<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1537595309877684&amp;ev=PageView&amp;noscript=1">

We're Here to Help

We're never too busy to talk to someone as nice as you.

Contact Us   or give us a call 1300 APTIFY

Association Cybersecurity Lessons From a Baseball Hacking Scandal

March 30, 2017   |   Chandra Chakravarthi   |   association cybersecurity

It doesn’t matter what industry you work in because cybersecurity hacks can happen to anyone. And depending on the industry and magnitude of the hack, you will probably find it trending all over social media and most of the news stations will be covering it (or at the minimum, it will appear on their headline ticker). For all the baseball fans out there, you’ve probably heard about the Cardinals and Astros hacking scandal.

In a nutshell, the Astros used a software for the team to discuss their strategies, and those secure conversations were leaked online for their competitors to see. The likelihood of a cyber breach happening could have been mitigated if staff had followed a few best practices.

Your association staff needs to have a cybersecurity plan in place should you ever find yourself a target. And it’s better to anticipate that it could happen rather than assuming it never will happen because “you’re just part of an association.” One aspect of your association cybersecurity plan can include practicing better password habits.

baseball-field-1563858_1280.jpg

Find out how you can up your association cybersecurity game with our guide to creating high-entropy passwords.

The following is an excerpt from Tony Cavicchi’s blog postWhat Baseball Hacking Can Teach Us about Association Cybersecurityfrom the Aptify blog.

Astros IT did the right things. They built secure software and monitored the login for brute force attacks. They kept an activity log of all users behavior inside Ground Control. They changed both the login URL and all user passwords after positive media attention made Ground Control a software buzzword in Texas.

Responsibility for enabling the hack appears to lie with three people: Luhnow, Mejdal, and someone else who came from the Cardinals to the Astros. This hack was a password behavior problem.

Not one, not two, but apparently all three reused the same or only slightly variant passwords for their Astros email as they had used at the Cardinals. Correa accessed their email and then their Ground Control accounts by looking up their passwords in the Cardinals system and then guessing those passwords at Astros login screens. By spreading his activity across three legitimate accounts inside Ground Control he decreased the chances Astros IT would flag anything as unusual. When Ground Control logins were updated he had the emailed info to login again.

People increasingly talk about creating secure passwords. Aptify has our own guide to creating high-entropy passwords that ups your association cybersecurity game. 

cyber-1654709_1280.jpgBut the other side of the coin is educating your staff to understand even the best password can be compromised. Staff need to know their password to your association's most important data on members is compromised the minute a staffer reuses that password for a new login to music streaming or to pay a monthly utility bill. Certainly, they should not reuse old passwords for their login to your email, your membership software, or your business intelligence.

At the end of the day, mistakes will be made, but what’s important is how you recover from it and what steps you’ll take to ensure that it doesn’t happen again. Make it a point to have a cybersecurity plan at your association and stay up-to-date on how you can continue to improve it.

Overhauling Password Behavior
 

 

About Chandra Chakravarthi

As a Coordinator of Content, Branding, & Buzz at Aptify, Chandra supports the department with content creation, digital advertising, and overseeing the social media channels. Outside of Aptify, you can find her exploring Chicago and eating too much pizza while she waits for her letter from Hogwarts.

Connect
Subscribe to receive weekly notifications from the Aptify User Community blog!