How can you prevent your club becoming a cyber attack target?
You might think a cyber attack will never impact your club, but there has been a rise in the number of small businesses and organisations attacked. In the past year alone, 47 percent of small businesses experienced a cyber attack – and out of those, 44 percent experienced more than one.
As larger companies prioritise cyber security, they become harder work for criminals to attack. Therefore, clubs have become potentially low-hanging fruit for criminals looking for a low-effort, high-reward attack.
So what are the top 5 reasons your club could be a cyber attack target and how can you prevent becoming a cyber attack target?
1. Valuable user data
Any sports or social club holds large amounts of valuable user data. Clubs are community hubs, with lots of information about previous and present members. Whilst this information (such as contact details and account information) is necessary for clubs to keep on file, it can be a goldmine for hackers. Cyber attackers are looking for any data that can be sold or used to breach other accounts or help them to make fraudulent purchases.
Even small community clubs can be a good cyber attack target for hackers. This is because little effort for significant reward can be much more appealing than spending time and resources trying to hack sophisticated systems put in place by experts safeguarding bigger clubs or businesses.
User data needs to be protected by admin accounts and strong passwords. If you share a picture online that shows a whiteboard or computer screen in the background, you could accidentally reveal information someone outside the company shouldn’t see, such as passwords or client information. Ensure your passwords are not written down or in full view. Password managers are useful for organising your company passwords over many accounts.
2. Slack security
Many clubs are run by volunteers who don’t have a professional understanding of cyber security. Clubs may also not have the resources to invest in anti-virus software, spam filters or other security measures. This means many clubs are ‘soft targets’ for hackers.
Clubs should ensure all data is regularly backed up and all computer systems are password protected. Use a long, strong password that contains a random mix of characters.
However big or small your club, make sure your staff and volunteers are trained effectively. Everyone working at your club should know the dangers of a cyber attack, and should have the knowledge to avoid falling for scams or phishing attempts. Phishers prey on employees in hopes they will open pop-up windows or other malicious links that could have viruses and malware embedded in them. That’s why it’s important to be cautious of links and attachments in emails from senders you don’t recognize. With just one click, volunteers could enable hackers to infiltrate your club’s network and private information.
The biggest threat to your club is your employees, so follow simple steps to make sure your employees don’t fall foul of an attack.
3. Free Wi-Fi
Wi-Fi that isn’t secure could lead to personal information being stolen.
Clubs and pubs should use different passwords for accounts, and have a separate Wi-Fi network for customers, staff and also your club’s POS system. Only ever provide the ‘Guest’ Wi-Fi code that gives members access to the ‘Guest’ network only, and make sure this password is regularly changed.
Encourage guests to use VPN (virtual private networks) if they’re going to work with sensitive data as some hackers are using open Wi-Fi to trick guests. This works because attackers upload code to the server, allowing them to convince users that software downloads are safe.
4. Player information
This is perhaps most relevant to larger clubs, but cyber attacks can be used as a form of espionage.
If teams use analytics provided by digital tools, the information can be invaluable to competitors or attackers hoping to place “educated” big bets on a team’s performance.
Generally speaking, however, cyber attackers are most likely to want user data rather than your team’s game strategy.
5. Theft or fraud
Clubs and pubs may be subject to fake phone calls (vishing) or emails (phishing) deceiving the recipient to send over money. Cyber attackers defraud or mislead people to share information with them, often by posing as an authoritative figure.
If a fraudulent person does get hold of your club’s account, they may abuse this by making purchases. The best way to mitigate against this risk is by incorporating dual authentication. This will double check all payment transactions, ensuring purchases require two pairs of eyes. There should always be someone verifying transactions to avoid risk of scamming.
Staff will need to be trained and made sure they understand all the security steps they need to take.
The importance of cyber insurance
Research suggests a successful cyber attack could cost a UK sports club around £10,000. Make sure an attack doesn’t cripple your business by arranging cyber insurance.
Here at Club Insure, we truly want to help your club stay covered. While insurance will help avoid a financial fiasco, you should always consider risk management too. That’s why we published a range of cyber security articles to help you safeguard your club against cyber attack risk. For more information, or to speak to our risk management team, please get in touch.
