What would happen to your Club’s Brand if you had to tell your members their passwords had been stolen? (First of a three part Blog Series)
October 18, 2017
As club professionals, we strive to maintain the image of our club and the club’s brand on a regular basis. Whether it’s through the Club’s impeccable service, flawless greens, or prestigious events, building and maintaining the Club’s image is our daily top priority . After all, it’s the way we compete and distinguish our Club from the others in the area.
Over the years we have spent thousands of dollars and hours creating that perfect digital presence online that represents who we are and stand for as a club. Whether it is promoting events, making some sort of reservation or viewing and paying the club bill, your organization is heavily invested in attracting members to your club website. However, like many organizations, we forget that the internet and websites can make us the target of cyber criminals. These criminals are looking for the easiest targets they can find. Most clubs fall into the category of small to medium business (SMB’s) and that is the very group that is the target of the majority of cyber attacks today. The most important piece of information to cyber criminals on your site is your member’s password. There is a very good chance that your members are using the same password on other websites and once the attacker has it from your site, they will then access that members information at other, more confidential websites. I mean let’s be honest, we all know we re-use passwords, and our members probably do as well. Can you imagine the fallout of having to contact your members to tell them that their password has potentially been stolen? Only to follow that up with informing them that you will be resetting their passwords and that they will need to change their passwords on any other websites as well.
Studies show that once you require a password reset, that you will lose significant traffic on your website. One attack has the potential to wipe out years of work and money your club has spent attracting members to your site. Yet as an industry, we have not focused on the importance of cybersecurity. If you don’t believe me, type in ten websites of country clubs you know, and I guarantee you will find at least one (probably many more) that still don’t have an SSL in place. Google recently announced that they will be placing an alert of “not secure” on websites that do not have SSL’s in place. I don’t think any club wants that message on their site.
I am sure that everyone has heard of the massive Equifax breach. This event has already cost some of the executives their job and there is a very good chance that this breach could bring the entire company down. Not just because of the breach itself but because they knew they had a vulnerability and they did not take immediate actions to correct it, nor did they manage the notification and recovery properly. It gets even worse in the (SMB’s), 60% of (SMB’s) will close their doors within six months of a cyber attack. Not sure that this statistic applies to private clubs but it a staggering figure. So what are we as clubs to do to protect ourselves? Two things you should do today to address obvious vulnerabilities where solutions are and will cost you less than $75 per month are:
1. Call your website vendor or IT consultant and be sure that your site is secured with an SSL certificate.
2. Call us to take the additional steps needed to ensure that your members passwords cannot be compromised if your site or your vendor is the target of an offline attack. No vendor does this today so it is up to the club to take this step.
To learn more about protecting your passwords click here, or contact me at rmcdonald@blindhash.com or 919-922-4171. Also be sure to sign up for our blog and follow us on social media as this is the first post of a three part series on Cyber for Clubs. We will also be offering free webinars that are tailored specifically for clubs.
