Why the Super Bowl Should be Your Reminder to Address Online Security

Why the Super Bowl Should be Your Reminder to Address Online Security

One year ago, 15 NFL teams had their social media accounts broken into. Hackers took over their news feeds, disseminated false information, and gained access to potentially sensitive information.

But did the attack (or any high-profile attack) impact the way you work online? Did it cause you to review your company’s cybersecurity posture? Did you speak with your team about security awareness?  

Granted, compared to the issues we face every day, a breach to an NFL team’s Twitter feed (or any organization’s social media account for that matter) isn’t the most earth-shattering news. But it’s important that we learn from these attacks and understand the criminal’s motivation in order to better protect our own privacy and security.  

With Super Bowl LV upon us, let’s look at last year’s attack as it relates to most small/mid-size businesses to help you understand why it is important and what you can learn from it.

Have you ever considered what could happen of your company’s social media account was hacked?  Here are five reasons that would be bad:

1. Fake news can change outcomes, cause a value to drop or cause a loss in credibility
Last years’ attack on NFL teams included at least one false news report that announced the sale of The Chicago Bears to a Saudi Arabian Official, Al-Sheikh. Funny if you’re a Packers fan. But what if a client, or a prospective client, read on LinkedIn that your company was sold?
2. Fake news can impact real world events in real time
These particular hackers weren’t looking to cause hysteria, but a criminal with malicious intent easily could. False reports of gate closures, traffic redirection or emergency announcements have real world implications. For a mid-size business this might, for example, translate to employees or clients believing your office is closed or you’ve moved.
3. Guess one password guess many passwords
One hack and they’re that much closer. They may not have the entire key, but it could be a piece of a key or sensitive information to get them a piece of a key. One thing is for sure, you have this criminals attention and they’ve got your number. Acclaimed author Jim Butcher once said “you don’t need to be faster than the bear, just faster than your friend”. In terms of IT security, you just became a jar of honey!
4. Expose DM’s and potentially sensitive information
For every email address, phone number, or other piece of personal or private information stored in your Direct Messages, you can expect fees and fines to follow. Many states including New York, Nevada, and California can fine organizations that compromise their resident’s online security. New York residents data could have you liable for a civil penalty of up to $5,000 dollars per violation.
5. It’s What you Don’t Know that’s Gonna Hurt
Ok, your social media account was hacked and now all 100 of your company’s Twitter followers are seeing an x-rated picture on your profile. Not great. Certainly not the end of your company, but now comes the hard part. How’d the hackers get those credentials? How long have they had access and what else do they have access to? Are they in the corporate network? Are they in your email? Where’s the weakness and how can it be addressed? All these questions need to be addressed and unraveling this ball of string isn’t fun.

Here’s the most important thing: these attacks were actually a marketing stunt by a Dubai based cybersecurity firm wanting to demonstrate that “everything is hackable”. The company maintains they wanted to educate the public and teach people about the importance of cybersecurity. Collateral damage was minimal, and because of that, likely so was our attention span.  

Look, it’s 2021 and cybersecurity doesn’t mean you “think you’re good” or “feel like everything’s ok” . The 15 teams who were hacked last year also thought they were “good”. So did the thousands of small businesses who’ve been breached since.

If people know not to click links, buy gift cards, or share passwords then WHY do we continue to do it? Why do operating systems remain unpatched, firewalls remain unmanaged and users remain untrained? We all seem to know what we should be doing, but so few actually do it.

Like Daylight Savings Time is supposed to remind us to change the batteries in our smoke detectors, let’s let Super Bowl weekend remind us to Stay Safe online.

So, check your log-in credentials at HaveIBeenPwned.com, and send us an email to talk about a security review for your company.