 Posted by SecExtra on May 01st, 2010
Sports clubs are increasing online investment as they seek to engage their customers and drive sales, but IT security may be being left behind, according to managed security firm Network Box, who have just published a guide to IT Security for Sports Clubs.
The guide, which is free to download from Network Box’s website, outlines the major issues facing sports clubs, such as the security of customer data, internet threats, managing multiple websites, bandwidth management and human error.
The guide suggests steps for sports club IT managers to take, including:
1. Securing external connections Ensure that MPLS and VPN networks are secure by only allowing required traffic through these connections. Effectively segment the network to reduce the risk of infections spreading.
2. Controlling what content can and can’t be downloaded. Use an access management content scanning system to ensure that only trusted data is downloaded to the network, and that employees can’t stream video or audio that is non-work related.
3. Securing applications and restricting who has administrator status on those applications. Ensuring that all applications are regularly reviewed and tested for vulnerabilities.
4. Reviewing security systems regularly, and avoid human error.
5. Educating employees on the importance of tight security systems – hold security training at least once a year to review security procedures and to make sure that all employees understand their role in keeping the club secure.
6. Don’t leave computers on and unmanned. Use time out systems to ensure unused systems become inaccessible and make sure applications are protected with strong passwords.
7. Ensuring that all security systems are kept up to date; and that regular checks are made for the latest versions of applications or platforms used across the organisation.
8. Ensuring that all data is routed through the appropriate channels and that nothing bypasses security systems – which is one of the most common causes of vulnerabilities.
9. Checking all data leaving the building, in the same way that checks are made on data that comes in. This will help prevent unauthorised transfer of either financial information of ticketholders, or personal information on players, that could lead to compromised security.
10. Keeping audit logs as part of your PCI Data Security Standard compliance programme, and work with a supplier that will support this compliance.
11. Deploying a load balancing solution to keep the network performing properly. Building the ability to allocate bandwidth and to shape communications traffic into the security system.
12. Tapping into expert knowledge: Security is an increasingly sophisticated issue that needs specialist knowledge. If doing this in-house, the personnel looking after your network may not have this experience. Sports clubs could bring in specialist security experts to run the security system instead. Getting an external, managed service company can reduce costs by between 20 and 40 per cent.
For more information on security issues, visit Network Box, see Simon Heron’s blog; or follow him on Twitter.
|
