80% of the industry as clients, the company lives up to its target of being “trusted to bottle New Zealand for the world”.

Wine bottles on a getting processed

A key part of WineWorks’ strategy is to give clients the exact capacity they need, making it easy for them to scale production and achieve economies of scale. The 25-year-old company also operates with a strong set of core values which guide what should be done and how, says IT manager Ernie Scherf.

This includes the operation of IT systems and treatment of client data. In recent years, the successful onboarding of major clients in the United Kingdom and United States has required WineWorks to meet extremely high data protection standards such as the European Union’s GDPR (general data protection regulations) requirements.

“We have multiple accreditations, all of which cover cybersecurity, including undergoing several audits through the British Retail Consortium.”

Strengthening the company’s cybersecurity posture is a journey which began six years ago.

“We were hosting our own servers with two systems running identical software. Although we were good for a small business of 417 staff with an IT team of six, we found ourselves wanting in some strategic areas,” says Ernie.

WineWorks decided to move to a Datacom managed data centre which led to a two-year period of working with Datacom’s Nelson team, consolidating systems and migrating into a data centre environment.

Growing cyber threats

At the same time security concerns were ramping up worldwide due the rising tide of cybercrime including phishing scams, ransomware, and denial of service attacks. A cyber attack on a large New Zealand brewery which threatened to disrupt the beer supply chain, is one incident which stands out in Ernie’s mind.

“The security of the network and IT systems rests on my shoulders and the main thing keeping me awake at night back then was not knowing what was on the network and what people were doing.”

A security review highlighted email management and staff training as areas of concern. A simulation revealed 30 per cent of staff were clicking on bad links. There was an urgent need for a programme on staff awareness and training as well as improved security tools.

Trusted partnership

“When we embarked on our cybersecurity journey, we chose Datacom. A hallmark of WineWorks is that we develop trusted partnerships. Datacom was already embedded in our infrastructure, and we knew and trusted the people. That made it easy.”

Groundwork on policy and implementing training was done in-house by the WineWorks IT team with Datacom providing guidelines and best practice for assessing and implementing cybersecurity products.

“Datacom spent a lot of time with me working through figures, licensing pro and cons, understanding how various products would work with our system and how effective they would be. They provided a lot of case studies and anecdotal data which helped our decision-making process.

“We’d seen the email filtering tool Mimecast and end point detection software CrowdStrike at roadshows. We asked Datacom for their recommendations on the top 25 per cent of security products and Mimecast and CrowdStrike were in there.

Mimecast scans every email and replaces unsafe with safe links with a warning. “If the user still goes ahead and tries to click on the link, the system stops them. If a person clicks on too many dubious links, we will talk to them and provide training.”

Datacom provides WineWorks’ managed EDR service using CrowdStrike to monitor all machines and updates and to report vulnerabilities. A down-the-line benefit of EDR is that machine and network hygiene is so high that “everything just works”, which means less staff logging IT support tickets.

The work on cybersecurity is ongoing and WineWorks is continuing to strengthen its cybersecurity posture. At the end of 2021 Datacom ran a NIST (National Institute of Security) review on the company’s systems and planned improvements include multifactor authentication, documentation of processes, and ensuring that all sysadmin accounts have appropriate levels of access.

“Cybersecurity is a journey. We meet monthly with Datacom, and they give us tremendous advice and support.”

Related industries
Transportation & logistics
Related solutions
Security Data centres