As the NFL Draft goes virtual today during the COVID-19 pandemic, the buzz is as much about cybersecurity as it is about whether LSU quarterback and Heisman Trophy winner Joe Burrow will be the number one draft pick.
OK, that might be an exaggeration, but cybersecurity is taking front and center at the now virtual event as the use of new apps, multiple devices and Zoom teleconferencing make teams and the event itself more vulnerable to hackers and mischief makers.
“All eyes will indeed be on the NFL draft. It appears that contingencies are in place and there has been a dry run,” said Thycotic CISO Terence Jackson, adding that no solution, though, is 100 percent effective. “Draft day will be the best day of some of these players lives and it is up to the IT and security professionals to make sure it’s not marred by a cyberattack.”
During this year’s draft, GMs will submit their picks to NFL Commissioner Roger Goodell, working from his home basement, by phone or online. And instead of standing in a holding area behind the scenes, draft picks will be waiting remotely and using Zoom to communicate and react to their fates.
“As team personnel collaborate on Draft Day, they will be sharing data between multiple devices; exemplifying how employees access data fluidly between traditional endpoints and mobile devices with the adoption of cloud-based technologies,” noted Hank Schless, senior manager, security solutions, at Lookout.
Mischief-makers often disrupt Draft Day proceedings – witness fans from opposing teams booing and throwing objects. Those intentions along with the privacy concerns over Zoom could open the door to shenanigans and worse.
While “NFL picks aren’t what we traditionally associate with valuable corporate data, however, they could be highly valuable to a malicious actor on Draft Day,” said Schless. “Having this data stolen and shared out to the world ahead of that team’s pick could alter the future of their organization.”
To protect the draft, cybersecurity firm CRITICALSTARTadvises teams and the NFL to:
- Leverage both strong passwords and multifactor authentication for meetings channels.
- Scrutinize every email.
- If using Zoom, follow corporate best practices.
- Tightly manage your social media channels.
- Scrutinize all your communications.