18
June
2018
Cyber crime is becoming a growing issue for golf clubs but are you aware of the ways your information can be exploited? Jamie Abbott, founder of intelligentgolf, outlines some of the key threats and explains how you can tackle them… Being aware of cyber crime has always been important for clubs in terms of maintaining the integrity of the information they have, but now GDPR is in effect, with potentially huge penalties, the focus on information security has never been greater. The personal data that clubs hold – names, addresses, email addresses, phone numbers, dates of birth and, potentially, bank details – is a goldmine to a hacker. So what are some of the major ways golf club information can be compromised? PHISHING This is typically generating an email to a target that aims to get them to provide information. It might say your account has a problem and ask you to click a link and log in to immediately confirm your details. It then takes to you to a website that might look exactly like PayPal, eBay or Amazon, for example. What they want you to do is put in your valid credentials. Actually, what you’ve done is hand over your user name and password. They can use that to access that account but, typically, people have a tendency of reusing passwords across multiple services. So once they’ve got your email and password combination, the chances are they can use that in all kinds of places. How many people use the same password and email address for LinkedIn, Facebook and Google? Always check the URL in the address bar carefully, and use a good password manager program so you create impossible to guess, unique passwords for every different service. UNSECURED DATA Whenever information is downloaded from a secure system and exported to a spreadsheet, this can create a risk for a club. When this information is then being stored on USB drives, laptops and unsecured networks, great care must be taken to secure it from loss or theft. A spreadsheet containing the names of members, their email addresses, home addresses and their phone numbers, is valuable for cyber criminals. Think about the spreadsheet clubs routinely generate to send to the printers for their member diaries. That is the perfect collection of information, sent by email, with no encryption. Use services that can allow secure data transfers like sendsafely.com, or Dropbox.com to safely share data with those who legitimately need it. Ensure that all your staff know how to handle files containing sensitive data, and make sure you have a data breach policy in place so that you know what to do if you lose a laptop, or a USB stick containing sensitive information. MAKE SURE YOU ARE USING SSL ENCRYPTION When you are on a website and you see a little padlock shown next to the address, that means you are using an encrypted HTTPS connection to the server. Anyone intercepting the connection, whether it’s on WiFi or somewhere... Please LOGIN to read the full article.
Not a member? Please click here to join today.
