Are sports organisations taking security and data protection seriously?
I recently reviewed a website in the health sector and alerted the CEO to a major threat to security and privacy. Their website was not secure.
It’s something I see time and time again.
2017 was memorable for all the wrong reasons in cybersecurity. 2018 will likely be worse. Reports of major hacking cases across the globe should send shudders through C suite executives and have them hounding their IT providers for a fix.
Evidently not. In the sports sector alone, I can point out dozens of businesses and organisations that risk the privacy and security of their customer data every time they transact or send information via the website.
The first three sports whom were funded to the tune of over $5 million in 16/17 as you peruse the list of ASC funded sports have websites that either don't have an SSL certificate or have not installed it correctly
Most bizarre, is the certificate status of one of our most successful Olympic sports. This should be of great concern for the sport and of course their service provider, which happens to be an incredibly dominant force in the Australian sports sector.
For those businesses and organisations that take the security and privacy of their customers seriously, here's a recap of why you should be concerned.
Data is vulnerable to interception/hacking
Any data transmitted over the website such as personal information sent via an enquiry form or membership registration is vulnerable to interception/hacking if the website is not secured by an SSL certificate. There should be a https preceding the URL, with a green lock when viewed in Chrome. Like in my website - staart.co
Google Search rankings suffer
A further consequence of not securing your website is that Google search rankings suffer.
Since 2014, Google has used https as a ranking signal. All things being equal, a website with a https address will outperform it's http counterpart.
In 2017 Chrome started flagging websites that weren't secure with the "i" symbol next to the URL and a statement indicating that "Your connection to this website is not secure" "You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers."
Search engines and security aside, there are trust issues and reputation risks for any company not securing their website.
Sports organisations competing for eyeballs and wanting to increase membership can ill afford to surrender ranking positions.
Fixing this does not have to be a costly exercise or a huge project. In some cases a quick phone call to your website hosting provider could rectify the issue.