By: B. Rhodes, Sports-ISAO
In our increasingly complex world, it always good go back to the basics from time-to-time. This especially true for athletes, whose livelihood is their personal brand on the internet. From that perspective, personal athlete brands online includes: websites (owned/official, sponsored/sponsors, or governing bodies), social media personas (Instagram, Twitter, Facebook), and email (addresses). As the world sits back to watch the amazing spectacle of the Tokyo Olympics and considering recent warning about cyber threats to the Games by Russia, China, and others, there is no better time to discuss cybersecurity basics for athletes. One the commonalities we find with websites, social media personas, and email is that each requires credentials (username and password) for access.
Here are four things athletes or their proxies can do right now to improve cybersecurity in these areas:
- Use complex passwords that include a varied mix of capitalized and lowercase letters, numbers, special characters, and memorable phrases that are at least twelve (12) characters in length.
- Do not reuse passwords on different accounts. Once a threat actor cracks as password once, they are bound to try on multiple systems.
- User multi-factor authentication (MFA) for all accounts. Capabilities such as the Google Authenticator or similar apps on your smartphone provide and additional, difficult to break step in the authentication process. The best part is that most, if not all online capabilities you use support MFA at no cost to you.
- If you, as an athlete, delegate some of your day-to-day online presence to a proxy (such as an agent) consider using a trusted password manager application to protect shared credentials.
For websites, there are two areas to consider that will improve cybersecurity:
- If you are using the WordPress engine to deliver your content, ensure that any/all plugins are updated regularly. Additionally, check for misconfigurations that might allow a threat actor to serve malicious content such as malware from your website without your knowledge.
- Always employ Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocols and associated certificates on your website. Sites that only support Hypertext Transfer Protocol (HTTP) traffic can expect frequent incursion attempts.
Finally, for email usage, there is one key cybersecurity item to remember. Do not click on stuff! If you receive an email from someone you do not know asking you to click for access to a critical document, stop and ask for help. When it comes to both scattershot and targeted phishing campaigns, if you are looking at any email and something does not feel right, it probably is not. Trust your gut!
By following one or more of them items described, you will improve your personal cybersecurity posture, protect your brand, and frustrate threat actors so they move on to the next athlete who is not quite as tech savvy as you. If you have any questions about improving your cybersecurity posture, please reach out to the Sports ISAO. We are happy to help!