We understand the specialized markets in which you operate and provide tailored solutions to meet your unique business needs.
Our comprehensive suite of business services combines industry expertise, market knowledge and professional insights.
MNP is a leading national accounting, tax and business consulting firm in Canada.
Suite 2000, 330 5th Ave. S.W.
MNP careers are Different by Design. As an entrepreneurial firm, we truly believe there are no limits to where your career can go.
On Thursday, November 2, 2017, 60 winery owners and key industry stakeholders attended MNP’s 8th annual workshop for the B.C. wine industry, hosted by MNP’s Geoff McIntyre. This year, attendees heard timely presentations from Asha Hingorani from the Canadian Vintners Association regarding recent trade negotiations as well as an update on the Comeau Supreme Court case from Shea Coulson. MNP’s presentation focused on Risk in the Workplace.
The following article was co-authored by MNP’s Mark Jordan, CPA, CA, CFE, CFF, Investigative & Forensic Services and Ron Borsholm, CISSP, PMP, PCI, QSA, Cyber Security Services, and serves a summary of our presentation.
Defending Your Winery: Preventing Fraud and Cyber Attacks
This article was previous published with Canadian Grapes to Wine Magazine and has been reproduced with permission.
The possibility of open trade between provinces and direct-to-consumer presents great opportunity for Canadian wineries. Taking advantage of these opportunities may mean working with new business partners (agents and central warehouses) and leveraging new technologies, especially in the online retail space. But, with opportunity comes greater risk and a need to ensure that adequate protections are in place to prevent or mitigate the impact of fraud and cyber attacks.
Unfortunately, fraud and cyber attacks are regularly reported in the local, national and international news. Most people are aware of the recent Equifax breach and it doesn’t take long to find articles relating to security breaches at hotels and even wineries. Sadly, this is only the tip of the iceberg. Fraudsters and hackers do not discriminate and organizations of all sizes are at risk. Although it may not always make the news, we regularly see fraud and cyber attacks in small businesses, not-for-profits and even minor hockey clubs.
For many organizations, fraud and cyber attacks can be devastating with the impact being one or more of the following:
It shouldn’t come as a surprise that the right amount of one or more of the above may be a fatal blow to an organization.
In terms of fraud, one of the biggest threats is a lack of segregation of duties. When it comes to cyber attacks, two common threats are spear phishing and ransomware.
Segregation of duties is all about the need to share tasks; no one person in an organization should be doing two or more tasks which expose the organization to the risk of fraud. For instance, one person should not be responsible for reviewing timesheets, preparing payroll, signing cheques and recording transactions in the organization’s books. This leads to an opportunity to falsify records and ultimately overpay themselves. Due to few staff in the organization, small organizations often have limited segregation of duties, however, this should not prevent a business owner from running their finger down the bank statements on a monthly basis, a task which takes relatively little time. This task can help identify unusual payments or missing bank deposits which require further investigation.
Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. In one recent case, an organization lost significant money when the accounts payable clerk was targeted and asked by email to change a vendor’s banking information. The criminals then sent fake invoices to the organization, which were paid using the altered banking information.
In another case, the chief financial officer at a not-for-profit received an email that looked like it was from a bank the organization used. It asked her to update her user ID and password and, in the rush of a busy day, she quickly complied. A few days later, it was discovered that hundreds of thousands of dollars had been stolen and wired out of their account.
Ransomware is a type of malware that prevents users from accessing their computer system unless a ransom is paid. In most cases, users either click an attachment in an email or a link on a webpage which leads to their systems being compromised.
A recent incident reported in the news related to a wine store that fell victim to ransomware. While the company was only asked for a ransom of $500 in bitcoin (which they paid), it cost more than 10 times the ransom amount to fully restore their computers to a secure state. To add insult to injury, the perpetrator sent the business owner an unofficial receipt thanking them for their “involuntary purchase.”
Commonly, many organizations do not have sufficient internal controls in place such as policies, procedures and training to prevent fraud or cyber attacks. Other organizations put controls in place, but then fail to test them to ensure they are working correctly. So how can a winery defend against these risks and minimize the impact of fraud and cyber attacks?
Build a Fraud and Cyber Security Risk Management Program
Finally, what does all this really mean to you? With the right internal controls in place such as policies, procedures and training, you can focus on growing your winery business.
For more information on how to protect your winery, contact Geoff McIntyre, CPA, CA, Business Advisor and Partner in MNP’s Kelowna office. As the Food & Ag Processing Leader for the Okanagan Region, Geoff specializes in serving the British Columbia wine industry and can be reached at
[email protected] or 1.877.766.9735.
Related Topics:Wineries; Technology; Fraud
Find an office near me