Why Are Sport And Leisure Clubs A Target For Hackers?
A common question we get asked as a business is – why sport and leisure clubs? Why should these organisations, especially of a grassroots size, worry about cyber security? Surely ordinary anti-virus would be enough to protect us – after all, small and medium businesses and larger corporates must be much more attractive targets for cyber criminals?
Surely hackers have better targets?
It’s not unreasonable to think this way. After all, most clubs have never been hacked. Most don’t spend all their time trawling the cyber security industry press like we do. Most have no real reason to pay attention to the latest techniques hackers are using, and what fines the Information Commissioner’s Office has dealt out.
But the truth is clubs are not safe. Have a look at our news stories section for a selection of cases where clubs and organisations of all levels have suffered devastating breaches. On average, the cost of a successful cyber attack to a sports club in the UK is £10,000. For many amateur community clubs this would be a crippling financial hit. Not to mention the time and effort the club would need to put into rebuilding its systems and regaining the trust of its members and sponsors. In the past year there has been a 50% increase in cyber attacks on volunteer-run amateur sport and leisure clubs.
In this article, we explain why this is the case. There are three main aspects to the risk facing clubs: they have rich sources of data, they lack security infrastructure, and they lack awareness and understanding of the threats.
Reason 1: CLUBS have rich sources of data
Most sport and leisure clubs hold a lot of important data about their sponsors and members. This can include names, email addresses, postal addresses and even credit card details. All of this is highly valuable to cyber criminals. They can use the data to send phishing attacks to members and sponsors, identify and target high value people within the database with more sophisticated attacks, sell it to other cyber criminals, or use it for identity fraud.
They can also compromise a club’s database, and then blackmail the club into paying to save it.
The richness and value of the data held by clubs is comparable to small and medium businesses. For governing bodies and associations, it’s comparable to large business and even corporates.
World Rugby got into hot water in 2018 for having player data compromised. If it can happen to them, it can happen to anyone.
Reason 2: CLUBS lack security infrastructure
Most clubs, and even many governing bodies, do not have the security infrastructure or resources in place to protect this rich prize of data. With volunteers making purchasing decisions, managing the database and handling the day-to-day running of the club, it’s very difficult for them to ensure that proper protections in place.
The fact is, clubs holding this kind of data absolutely must have commercial grade anti-virus and firewalls in place at the very least. But the other side of that coin is obvious – many clubs believe (rightly or wrongly) that they simply can’t afford commercial grade anti-virus and firewalls.
That’s why one of the core, early aims of DeCyber was to make it incredibly easy and affordable for clubs of all sizes to get access to the very best commercial grade protection. We partnered with Avast to provide it, and it comes free with all cyber insurance packages sold through this site. Avast includes commercial grade anti-virus/firewalls and weekly data back-up facilities. Get a quote for your club now to see how affordable it can be.
rEASON 3: CLUBS lack awareness and understanding of the threats
Here’s a stat for you: 80% of all successful cyber attacks come down to human error. Even if clubs and organisations have excellent software in place defending them, they can still mess it up themselves.
Cyber criminals are now incredibly skilled at manipulating people into giving away vital passwords, details or even handing over money. They do this using techniques like spoofing, which you can read about in our cyber jargon article.
This happened in 2017 to Laurel Park FC. They got scammed out of £28,000 by a cyber criminal who convinced the treasurer to transfer funds to the wrong account. That kind of financial loss could mean the end of many small amateur clubs.
With proper training, clubs can be made aware of how cyber criminals operate and learn to avoid risky behaviours, and spot the signs that their club is being targeted. Alongside this training, cyber monitoring tools such as KYND and OwlDetect can help a club know if its website and/or database has been, or is currently, a target for hackers.
Our Advanced packages include these monitoring tools, and our Premier packages include the very best cyber awareness training from CybSafe to ensure key staff know how to keep the club safe.