“How do you protect my personal and financial information?”
If you haven’t yet fielded this question, it’s only a matter of time before you do.

Consumers are becoming increasingly more aware that their private personal information (PPI) is at risk when a place they do business with experiences a cyberattack. Now more than ever, all organizations must be prepared to address those fears with direct answers that illustrate actionable solutions.

Effectively protecting the PPI of your players and members is easier than you might think. The National Institute of Standards and Technology (NIST) has identified five general components for developing an effective cybersecurity framework that is adaptable to the needs of all business types. An effective cybersecurity plan helps protect digital information and assets while warding off potential cyberthreats.

Here are five strategies that can help lay a strong foundation of protection for volleyball clubs:

#1 IDENTIFY

Identify the various technology, networks and systems utilized to conduct business operations, including software, servers or applications containing confidential data. Leverage this information to establish workplace cybersecurity policies.

  • Compile list of all confidential data that must be protected.
  • Identify and list all devices that must be protected, including laptops, phones, etc.
  • Document all individuals who have access to these devices and protected data.
  • Determine vulnerability areas across devices and users.
  • Adopt a “cybersecurity policy” outlining clear roles and responsibilities.
  • Provide detailed steps for preventing cyber incidents and mitigating losses when incidents arise.
#2 PROTECT

Implement measures to safeguard confidential data, including personal information, payment portals, financial data and intellectual property.

  • Use antivirus and malware protection software and/or firewalls.
  • Allow only trusted individuals to access organizational technology and data.
  • Encrypt sensitive data and backup to a separate, secure location.
  • Create formal policies for safely disposing of electronic files and old devices.
  • Train everyone who uses computers and devices about cybersecurity – hackers often target employees.
#3 DETECT

Stay in defensive mode by constantly monitoring your networks, systems and devices for unusual activity.

  • Review suspicious internal activity such as registered users accessing data or applications they do not typically use – it may be a hacker logged in as an employee.
  • Investigate any activity of unknown users connecting to organizational networks or systems.
  • Encourage employees to immediately report any suspicious emails or activity they notice.
#4 RESPOND

Even with proper safeguards, it is easy to fall victim to a cyberattack so it’s important to create a Cyber Incident Response Plan that outlines a variety of possible attack scenarios and steps to ensure timely remediation.

  • Define who is responsible for responding to an attack – create a response team.
  • Clarify the roles and responsibilities each member of the response team will uphold.
    • Identify the organization’s critical functions and map out how these operations will continue if systems are compromised.
    • State when and how stakeholders and the public (if necessary) will be informed of an incident.
    • Learn which federal, state and local regulations must be followed when responding to an incident.
    • Determine when and how to seek third-party assistance – insurance, legal, law enforcement, etc.
    • Outline how an incident will be investigated and what forensic activities will be leveraged.
#5 RECOVER

Unfortunately, stopping an attack doesn’t automatically resolve all the issues it causes. After an attack is stopped, you need to prioritize recovery.

  • Repair and restore any damaged systems, networks or data; replace lost or destroyed assets.
  • Consult legal, insurance and cybersecurity experts as defined in your Cyber Incident Response Plan.
  • Report losses to the public and/or affected individuals accordingly.
  • Conduct reputation damage control via media/PR channels as necessary.
  • Maintain compliance with applicable cybersecurity legislation.
  • Review your cyber plan and strategies, determine what worked well and identify areas to improve.
  • Continually evolve your plan and strategies by conducting penetration testing and tabletop exercises.

Now that you have a sense of the general framework to establish, keep in mind that cybersecurity planning is an ongoing process requiring frequent adjustments to maintain proper protection amid an ever-evolving landscape. We strongly recommend implementing these strategies now, before an attack, so you will be well prepared to respond, and recover, should the need arise. Of course, we hope that never happens!

CLOSING THE BLOCK: CYBERSECURITY HOT TIP

Avoid Stolen Player Info
Perform frequent data backups of players’ sensitive information to a secure location. Compromised player and member PII is typically extremely time consuming and expensive to remediate, including: Member notification, call center support, credit monitoring, identity monitoring, public relations, legal advice, business interruption costs, and so on. Keep in mind a quality cyber insurance policy covers all the above and more. Plus, your carrier and insurance advisor will help you through all the red tape so you can get back up and playing fast (and P.S., a quote is free).

View more technology related education here.

About the Author
Brad Preston is a client advisor at World Insurance Associates (World) specializing in the Sports industry. Prior to World, he spent more than 20 years at Advanced Event Systems and SportsEngine where he worked closely with the JVA and other member clubs in the volleyball space. He is well versed in club operations, staff, and member management, and most importantly, the use of technology and its inherent cyber risks. The JVA and World have partnered together to bring JVA Members educational articles and content to help you learn about your unique cyber risks and exposures, and how to better protect your businesses, members, and families in general. Feel free to reach out to Brad directly with any questions at bradpreston@worldinsurance.com