The 2018 Winter Olympic Games in PyeongChang, South Korea, are set to begin on Thursday, Feb. 8 and run through Sunday, Feb. 25. So what do you need to know to stay secure as you watch on the go? Also, what do enterprise network and security teams need to do to prepare?
First, there are many good articles providing the background and logistical details regarding these 2018 Olympics Games.
Several common questions include:
Why Discuss the Winter Olympics in a CyberSecurity and Infrastructure Blog?
But before I offer you the tips to help keep you and your network cybersafe at home or work or anywhere else online, I am sure some readers think this post may be out of place. So why are we talking about this topic in a professional technology article? Are there really security concerns if you are not traveling to see the games in person in South Korea?
Here’s a brief history on this topic to help understand the trend.
Back in the summer of 2016 when the Rio Summer Olympics were getting ready to start, NBC News ran an article with the headline: We Know You’ll Be Watching the Olympics at Work, So Here’s How to Do it Safely.
I was quoted in the opening paragraphs: “The threat is serious and it’s real. … There could be surges in bandwidth on your network and it may not be when you expect,” Lohrmann told NBC News. “It’s very difficult to know which event or events might go viral and all of a sudden the network at your business goes down.”
Prior to those 2016 Summer Olympics, TEKsystems polled IT pros who design and maintain enterprise networks and found:
72 percent expect a moderate-to-major increase in Internet use during the Olympics 79 percent expect their networks to be at greater risk 52 percent will use additional filters, blockers, firewalls or similar software as a preventive measure 84 percent do not plan to issue any guidelines about accessing unauthorized sites or viewing Olympic events during work hours With NBC ditching tape delays to broadcast sporting events live for these 2018 Olympics, I expect operational network issues for some businesses and governments in the weeks ahead. It is possible that some networks could see impacts as early as the opening ceremonies, which run from 6-8 AM ET on Friday, Feb. 9.
No, these major sports events bringing network and security issues are not new. Similar problems arise on a semi-regular basis with March Madness, the FIFA World Cup Soccer coverage every four years (and coming later in 2018) and other events. Even TheStreet.com has covered hacking and bandwidth issues associated with major sports events.
Important Questions for Network Administrators to Consider
A few years back, I asked: Could the Olympics bring down your network? These seven questions are still important to consider in 2018 for all major sporting events, but especially for the Olympics that come every two years. (Note: I updated the questions for this current scenario.)
1) What is your policy regarding personal use of computers, sports and filtering? Can you enforce the policy? What controls are in place?
2) Is watching live sports (or other personal entertainment) videos or streaming media allowed? (For companies that say they just trust their employees to get work done, some extra reminders and oversight may be required in the next few weeks.)
3) Can you limit bandwidth for video or live streaming, if necessary? Are the tools in place to adequately monitor network performance? (Again, special attention may be needed right now.)
4) What is the policy for “inappropriate use” of personally-owned devices? Even if the company network may not be impacted, worker productivity can still be a problem.
5) Watch out for Olympic-related phishing attempts, malware and spam links. Warn users as necessary. Remember that global or national headlines provide opportunities for the bad guys as well, since users will be intrigued and often be going to new websites to get updates.
6) Turn lemons into lemonade — Take this opportunity to train staff and reinforce policies. When everyone is watching, it is often easier to get their attention in meaningful ways. Also, consider offering a TV for key events that many people want to watch, like the opening ceremonies or important figure skating competitions. Turn this fun time into a team-building pot luck or bring in food. (Radical thought for people in the Eastern USA: Invite staff to come in early on Friday at 6 AM ET to watch the opening ceremony on a big screen TV while eating breakfast. You can still start work at 8 AM. In the United Kingdom (UK), do the same for lunch.)
7) Beyond the South Korea Olympics, think longer term and develop “what if?” scenarios for a variety of sports and/or other entertainment events. Test your controls.
Traveling Tips for the Winter Olympics
The US CERT and several media outlets offered tips this week to those who are traveling to the Olympics in South Korea. These online and offline tips are also helpful for other popular events and travel in general.
Considering the on-the-go nature of attending the Olympics, all of the recommendations center on mobile security hygiene are very similar to what attendees of Black Hat and Def Con are told.
Switch off Wi-Fi and Bluetooth connections when not in use. Use a credit card to pay for online goods and services. When using a public or unsecured wireless connection, avoid using sites and applications that require personal information like log-ins. Update mobile software. Use strong PINs and passwords. This particular event has extra security interest due to the North Korea security situation. The Huffington Post offered this article describing the cyber-risk and virtual terror potential. However, North Korea joining the South Korea Olympic team, has reduced the terror threat considerably. Here’s an excerpt from the NY Times:
“Organizers have long feared that the North might test a missile or a nuclear weapon during the Games, perhaps even provoking a chain reaction of escalations leading to war. Such worries have subsided since the January deal, in which the two Koreas agreed to march under one flag in the opening ceremony.”
End User Security Tips
First of all, be alert. Know who you are truly dealing with online. Make sure you are trained on how to spot phishing attacks and other online tricks.
Second, if you are buying online tickets for the Olympics, March Madness, or other sporting events, concerts or other popular events, follow these tips from the Better Business Bureau (BBB). Also, check out this McAfee list of ticket scams to watch out for.
Third, understand that this trend is not new and not going away. As Trend Micro pointed out several years ago, cybercrimminals have time on their side and are just waiting for you to let your guard down. If you didn’t fall for March Madness tricks, they may be back for the summer, the World Cup or other major sporting event.
Perhaps you are wondering why these sporting events are different from the Super Bowl or World Series. In addition to the larger global audiences, the time zone changes and long duration of these sporting events over several weeks make them unique. Also, a Sunday night Super Bowl doesn’t have the same impact on office networks as the Olympics.
Finally, it’s more difficult to prepare for the uncertain scheduling and potential medal upsets that occur with the Olympics. For example, who will be in the men’s hockey semi-finals or finals? What other event will go viral or attract people to tempting, look-alike websites?
Remember, bad guys use misinformation, changes in our normal Web surfing patterns and unusual situations to their advantage.
Enjoy the games, and stay safe online in the process.