What do you get when you add 68 college teams and the month of March together? That’s right, it all equals one thing in the world of sports around this time of year = March Madness.
The popularity of March Madness will consume every office employee’s attention in the United States for the next three weeks, which exposes their business to any number of cyber risks, not to mention the lack of sleep and paranoia IT personnel will have to dread that late phone call in the middle of the night informing them of a possible data breach. Break out the coffee pot or Red Bull drinks my IT Brethren, this will be a long one!
Employees will be glued to their monitors watching their online pools or brackets in hopes their favorite team picks lead to the covenant NCAA National Championship title. Even though the mathematical odds of anybody picking a perfect bracket is a staggering 1 in 9.2 quintillions, the probability of getting hacked during the three-week season is 1 in 4. Thieves will hang out near the online sports watering holes to draw their victim(s) since March Madness is one major event in the U.S. that provides easy-to-access capabilities for hackers to expose:
- Malware disguised as video players that allow users to stream or catch up on missed games.
- Phishing campaigns that will target users monitoring their brackets on known websites such as ESPN or MSNBC.
- A plethora of bogus sites created to steal the credit card info of unsuspecting users, especially first-time bracket followers who never played online before.
- And the common rogue apps that promise real-time bracket updates but are designed to delivery advertising spam, or worse, malware.
No different to the recent holiday season of online shopping Cyber Mondays, Super Savor Saturdays, etc., employees will continue to utilize company assets to consume bandwidth, point and click, communicate, purchase and stream behind the comforts of their desk, which could greatly expose their company to serious threats.
Below are several proactive measures for staff and corporate management to review and consider:
- Practice good password management: Never use the same username, password combination as your company login credentials. A password management program can help you to maintain strong unique passwords for all your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.
- Be careful what you click: Beware of websites posing as March Madness bracket competition platforms. Never open e-mails, click on suspicious links, and/or open attachments from unknown sources.
- Never leave devices unattended: The physical security of your devices is just as important as your company’s technical security. If you need to leave your laptop, phone, or tablet for any length of time – lock it up so no one else can use it. For desktop computers, shut-down the system when not in use – or lock your screen.
- Avoid phishing scams: Phishing is a constant threat – using various social engineering ploys to trick you into divulging personal information such as login credentials, banking, and credit card information. Be wary of unsolicited March Madness emails that promise exciting offers if you sign up for a bracket competition. Hover over the link and report the phishing email to your IT department.
- Install anti-virus protection: Only install an anti-virus program from a known and trusted source. Keep virus definitions, engines and software up to date to ensure your anti-virus program remains effective.
- Back up your data: Back up on a regular basis – if you are a victim of a cybersecurity incident, the only guaranteed way to repair your computer is to erase and re-install the system.
If you are unable to resist signing up for a March Madness online bracket competition, leverage the Better Business Bureau (BBB) website to confirm the legitimacy of a website and be sure to look out for the visible padlock icon on your browser to confirm encryption before you sign up for an online competition.
The 68-team single-elimination tournament over a period of 19 days will lead to a jam-packed end to the 2019 season that aptly earned the nickname March Madness. Brackets will be reviewed and submitted by millions, and it won’t be over until the nets are officially cut down in Minneapolis.
SDI Presence offers cyber vulnerability assessments and remediation services to address the different technologies, devices, and data impacted by a cyber breach. SDI’s cyber remediation teams are certified in leading industry technologies (MS, Cisco, Oracle) and NIST-based remediation best practices to quickly identify and contain breaches and restore operations. Contact SDI to launch the SDI cyber team within your organization.
ABOUT SDI GUEST BLOGGER
Manny Pintado has over 20 years of relevant technology experience within the IT, Network and System Applications, Operations, Satellite and Telecommunications industries for leading global organizations. Proven abilities in strategic planning, managing projects, improving the efficiency of operations, team building and detailing project information to determine effective functions for operations.