Don't Let Hackers Strike You Out!

by Eric Jeffers 0 Comments

baseball 18The boys of summer have been in full swing! As we enter mid August, it's hard to believe that the major league baseball season is over half way completed! After the All-Star break, the drive begins. Not only will the players be getting those extra batting practice swings in and pitchers working additional bullpen sessions allowing them to dial in their mechanics for that final push into the Fall Classic.

Like so many other businesses, Major League Baseball clubs now manage their teams through software. Former NASA engineers and Ivy-educated advanced statistics gurus are the analytical minds behind the creation of software that will track players for draft, trades and free agency. Big data and cybersecurity have entered the world of professional sports.

In June of 2014, out of the blue, news broke that the Houston Astros analytics database had been breached and opened up other MLB teams to get a glimpse behind their number crunching machine.  This case happened in the MLB, but that is not to say any other sort of organization looking to gain an edge would not to do this — say, in the Premier League, FIFA, or the Olympics. And it probably does happen; we simply don’t know about it yet. After initial public embarrassment, the Astros faced the FBI who took the lead, along with the MLB support, to determine how this information was compromised. In 2015 the New York Times broke a story that "the FBI had raided the Cardinals offices in St. Louis. The details started to drop. By infiltrating some of the base servers used in the masking network Tor, the FBI had been able to identify the intruder in the Astros' Ground Control back to Chris Correa, an analyst for the Cardinals. Correa had "hacked" into the accounts of three Astros employees on Ground Control for almost two years, routinely looked at all their data, listened to their conversations, and then leaked the info.

In June of 2016, a Federal Judge ordered Chris Correa 46 months in prison and a hefty $300,000 fine. Astros IT department took this as a lesson and secured their software and appliances safeguarding them from brute-force attacks. At the end of all the investigations, it was determined that this could have been prevented with a secure password and even using Multi-Factor Authentication.

With money and data in professional sports being so extravagant, it makes professional sports franchises a big target for disruptive attacks. I'm sure like other industries, we will be seeing a massive demand for CISO positions being created by professional sports teams in the future.

As IT leaders, let's learn a lesson from this and make sure we are creating proper password rules that keep our organizations safe.

Creating good password habits is a must in the age of technology.

PortalGuard, a leader in password management and cybersecurity, offers 5 tips for creating secure passwords to help keep your accounts and personal data safe:

  1. Update your passwords frequently and across platforms. Seems simple enough, yet with the vast amount of applications that require unique credentials, we tend to take the path of least resistance. Following easy-to-remember patterns or using the same username and password on multiple applications can put your information at a higher risk of being compromised.

  2. Use a random Password Generator, such as Password Safe, which allows you to create a secure and encrypted username and password list.

  3. Consider using a passphrase, a sequence of words or text, as your passcode. A longer password can help you meet different password policies.

  4. Strengthen your password policies. Finding the right ‘best practices’ for your organization is vital for the end-user experience. Enforce a high level of complexity into how a password is created to ensure better cybersecurity.

  5. Use Two-Factor or Multi-Factor Authentication methods to add a layer of security to your account. This can include SMS Texts, Multiple Questions, a YubiKey, Google Authenticator, or voice call,  to name a few.

Tags: 2FA, Access Server, #breach, MFA, mobile password generator, Multi-Factor Authentication, Password, password fatigue, password reset, password strength, #breachnews, data breach, password alternatives, password best practices, password complexity, password encryption, password expiration, Password Management, password manager, password quality, Password Security, Password Synchronization, #phishing, Two-Factor Authentication, hackers, update your passwords, password habits, secure passwords, breaches, limit minimum password length, reduce reusing weak passwords, applications supporting SAML, SSO Process, secure SSO, voice biometrics, employee turnover, secure acounts, password-based authentication, compliances, software, password requirements, brute-force attacks, compromised, hacked

Eric Jeffers

Author: Eric Jeffers