Private Club Advisor - October 2018
October 5, 2018
We were honored to be included in the October issue of The Private Club Advisor. You can review the summary of our interview with editor Jackie Carpenter, CCM below. To get a copy of the entire Private Club Advisor, click here to subscribe.
ADDED PROTECTION… A security breach is a significant inconvenience to members, poses a serious threat to valuable club and member information, and can cause irreparable damage to the club’s reputation and credibility. Clubs are increasingly targeted by cyber criminals so an attack is likely for all clubs at some point. The affluent nature of club members means their passwords have a higher value and makes private clubs a very attractive target for hackers. If a security breach involves member password information, then members will be forced to reset their passwords. Once this happens, a good portion of members might just stop using the club website altogether.
Perhaps there is a layer of protection clubs could incorporate to mitigate password breaches. According to Ray McDonald of BlindHash Cyber, the real problem is not that hackers have access to your club website. “Most clubs do not store any kind of financial information on the club website. But many club members use the same passwords repeatedly so if members used the same password for the club website and their bank account, hackers could potentially gain access to their banking information.” McDonald says hackers take stolen passwords along with any other personally identifiable information and use it to impersonate the user on other websites.
When a person initially signs into a website, a password is entered and confirmed and the site authenticates the user. When the password is confirmed, the site “hashes” it by assigning a random string of numbers (the hash) and that is what is stored on the server. The vulnerability that all websites in the club industry have is that they store the hashes in the database. This means that all club websites have a vulnerability to the off line cyber attack. When a breach involving passwords happens the club has to assume that all passwords could be compromised and mandate all passwords be reset.
BlindHash Cyber is a patented technology that takes part of the hash and entangles it in a very large offsite data pool, so the hash is effectively blinded. A key is then sent back to the club website to perform the authentication. This process makes the site immune to the off line attack vector. “They (the criminals) can’t solve the puzzle because they don’t have all of the pieces,” McDonald explained.
Some website providers or platform vendors have this security as an upgrade option available to their clubs. Others may set up this security option for an affordable fee. See the resources box below for more information.