October is Cyber Security Awareness month and Sotic’s Platform Team Lead Ed Martin shares some useful advice on how football businesses can protect themselves, and their customers online.
It seems that Cyber Security is seldom out of the news nowadays. Whether it is Facebook hacks, British Airways ticketing breaches, Russian spies, or accusations of Chinese cyber espionage, and the world of sport is far from immune.
Alleged Russian involvement in carrying out cyber-attacks targeting a number of international anti-doping agencies, as well as soccer’s governing body and even individual athletes, should give us all pause for thought.
The bottom line is that the modern world requires us all to have some understanding of good cyber security practices and Cyber Security Awareness month is a great time to start thinking about it.
Not many football clubs have the luxury of a dedicated team of cyber professionals, so how can they, with limited security expertise, and precious little time to worry about IT, make the most of any time and money they invest in cyber defence?
There is a vast range of excellent material available on the Internet from authoritative sources. Starting with the National Cyber Security Centre who have guidance specifically focussed on smaller businesses.
They give 5 pieces of good basic advice, regarding:
**Backing up your data
**Protecting your organisation from malware
**Keeping your smartphones (and tablets) safe
**Using passwords to protect your data – check out my earlier blog with advice on password management
**Avoiding phishing attacks
They go into more detail on each, and summarise in an excellent infographic
Another great resource is Cyber Essentials, a UK Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. The Government developed Cyber Essentials as a set of basic technical controls to help organisations protect themselves against the most common online security threats. It’s a great security baseline.
Cyber Essentials is suitable for all organisations, of any size, in any sector. The five basic controls are to:
**Secure your Internet connection
**Secure your devices and software
**Control access to your data and services
**Protect from viruses and other malware
**Keep your devices and software up to date
So why should you bother with this?
Cyber Essentials is the second of ten tips that the UK Information Commissioners Office give in their practical guide to IT Security for businesses in pursuit of compliance with GDPR to deliver adequate security for personal data.
Cyber Essentials is backed by British industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses. It enables organisations to gain one of two Cyber Essentials badges. You can achieve certification either through self-assessment for basic Cyber Essentials, or get Cyber Essentials Plus verified by an independent expert.
Certification is something to proud of – reassure your fans and partners and promote it when seeking new ones.
If you’ve got Cyber Essentials nailed then your next step, or rather the next ten steps is the aptly named, “10 Steps to Cyber Security” also from the NSCS. Originally published in 2012 it is now used by a majority of the FTSE350. There is a good overlap in this guidance with Cyber Essentials, so if you have that in the bag you are already well on your way and where Cyber Essentials has a strong tactical focus, the 10 Steps adds strategically around the edges and includes guidance such as adding monitoring, thinking about home and mobile working, and carrying out training to improve user education and awareness.
Ed Martin leads the Platform Team at Sotic, an award-winning specialist provider of digital services, websites and software applications to the sports industry. For more information please visit www.sotic.net or follow us on Twitter @sotic
Image: PA Images