Back

Blogs

Gemserv develops Green Book Compliant business case for a £100m 'Able to Pay' Loan scheme in South West

View All

Case Studies

Cyber Threat Intelligence for Energy Theft Prevention

View All

Upcoming Events

FairHeat Annual Conference 2024

View All

Webinars

Thoughts

Staying Secure Online during the Six Nations

10th Feb, 2023

Less than a week in, the Six Nations Rugby Championship has already brought dramatic wins, breath-taking ties and devastating defeats.

Another weekend of excitement and anticipation awaits sports enthusiasts, as the tournament continues. Yet amongst all this passion, there is the risk of individuals becoming exposed to dangerous cybercriminal campaigns. As they get caught up in the emotion of the game, they are less vigilant when it comes to protecting their sensitive data. The types of cyber-attacks that cyber criminals may use include, but are not limited to, malware, phishing, fraud, and other attacks by malicious actors.

How can malicious actors capitalise on the Rugby Six Nations?

With past sporting events like the World Cup in Qatar presenting a high cyber risk, experts have warned that individuals must be alert to these dangers. Threat actors have a golden opportunity to profit off people’s excitement and curiosity surrounding the event. Sporting occasions, like other key events such as Black Friday, bring heightened activity when it comes to scams, fraudulent websites and deceptive mobile applications. These have led to concerns that malicious actors may gain unrestricted access to the targeted fans and followers’ data, which is a danger to both the individual and their respective employers.

Companies should consider delivering necessary training and awareness campaigns so that individuals feel confident identifying scams, and can take the necessary steps to ensure that the website, applications or pages accessed are official and safe pages. Malicious actors are looking to use data from individuals as leverage for their own gain. Targeted ransomware and DDOS attacks may use this data to prey on those that have left themselves vulnerable.

Password management concerns

One privacy concern which may not be as obvious is the rise in password management threats during major events like the recent World Cup. In the World Cup period, individuals are much more likely to use players, countries or World Cup related terms as part of their passwords. Research shows that after analysing over 800 million compromised passwords, ‘Kane’, the name of the England national team’s captain, appeared over 133,000 times. Kane is just one of many key words that showed a high password compromise figure.

Password security management is a key element for any secure infrastructure. There are some steps companies can take to mitigate the dangers presented to password management by major events.  Through cybersecurity awareness campaigns before, and even after, employees return from these events, they should encourage:

  • Password Rotation – Passwords must be changed every 90 days or less.
  • A minimum length of 8-12 characters long.
  • Password complexity, which means it contains at least three different character sets (e.g., letters, numbers and punctuation).
  • Use of a password generator.
  • Account lockouts for bad passwords.

In conclusion, given the elevated concerns brought by major sports events, it is vital that companies and authorities raise awareness. People can be exposed by who or what they are giving permission to, the dangers that exist around poor password management and phishing, and the increased rate of fraud campaigns over these periods. Companies and authorities that do not improve awareness, password management controls and phishing awareness/training leave themselves vulnerable to compromised data. This could lead to devastating financial and reputational damage.


Interested in our Data Protection Services?

If you would like to know more about our data protection work, or would like to speak with one of our experts, please complete this short form.

Authors

Marco de Sousa

Consultant (Cyber & Data Privacy)

Read Bio