This blog will be the first in a multi-part informational blog series on professional sport team’s information technology (IT) security hurdles and the very public issues that have occurred.
Forgive me for starting this blog off with a bit of personal information. I love these two topics (IT security and sports – all sports, especially the NFL, MLB, and PGA) and the fact I can put them together is very nerdy and exciting for me. A major pillar to IT security in all businesses is the protection of assets from compromise. Sports teams and organizations must do the same, especially as they can be very high value targets. But what sort of assets do professional teams have to protect? Let’s look at what sort of “assets” IT security must be protecting. The low hanging fruit would be laptops, tablets, servers, etc. What about the data? That is where the valuable “stuff” is. Data can include player information, whether it be salary info, personal info (address, phone numbers, family contacts), or health info. Scouting reports, player transactions, playbooks, fan information, and travel agendas are also valuable forms of confidential data typically held by a professional sports team. Unfortunately, players in any of the major leagues (NFL, MLB, NBA, NHL) are considered very high value targets. All these pieces of data are most likely stored on IT infrastructure and services within the organization. This pushes IT security into the limelight even more. If this information is leaked or stolen, which has happened, there can be major damage to the reputation of the team, as well as damage to the reputation of the player, potentially affecting his or her chances at a lucrative career and beyond.
What is IT security’s role in a professional sports organization? IT security must play a key role throughout the organization as it must protect the team. This means not only the technical security, but the operations and procedures must fall into the IT security ring. A major part of a sports team’s security program should be training and awareness. Employees and players must be aware of what information is within the organization and understand how sensitive and valuable that information is to external threats with malicious intent. The best programs for this training are ongoing and adaptive in nature; they will keep all users engaged better as well as get the important messages across.
There are numerous layers of security that must be in place to protect the team and the information that falls under the IT security or information security departments within these organizations. We will examine some of these layers in the following series of blog posts and how the breaches, leaks, or hacks could have been prevented if the appropriate security controls had been in place. Subscribe to the Compass IT Compliance blog to stay updated on this blog series!