Aligning ourselves with the highest industry standards for cyber security is our number one priority, and we have put several systems and processes in place to defend against the increasing threat of cyber attacks.
According to a recent report by the UK’s National Cyber Security Centre, at least 70% of sports organisations have experienced cyber incidents, or harmful cyber activity.
Sports organisations are particularly valuable targets for cyber attackers due to the wealth of information which they store, such as the personal information of their communities, financial data, and intellectual property.
Consequently, cyber security is a critical priority for us to guarantee the protection of both our customers and ourselves.
How we support our clients
- Two-factor authentication (2FA), which adds an extra layer of security protecting accounts from unauthorised access, is available to all platform users and has been made mandatory for admin users. Research by Google claims that 2FA can block up to 100% of automated bots, and 99% of bulk phishing attacks, which emphasises how effective it can be for increasing digital security.
- Strict password creation standards, which have been implemented for anyone creating an account on our Platform. Specifically, user passwords are required to have a minimum of 10 characters, with a combination of upper case letters, lower case letters, and numbers. According to research by GoodFirms, 30% of internet users have experienced a data breach due to weak passwords (for example, passwords that are too short, easy to guess, or used for multiple accounts). By creating unique passwords that are difficult to guess or crack, the risk of accounts being compromised is significantly reduced. We also auto-prompt users to update their password every 12 months, prevent users from using passwords which have previously been flagged in a database of ‘potentially vulnerable’ passwords, and prevent users from re-using old passwords.
- Preventing access via outdated software, which ensures that users are using software that has the latest security patches and features, and is compatible with modern security standards. According to BitSight, in the WannaCry ransomware attack (a global cyber attack that occurred in May 2017) more than 67% of the computer systems targeted were those that had delayed updating to Windows 7 at the time, and were still using what was considered an outdated system. This goes to show how significant a security risk outdated software can present, so we have ensured that any user trying to access the Platform with an unsupported or outdated browser is prompted to update it, and prevented from accessing the Platform until they do.
Measures we have put in place to ensure we adhere to the highest security standards
- Regular penetration tests are undertaken, where a cyber-security expert attempts to find and exploit vulnerabilities in our system. These are designed to identify any weak spots which attackers could take advantage of, allowing us to address them as a matter of urgency. Periculo highlight that 43% of businesses that conduct regular penetration tests have not experienced a data breach in the past two years, compared to 25% for those that do not.
- CloudFlare’s cyber attack monitoring system is used to detect and respond to cyber attacks in real-time. It analyses traffic patterns, user behaviour, and other data to identify potential threats that could indicate a cyber attack, automatically blocking malicious traffic and preventing it from reaching the target website or service.
- Having secure, restricted internal database access for the storage of client information is an essential part of our cyber security strategy, and is vital for protection against breaches. By having these internal processes which limit database access to a small number of staff, we are able to protect sensitive client data from unauthorised access, theft, or other malicious activities.
- Ensuring data is encrypted, at rest and in transit. This means that information kept within our Platform is scrambled/encoded so that it cannot be read by unauthorised parties, either when it is stored stored on a device such as a computer or server (at rest), or being sent or received over a network (in transit). This ensures that information remains confidential and secure, even in the unlikely event of a security breach.
- Cyber Essentials and Cyber Essentials Plus accreditation, a Government-backed and industry-supported scheme which demonstrates that we take a proactive stance against cyber attacks, and have taken essential precautions to protect against threats. The National Cyber Security Centre states that by undertaking this process, and implementing just one of the five controls required by it, businesses can protect themselves from around 80% of attacks.
- ISO 27001 accreditation officially recognises our commitment to first-class information security management. It provides the framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) to help organisations secure information assets. It is the world’s best-known standard in this area, and ensures that we are working to globally recognised standards when it comes to the management of informational and physical assets.
Ensuring that our business and products adhere to the highest possible security standards is absolutely vital to our strategy, and we can guarantee that we will continue to take every possible measure to safeguard the information that is stored within our Platform.
To learn more about what we do here at Sport:80, get in touch!