Practical steps towards Cyber Security

Practical steps towards Cyber Security

October is Cyber Security Awareness month but where do sports clubs, governing bodies and federations start if they don’t have the luxury of a cyber defence team? Our Platform Lead Ed Martin has put together some practical advice and great references to help sporting businesses protect themselves, and their customers online.

Ed Martin - Platform Lead at Sotic
It seems that Cyber Security is seldom out of the news nowadays. Whether it is Facebook hacks, British Airways ticketing breaches, Russian spies, or accusations of Chinese cyber espionage, and the world of sport is far from immune. Alleged Russian involvement in carrying out cyber-attacks targeting a number of international anti-doping agencies, as well as soccer’s governing body and even individual athletes, should give us all pause for thought.


Cyber Security Awareness Month

The bottom line is that the modern world requires us all to have some understanding of good cyber security practices. October is Cyber Security Awareness Month which started as an initiative in the US and is now a Europe-wide event as well (ECSM).

The bottom line is that the modern world requires us all to have some understanding of good cyber security practices and Cyber Security Awareness month is a great time to start thinking about it.

Not many sporting rights-holders will have the luxury of a dedicated team of cyber professionals, so how can they, with limited security expertise, and precious little time to worry about IT, make the most of any time and money they invest in cyber defence?

National Cyber Security Centre

There is a vast range of excellent material available on the Internet from authoritative sources.  Starting with the National Cyber Security Centre who have guidance specifically focused on smaller businesses.

They give 5 pieces of good basic advice, regarding:

  1. Backing up your data
  2. Protecting your organisation from malware
  3. Keeping your smartphones (and tablets) safe
  4. Using passwords to protect your data – check out my earlier blog with advice on password management
  5. Avoiding phishing attacks

They go into more detail on each, and summarise in an excellent infographic

National Cyber Security Centre Infograpahic

Cyber Essentials

Another great resource is Cyber Essentials, a UK Government-backed, industry-supported scheme to help organisations protect themselves against common online threats.  The Government developed Cyber Essentials as a set of basic technical controls to help organisations protect themselves against the most common online security threats.  It’s a great security baseline.

Cyber Essentials is suitable for all organisations, of any size, in any sector. The five basic controls are to:

  1. Secure your Internet connection
  2. Secure your devices and software
  3. Control access to your data and services
  4. Protect from viruses and other malware
  5. Keep your devices and software up to date

Cyber Essentials is backed by British industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses. It enables organisations to gain one of two Cyber Essentials badges. You can achieve certification either through self-assessment for basic Cyber Essentials, or get Cyber Essentials Plus verified by an independent expert.

Certification is something to proud of – reassure your fans and partners and promote it when seeking new ones

If you’ve got Cyber Essentials nailed then your next step, or rather the next ten steps, is the aptly named, “10 Steps to Cyber Security” also from the NSCS. Originally published in 2012 it is now used by a majority of the FTSE350.  There is a good overlap in this guidance with Cyber Essentials, so if you have that in the bag you are already well on your way. Where Cyber Essentials has a strong tactical focus, the 10 Steps adds strategically around the edges and includes guidance such as adding monitoring, thinking about home and mobile working, and carrying out training to improve user education and awareness.

Good luck.