IT and Cybersecurity for Salinas Valley Agriculture: A 2026 Guide for Growers, Packers, and Coolers

Monterey County grew nearly $5 billion of crops in 2024, with strawberries crossing a billion dollars on their own and leafy greens close behind. The Salinas Valley earns the "Salad Bowl of the World" name by turning two vegetable crops a season into product that has to be in a buyer's distribution center, cold and in spec, within days of leaving the field. That is an operations miracle, and almost none of the growers and packers I work with set out to build the IT that holds it together. They added a produce ERP because a retailer required traceability, a cooler monitoring system after a close call, a scale house, a food-safety binder, and a second cooler, one season at a time.

This post is the version of the conversation I have over coffee with a Salinas Valley grower-packer-shipper. The framing I use, and the one I will use here, is six layers. You are already running most of them. The question is whether you are running them well enough to survive a harvest-timed ransomware attempt, a cooler that quietly stops paging in a heat wave, a PrimusGFS audit, a wire-fraud attempt during planting-season input buying, and a PG&E shutoff in October.

Why agriculture IT is different from generic SMB IT

An accounting office in Salinas has eight people, eight laptops, and a printer. A grower-packer-shipper of the same revenue has a year-round office, a pack house full of line workers and shared terminals, one or more coolers running refrigeration controls and temperature monitoring, scale houses, field crews on cellular, a produce ERP, a food-safety program, brokers and retail buyers with their own portals, and a payroll that swings from dozens to hundreds of people with the season. The office has one regulator. The packer answers to the FDA, the buyer's food-safety auditor, the third-party certification scheme, the state, and the cyber-insurance underwriter.

Concretely, agriculture IT differs from generic small-business IT in five ways:

• The clock is perishable. Downtime is not an inconvenience; it is product warming up in a cooler or sitting unshipped in a heat wave. The cost of an outage is measured in spoiled loads, not lost keystrokes.
• Vehicles, coolers, and lines are devices. Refrigeration controls, temperature loggers, scale systems, and labeling printers are networked operational technology with firmware, credentials, and uptime requirements.
• Traceability is now table stakes. The FDA's FSMA 204 rule and, more immediately, your own retail buyers require lot-level traceability that has to be captured on the floor and survive an audit.
• Labor is seasonal and shared. Hundreds of workers cycle through in months, and shared terminals on the pack line are the norm. Generic per-user IT assumptions break here.
• You move large sums on a seasonal calendar. Input purchases at planting and grower payments at settlement are predictable, which is exactly why wire fraud is aimed at them.

The six IT layers a Salinas Valley operation needs

Layer 1: Connectivity across field, cooler, pack house, and office

The office needs a real firewall, business-class internet with a documented SLA, and a cellular failover. But agriculture's connectivity problem is geography. The cooler and pack house are often a separate site from the office, and the fields are wherever the ground is. The realistic pattern is business fiber where it exists, a point-to-point wireless link or a second carrier between the office and the cooler, and a cellular failover so the scale house and shipping office never go fully dark on a single fiber cut. The 101 corridor between Salinas, Gonzales, and King City loses fiber more often than people expect, and a single ISP is a single point of failure for shipping.

Inside the pack house, metal buildings and refrigeration are hostile to Wi-Fi. Handheld scanners, labeling stations, and QA tablets need engineered coverage, cabled access points placed for the building, not a consumer router on a shelf. The network design service page covers the multi-site and pack-house approach, and it is where most operations recover the most obvious daily friction.

Layer 2: Cold-chain and cooler monitoring uptime

This is the layer that protects the product directly. Temperature monitoring, refrigeration controls, and the alerting that wakes someone up when a room drifts are the difference between proving a load stayed in spec and arguing about it with the receiver. Two failure modes show up constantly. First, the monitoring platform stops paging because a mailbox, an integration, or a phone number quietly broke, and nobody notices until product is warm. Second, the cooler controls sit on the same flat network as the office, so a problem on the office side can reach refrigeration.

The fix is a monitored, segmented design: the temperature and refrigeration systems live on their own network segment, the alerting is tested on a schedule so you know it actually reaches a human, and the historical logs that an auditor or a receiver will ask for are retained and backed up. This is operational technology and IT at the same time, and the cost of getting it wrong is a totaled load.

Layer 3: Produce ERP and FSMA 204 traceability

The produce ERP, whether that is Famous, Produce Pro, a Microsoft Dynamics build, or another platform, is the system of record for lots, inventory, sales, and shipping. The IT concerns are the same regardless of brand: it has to be reachable from the pack-house floor and the scale house, integrated with your accounting and your labeling, and independently backed up. A platform that only the office desktop can reach is a platform that stops the line when the office desktop dies.

Traceability sits on top of the ERP, and it is the topic with the most confusion right now. The FDA's FSMA Section 204 Food Traceability Rule requires lot-level records, Key Data Elements captured at Critical Tracking Events, for foods on the Food Traceability List, which includes the leafy greens, fresh-cut produce, and many of the berries that define the Salinas Valley. The original compliance date was January 20, 2026. In 2025 the FDA extended it by 30 months to July 20, 2028, and Congress directed the FDA not to enforce before that date. The requirements did not change, only the clock. We dig into what that means below, but the short version is that your retail buyers are asking for this data now regardless of the federal date.

Layer 4: Food-safety audit IT

PrimusGFS, SQF, GAP, BRCGS, and the other GFSI schemes are document-and-evidence regimes, and they run on IT whether you have planned for it or not. The auditor wants to see records, retained, access-controlled, and produced on demand: monitoring logs, sanitation records, training sign-offs, corrective actions, supplier documents, and the traceability data that ties a finished lot back to a field and forward to a customer. The most common finding we clean up is not a missing control, it is a control that exists but cannot be shown, because the records live on one person's laptop or in a shared mailbox with no retention and no backup.

The IT baseline that passes these audits cleanly is named accounts with role-based access, retained and backed-up document storage, and an audit trail on who changed what. That same discipline, the kind a DoD-cleared engineering background brings, is what turns audit week from a fire drill into a print job.

Layer 5: Cybersecurity for shared, seasonal endpoints

Agriculture has a cybersecurity profile that generic SMB advice does not cover: shared terminals on the pack line, hundreds of seasonal accounts, and a calendar that tells an attacker exactly when you cannot afford downtime. The control set we run for produce operations:

• MFA on every cloud account — Microsoft 365, the produce ERP, the bank, broker and retail portals, and payroll. Without exception.
• EDR on every office and pack-house endpoint, including the shared terminals, not just antivirus.
• Network segmentation that keeps cooler controls, scale systems, and labeling OT away from the office and the guest Wi-Fi.
• Monitored email security, because the wire-fraud and vendor-banking scams aimed at ag arrive by email.
• Named and time-bound seasonal accounts, provisioned at hire and disabled the day the crew leaves — no shared pack-line logins.
• 24/7 monitored detection and response, because a harvest-timed attack at 2 a.m. on a Saturday is the whole point.

The cybersecurity service page covers the engineering approach, and the MFA fatigue post and identity hardening post cover the account side most of this rests on.

Layer 6: Backup and continuity

The records that have to survive a bad day: the produce ERP data, the food-safety documentation, the cooler monitoring history, accounting, grower and labor records, and email. Independent backup of Microsoft 365 and a documented export and backup path for the produce ERP are both needed, because the vendor backs up their platform for their own resilience, not for your deleted lot or your compromised admin account. Tested restores, not just backups, are what keep you shipping through a bad week.

Continuity also means PG&E. The Central Coast sits under the Public Safety Power Shutoff program, and a produce operation that goes dark loses cooler monitoring, shipping, scale systems, and phones at the worst possible time of year. The plan is UPS on the monitoring and network gear, a documented runbook for failing the office over to cellular or a backup site, and generator capacity sized for the cold-chain assets that genuinely cannot go dark. The PSPS continuity plan post covers the playbook, and the backup and disaster recovery service page covers tested restores and immutable copies.

The threat patterns hitting Central Coast ag right now

Produce has its own cybercrime profile, and it is driven by your calendar and your cash flow more than by your data. Four patterns we see often in 2026:

Harvest-timed ransomware

The FBI has warned that ransomware actors deliberately time attacks to critical planting and harvest seasons, when a grower, packer, or cooperative is most likely to pay rather than lose perishable product. A packer who cannot generate shipping paperwork or run the cooler for two days at peak is losing tens of thousands of dollars of product a day. That time pressure is the leverage. The defense is the full stack above: MFA everywhere, EDR, segmentation, monitored email, and 24/7 detection that catches the intrusion before it becomes encryption. The 2026 ransomware post walks the attack chain.

Planting-season wire fraud

Input purchases, seed, fertilizer, packaging, equipment, are large and seasonal, which makes them a predictable target. The attacker, often from inside a compromised mailbox, sends spoofed payment or wire instructions timed to when they know money is moving. The defense is procedural: no payment or banking change is accepted by email, every change is verified by phone against a number already on file, and a second person approves any change to where money is sent.

Vendor and grower banking-change scams

The same play aimed at your accounts payable and grower-settlement process. A "vendor" or a "grower" emails new banking details, and the next payment lands with the thief. Named accounts, monitored email, and a verify-by-phone rule shut this down. It is the single most common way produce operations lose real money that has nothing to do with the crop.

Seasonal account sprawl

Not an attack, but the gap the attacks walk through. Seasonal workers leave, and their accounts and the shared pack-line logins stay active for months. We routinely find accounts still live in November that belonged to crews who left in summer. Every one is an unmonitored door, and every one is a food-safety and cyber-insurance finding. The fix is a documented joiner-mover-leaver process tied to your seasonal calendar.

FSMA 204: the deadline moved, the work did not

Because this is the question I get most from Salinas Valley packers right now, it is worth its own section. The FDA's Food Traceability Rule requires you to capture and share Key Data Elements at each Critical Tracking Event, receiving, transforming, creating, and shipping, for any food on the Food Traceability List. Salinas Valley leafy greens, fresh-cut produce, and many berries are on that list. The compliance date was January 20, 2026; it is now July 20, 2028, after a 30-month FDA extension that Congress reinforced by directing no enforcement before then.

The trap is treating the extension as a reason to stop. Three reasons not to: your large retail and foodservice buyers are already requiring this traceability data in their supplier agreements regardless of the FDA date; the work, getting your ERP, labeling, and floor-level lot capture to produce clean Key Data Elements, takes real time to implement and shake out; and the operations that wait will be the ones scrambling and overpaying in early 2028. The right move is to use the runway. Get lot capture working on the pack-house floor, get your ERP producing the records, and test that you can actually generate a traceability lot code report on demand. That is an IT project as much as a food-safety project, and it is the highest-leverage thing a forward-looking packer can do with the extra time.

Office and pack-house IT baseline

The baseline we recommend for the year-round side of a Salinas Valley grower-packer-shipper:

• Microsoft 365 Business Premium per user. Outlook, the Office apps, OneDrive, SharePoint, Teams, Defender for Business (EDR), Intune (MDM), and Entra ID P1 (identity hardening). At roughly $22 per user per month it is the most leveraged dollar in the stack. The Microsoft 365 settings post covers what to turn on first.
• Business-class internet with documented SLA at the office and the cooler, with cellular failover and a point-to-point link between sites where fiber will not reach.
• Engineered pack-house Wi-Fi for handhelds and labeling, not a consumer router fighting the refrigeration.
• Real firewalls with segmentation separating office, cooler OT, scale systems, and guest networks.
• UPS on monitoring and network gear, plus a documented PSPS runbook.
• VoIP for the shipping and sales desks that can ring through to mobile when the office is empty.

The full program lives on the managed IT services page, and operations that want a strategic, budgeted plan use our vCIO service to sequence it around the season.

What we steer ag operations away from

• Cooler monitoring nobody has tested. If you cannot say when the last test page actually reached a phone, you do not have monitoring, you have hope.
• Flat networks where the cooler controls, the scale house, and the office all share one segment. One compromise reaches everything.
• Shared pack-line logins. No audit trail, no offboarding, automatic audit finding.
• Seasonal accounts left active after the crew leaves. Every one is an open door.
• Approving banking changes by email. The most expensive habit in produce. Every change gets a phone call.
• Trusting the ERP vendor's "we back you up." They back up their platform, not your deleted lot or your audit trail.
• Treating FSMA 204 as done because the date moved. Your buyers did not move their date.

A realistic budget for a Salinas Valley grower-packer

Numbers for a representative 25-person year-round operation across an office, a pack house, and two coolers, scaling to seasonal labor, running Microsoft 365 Business Premium and a produce ERP. Monthly, all-in, and excluding the ERP and the cold-chain sensors themselves:

• Microsoft 365 Business Premium: 25 users × $22 = $550
• MDR / managed security: 25 users × $25 = $625
• Managed IT (help desk, patching, backup, identity, seasonal account lifecycle): 25 users × $150–$200 = $3,750–$5,000
• Cold-chain monitoring integration and alerting management: $500–$1,500
• Multi-site connectivity (office, pack house, two coolers; fiber + point-to-point + failover): $1,200–$2,500
• Managed firewalls and segmentation across sites: $500–$1,000
• Independent backup (Microsoft 365 + ERP export + food-safety docs): $250–$500

Total monthly IT spend lands roughly between $7,500 and $12,000 per month for a 25-person multi-site operation, before hardware and the sensors. The biggest mover is the per-user managed IT line, which scales with year-round headcount, not with how many seasonal hands pass through. For comparison: a single cooler excursion that totals a load of leafy greens or berries runs well into five figures, and a harvest-timed ransomware event that halts shipping costs that much per day in unshipped, perishing product. The IT budget pays for itself in one avoided bad week.

Where this fits

This post sits alongside several other pieces in the Ghosxt industry cluster:

• The agriculture and agribusiness IT service page, which covers the full Ghosxt program for growers, packers, and processors.
• The cybersecurity service page, for the underlying security stack.
• The network design service page, for pack-house and multi-site connectivity.
• The backup and disaster recovery service page, for the continuity layer.
• The trucking and logistics IT post, for the cold-chain haul from the cooler to the buyer.
• The C-TPAT compliance page, for shippers crossing the border with produce.
• The 2026 ransomware post, for the attacker side of the security layer.
• The PSPS continuity plan, for fire-season power loss.

We support growers, packers, and processors across Salinas, Watsonville, Soledad, King City, Gilroy, and Hollister, and the rest of the Salinas and Pajaro Valleys.

FAQs about IT for agriculture and agribusiness

FSMA 204 got pushed to 2028. Can we stop worrying about traceability?

No, and the firms that treat the extension as a reprieve are the ones who will scramble in 2028. The FDA extended the Food Traceability Rule compliance date by 30 months to July 20, 2028, and Congress directed the FDA not to enforce before then, but the requirements themselves did not change. Salinas Valley leafy greens, fresh-cut produce, and many berries are on the Food Traceability List, which means lot-level Key Data Elements captured at Critical Tracking Events. Your buyers, the big retailers and foodservice distributors, are already asking for this data now regardless of the FDA date. The smart move is to use the extra runway to get your ERP, labeling, and cooler-floor capture working cleanly, not to shelve it.

Our cooler has its own temperature monitoring. Isn't that an OT problem, not an IT problem?

It is both, and treating them as separate is how excursions get missed. The temperature sensors and the refrigeration controls are operational technology, but the paging, the alerting, the historical logs that prove the load stayed in spec, and the dashboards the food-safety team reviews all run over your network and your accounts. We see two failure modes constantly: the monitoring platform stops paging because an integration or a mailbox quietly broke, and nobody noticed until product was warm; and the cooler controls sit on the same flat network as the office, so a compromise on the office side can reach the refrigeration side. The fix is a monitored, segmented design where the alerting is tested and the OT network is separated from the office network.

We hire hundreds of seasonal workers. How are we supposed to manage all those accounts?

Most seasonal staff never need a named computer account at all, and the ones who do, line leads, QA techs, scale-house and shipping staff, should get named accounts that are provisioned at hire and disabled the day the season ends. The single most common finding we have at Salinas Valley operations is seasonal accounts still active in November, months after the crew left. Shared logins on the pack line and scale house are the other half of the problem: no audit trail, no offboarding, and an automatic finding in a food-safety or cyber-insurance review. The answer is a documented joiner-mover-leaver process tied to your seasonal calendar, which an MSP runs for you so it actually happens.

Why would a hacker target a lettuce grower?

Because you ship perishable product on a clock, and the FBI has warned that ransomware actors deliberately time attacks to planting and harvest seasons, when a grower or cooperative is most likely to pay rather than watch product rot in the field or the cooler. A packer who cannot generate shipping paperwork or run the cooler for two days during peak harvest is losing tens of thousands of dollars of product a day, which is exactly the leverage attackers want. On top of ransomware, produce operations get hit with wire-transfer fraud timed to planting-season input purchases and vendor banking-change scams. The target is not your secrets, it is your timing and your cash flow.

Our pack-house ERP vendor hosts our data. Do we still need our own backup?

Yes. SaaS and hosted ERP vendors back up their platform for their own resilience, not for your accidental deletion or a compromised admin account. If a clerk voids the wrong lot or an attacker deletes records, the vendor restores the platform, not your individual data, and often not on your timeline during peak season. Independent backup of your produce ERP exports, your Microsoft 365, and your food-safety documentation is a separate, inexpensive control, and it is the one that lets you keep shipping and keep your audit trail through a bad week. Tested restores, not just backups, are what actually save the season.

We lose power during fire season. How do we keep the cooler and the office running?

Public Safety Power Shutoffs are now a standing part of Central Coast operations, and a produce operation that goes dark loses cooler monitoring, shipping, scale-house systems, and phones at the worst possible time. The plan has three parts: protect the monitoring and network gear with UPS so alerting survives a short outage and a clean shutdown, have a documented runbook for failing dispatch and office work over to cellular or a backup site, and size generator capacity for the cold-chain assets that genuinely cannot go dark. We build that continuity plan around your specific cooler and pack-house load, not a generic template.

Prefer to talk first? Email sales@ghosxt.com or call (831) 204-0501.