Bekämpa cyberhot inom kollegial och professionell sport

Each year, the National Football League (NFL) Draft brings with it volumes of speculation in the months and days leading up to the event. Pundits create mock drafts, taking into consideration the endless scenarios that could play out. Their musings provide the fodder fans need to try to answer the big questions surrounding the multi-day event: who will go first? Will there be any surprises? Will my team finally get it right this year? 

All good questions, but this year, the question on my mind is different than what it has been in the past. My question is not for owners, teams or GMs – it’s for each of the roughly 256 players that will be selected over the next few days. It is a simple question, but it has big implications: Do you use strong, unique, and random passwords for each of your online accounts? 

Why am I asking this? Because every one of those 256 players will sign very large contracts and receive enormous signing bonuses, whether they’re the first pick in the draft or the last. For example, Travon Walker was selected as the first pick in the 2022 NFL Draft. He signed a four-year, $37.4 million contract with a $24.4 million signing bonus. That is a staggering amount of money, but even Brock Purdy, the last pick in the draft (also known as “Mr. Irrelevant”) was awarded a base salary of $705,000 with a $77,008 signing bonus — big money by any standard. 

While there is a huge difference between Walker’s and Purdy’s payouts, even “Mr. Irrelevant's” sudden windfall is something to behold. As the public is made aware of these massive contracts, hackers and bad actors lurk in the shadows ready to capitalize on the ill-equipped. This is why it is paramount that all college and professional athletes use a password manager to improve their online security. Password managers protect everything from social media logins, to bank accounts and so much more. 

There are a lot of players selected in the NFL Draft and each one of them has a lot to protect, even before their names are called. Universities and organizations do their athletes a disservice by foregoing proper cybersecurity education, especially before an event as public and popular as the NFL Draft. This is a call for better cybersecurity education for athletes. 

I was a college football player once. Not nearly as successful as Walker or Purdy, but I can't help putting myself in their shoes. We were never taught about online security. We received no warnings that becoming a household name at 21 (or younger) puts a giant target on your back for hackers and bad actors (see Laremy Tunsil hacking incident during the 2016 NFL Draft). 

The need for cybersecurity education has increased dramatically over the years, too. In June 2021, the Supreme Court ruled that the National Collegiate Athletic Association (NCAA) could not limit education-related payments to students. Student-athletes can now profit from their name, image, and likeness or NIL (more info on NIL).

In the years since, there have been monumental shifts in the landscape of collegiate sports as 17- and 18-year-olds (still in college) are now signing million-dollar brand endorsement deals. And while there has been great progress toward treating student-athletes more fairly, equity and protection are not the same thing; cybersecurity education is still severely lacking.

I contacted a friend on staff at a NCAA Division I football program. I asked if he knew of any cybersecurity education offered to the players on his team. He didn't. I also asked him if he knew of any universities providing cybersecurity training for their players. Again, he didn't. This was shocking to me and should concern players, coaches, and other athletic stakeholders everywhere.

Inadequate password security practices could literally cost these young men millions of dollars in current and future endorsement deals while also damaging their hard-earned reputations. That's what inspired me to write this blog. I hope athletes, sports and entertainment programs, and franchises will start addressing the need for better online security. 

There are only a few steps to creating a solid cybersecurity foundation, and they're easier than you might think. 

Passwords should be at least 14 characters long, include special characters and numbers, be random and should be unique for every account (don’t use the same password for multiple accounts!).

How is it possible to use strong and unique passwords for all your accounts? With a secure, and easy-to-use password manager. Password managers like Bitwarden include password generators that allow users to create passwords faster than you can type your team name and jersey number. There are only a few steps to setting up your password manager:

Steps to setting up your password manager

• Create a strong and memorable master password. Your master password should be random. Don't use jersey numbers, team names, mascots or anything else that could be linked to you or easy to guess.

  • To make it easier to memorize your master password, use a random passphrase like glowing-chapstick-pantheon, then consider adding a number and symbol for greater complexity. The finished product should look something like this: glowi5ng-chapstick!-pantheon. Once you've created your master password, consider testing its strength by entering it in a secure Password Strength Checker to reveal how long it would take to crack.

• Import your passwords from Google Chrome, Apple or other password managers to Bitwarden.

• Install Bitwarden across all your devices and browsers so that you can quickly generate strong passwords and have secure, convenient access to your logins no matter where you are or what device you’re using. 

Go pro with these tips

• Enable 2FA (two-factor authentication) to log in to Bitwarden (see instructions).

• If desired, Enable biometric login (i.e. Face ID), and other productivity features.

• Log in to your Bitwarden web vault and view your Vault Health Reports. Identify your most sensitive accounts (banking, finance, etc.) and see if your passwords are reused or have been in a data breach. If they have, change them immediately using the Password Generator. Repeat the process for the rest of your accounts, starting with the most sensitive accounts. Remember that if you’re a public figure, protecting your social media presence is essential because your public image is at the root of your finances and crucial to your future success.

Tvåfaktorsautentisering lägger till ytterligare ett lager av säkerhet till dina onlinekonton genom att kräva en verifieringskod innan du kan komma åt dina konton. Du kan aktivera 2FA i kontosäkerhetsinställningarna för de flesta appar och webbplatser. Att ta emot ett sms/samtal/mejl med en kod är bättre än ingenting. Ändå är det bästa praxis att använda en autentiseringsapp (som den som är inbyggd i Bitwarden) eller andra som DUO Security.  

Öva säker lösenordsdelning genom att använda Bitwarden Send för att överföra känslig information. Om någon ber om ett lösenord, användarnamn eller inloggning, se till att personen som frågar inte är en bedragare. Kontrollera också att de har en bra anledning att behöva din personliga information. 

Som SocialProof Security VD och white hat hacker Rachel Tobac påpekar kan angripare använda offentlig information om dig för att framstå som legitim, detta kallas vanligtvis för nätfiske. För att skydda mot potentiella nätfiskeattacker, var medveten om vilken personlig information som kan delas på offentliga forum som sociala medier. För att lära dig mer om hur högprofilerade individer kan skydda sig mot cybersäkerhetshot, kolla in Rachel Tobacs Hacker's Guide to VIP Security.

De mest framgångsrika idrottarna skyddar sig på och utanför planen. Lösenordshanterare kan inte hjälpa till att skydda din kropp från skador, dålig kost eller otillräcklig sömn, men en lösenordshanterare som Bitwarden hjälper dig att skydda ditt personliga varumärke, ekonomi och mer. Ge inte upp din surt förvärvade framgång genom att tillåta luckor i din täckning. En stor träff för ditt varumärke eller ekonomisk säkerhet kan vara mycket mer skadlig än en stor träff på planen. Kom igång med ett gratis Bitwarden-konto idag, eller gå med premium för endast $10/år. 

För franchisetagare, universitet och organisationer som är intresserade av att implementera en lösenordshanterare, kontakta försäljningen eller starta en gratis provperiod.