Skip links

Cyber Security: The Threat Rising

We are living in a world today where it has become alarmingly simplistic for a cyber attack to wreak havoc on a government body, an organization or even an individual. A hacker’s ability to hold an entity hostage or use human nature or ignorance to inadvertently harm the security of others or themselves is rapidly changing the world around us. Historically, the private club industry lags about five years behind the times in terms of technology and communications (think about how long it took for clubs to embrace websites, now apps). The industry is shortening that gap, but still needs to focus on protecting the information clubs are storing. One main issue with cyber security is that a club cannot just buy a device or software package to eliminate all cyber threats or entirely protect the club. It requires a thorough review of the network, allocation of necessary resources and continuous monitoring as new forms of cybercrime emerge.

On page XX, the Pulse Survey on private club security issues reveals that an alarming 63 percent (many experts believe this is a low number) of responding club executives feel they are vulnerable to a cyber threat of some kind. No one can be 100 percent confident as human nature plays a large role in cybercrime; however, clubs need to emphasize improving how they protect their data, including personal information about their members.  

To get better perspective on this issue, McMahon Group reached out to information technology (IT) and industry specialists to help understand what they are seeing in this world. First, we talked with Noel Wixsom of Country Club Technology Partners (CC Tech). Wixom said the biggest issue within private clubs is that there is a significant lack of education on this subject matter. He wants to see more education for managers who in turn can then properly educate their staff. However, there is no real set standard today for cyber security for any businesses. With the current environment in the cyber realm, Wixsom recommends two things you must have:

  • Cyber Insurance: Your policy needs to cover you for any type of extortion, business interruption, data restoration and any credit monitoring. (See accompanying sidebar for more information.)
  • Security Committee: You may be thinking, “Not another committee.” You are in luck, this committee is really an internal one made up of the general manager, facilities manager, security director, controller, IT manager and IT vendor. This committee’s responsibility is to oversee the club’s security—both physical and cyber.

Detective Scott Slifer of the Lawrence, Kan., Police Department is an expert on the subject who deals with cybercrime cases in Kansas and across the country. He said the biggest threat today is ransomware (a software threat that blocks users from their information unless the user pays a ransom) and doesn’t see it going away any time soon. Silfer believes the path to a safe network revolves around an effective backup schedule, good firewall, and, most importantly, education of your staff so they can be better aware of issues. He also recommends clubs check with their IT provider to ensure they have cyber security certification.

From everyone we talk to about this very issue, they all are preaching the same thing—education. The more we understand about cybercrimes and how they affect us, the better we can be at preventing them or being able to function after an attack happens. We are never going to be able stop all attacks, but the goal should be that if one does break through you will have a plan in place to react accordingly. There are many quality vendors out there willing to help you with your cyber security needs from CC Tech to Cino, Ltd., featured in the article on page XX. Reach out to a professional to ensure your club is protected.

Keeping Up to Date

With the cyber world constantly evolving, be sure to continue to educate your staff and even members on cyber awareness. Here are how things are changing:

  • Data Protection: It is critical to protect members’ personal data as well as all the club’s financial information. Programmers today are now building databases for clients using HIPAA (Health Insurance Portability and Accountability Act) standards to better protect the information being stored on networks and in the cloud. This is where data protection is going.
  • Passwords: Educate staff on the importance of developing unique passwords and changing them often. Many companies are now even switching to two-step authentication requiring use of your mobile device.
  • Internet of Things: More and more devices can connect to the internet these days from drones to printers to the thermostat. However, these devices often meet minimum security requirements allowing hackers the ability to easily access them to gain entry to your network.
  • Behavioral Technologies: The use of biometrics and facial recognition will become more the norm in the future.

Cyber Insurance: How Is Your Coverage?

Cyber Liability insurance is readily available and most clubs have some type of policy (about 2/3 according to a recent Pulse Survey). Tom Walker, area executive vice president for RPS-Bollinger – Sports & Leisure outlined how Cyber Liability insurance protects businesses from:

  • Liability claims involving the unauthorized release of information for which the club/business has a legal obligation to keep private or confidential.
  • Liability claims alleging invasion of privacy and/or copyright/trademark violations in a digital, online or social media environment.
  • Liability claims alleging failures of computer security that result in deletion/alteration of data, transmission of malicious code, denial of service, etc.
  • Defense costs in State or Federal regulatory proceedings that involve violations in privacy law.
  • The provision of expert resources and monetary reimbursement to the insured party for the out-of-pocket (first party) expenses associated with the appropriate handling of the types of incidents listed above.

Walker adds that the limits of any policy will vary depending on the number of employees and the club’s gross revenues. The average premium for a $1 million insurance policy in Cyber Liability is around $3,000 (and can be higher for larger clubs). Now is a good time to review your Cyber Liability policy and make sure you are properly covered.

Club Security: Are Your Members Protected?

By Gary Raphael, TorchStone Global, LLC

Information security poses serious risks to club leaders, but it also provides an opportunity to protect your members and your club.

Private clubs are responsible for valuable data that malicious criminals want, including your members’ personal contact and financial information. Attackers pursue this data because it can be sold or used to target your members. Losing personal member data can have a devastating effect upon the reputation and membership growth of a club, making it critical for clubs to secure their data. To do so, clubs should harden the measures used to protect their members’ information. Many of those things are not technical, complex or expensive.

  1. The first step is becoming aware (If you’ve read this far, you’ve probably already achieved this step).
  2. The next step is creating a proactive, positive security culture within the club. This entails:
    1. Fostering staff information security awareness:
    1. Reward positive security behavior and institute accountability for poor security behavior.
      1. Understanding what information your club handles is truly sensitive:
    1. Protect only what needs protection.
      1. Protecting that information:
    1. Understand your club’s current security measures, determine if they are adequate and develop new measures if needed.
  3. Clubs should then eliminate their cyber gaps. Common vulnerabilities include: Unnecessarily maintaining too much personal member data, providing member data access too broadly to staff, using short and simple passwords and single-factor authentication.

Information security is an evolving discipline, requiring constant monitoring of potential threats and implementing best practices to reduce the risk of an attack. While understanding cyber threats to your club are important, know your limitations—your time is best spent growing your club. A good information security partner allows you to do that, while protecting your members by:

  • Providing a holistic assessment of your information security risk from the attacker’s perspective and looking at all domains for technical, human and physical vulnerabilities.
    • Reviewing or creating information security and hiring/firing policies and procedures to reduce your risk to intentional or unintentional insider actions leading to breaches.
    • Providing a tailored set of recommended countermeasures for those vulnerabilities, leveraging current strengths and fitting within your financial limitations.
    • Implementing the recommendations you accept.
    • Ensuring that your club has a sustainable mechanism for protecting your club’s lifeblood—the trust of your members.
X