It is crucial that you protect your most valuable assets, you're your customers, guests and members' information. No one ever likes to feel vulnerable, whether in person or online. When it comes to simply browse the web, the passwords that automatically populate could leave you exposed in more ways than one.

That's why cyber security should be at the forefront and the top of your mind, especially in the world we live in today. Everyone can be a victim, from small and large companies to our government. So, I'll share some steps you can take to help mitigate the risk.

So, what is Cyber Security? In short, Cybersecurity is the art of protecting networks, devices, and data from cyber threats through unauthorized access or illegal use and the practice of ensuring confidentiality, integrity, and availability of information.

What is a cyber threat? A cyber threat is anything that causes damage by exploiting weaknesses. For example, if you're a bank victim of a cyber-attack, your customer's financial information could be exposed and sold on the dark web. Knowing that you need to manage your risks, that's where cyber security comes in.

It starts with a risk assessment. Determine what in your infrastructure could have potential vulnerabilities, from your Firewall to your servers, your network switches, and access points, all the way down to your desktops and mobile phones. If connected to your network, it poses a potential risk if not kept up to date through firmware and other updates.

 All these terms may seem foreign to you, but as Club managers, you must recognize the value of having an IT person evaluate your landscape to ensure you are protected. The last thing you want is a breach from a threat actor (hacker) who will compromise and hold your system for ransom. Not sure this could happen to you, look at current events, and you'll see that every size business has been targeted.

Be aware of the following: A business operational risk and a reputational risk. A business operational risk will affect the operation. This can put your daily operations at a standstill, leaving you unable to run the business as usual. 

A reputational risk damages the public perception of your brand, and lastly, a legal risk will open you up to lawsuits from customers, members and vendors whose information was stolen.

Additionally, be aware of some other areas of weakness that you may not think of, such as social engineering, phishing, Malware, rogue access points, and unattended computers. All these things can leave you exposed. That's why Cyber security awareness training for your staff is essential.

“Often people will spend a ton of money on firewalls, but the weakest link in any organization is typically the people using the computers and operating the systems. I.e., Your employees.”

Most, if not all, travel locations have retail outlets, Pro shops, convenience stores, and other locations within the establishment that allow credit card use. You must maintain PCI compliance.

Credit card companies require PCI compliance to secure and protect transactions against theft. If your organization accepts, transmits, or stores cardholders' private data must be compliant.

What does this mean? Do not store credit card data anywhere within your organization. Pass this off to your credit card processor. On swipe, that CC data goes straight to the processing company and lives there, forcing their compliance with the regulations.

Here are a few things that you can do right away to protect your environment.

Implement a firewall system with IPS and IDS. Those are intrusion protection and detection systems. At its most basic, a firewall is essentially the barrier between a private internal network and the public Internet.

Email Spam filter. Weeding out thousands of bad emails per day goes a long way. Of course, you also want Endpoint security, antivirus software constantly searching your devices and/or your networks to identify malicious threats.

Next is to create a patch management schedule. This is making sure every one of your computers is running on the latest software to protect it from malicious attacks and cybercriminals who can exploit those vulnerabilities as soon as they are known. "Zero-day attacks"

Often people will spend a ton of money on firewalls, but the weakest link in any organization is typically the people using the computers and operating the systems. I.e., Your employees.Implement a DNS filter that blocks your employees from going to specific sites and does not allow them to access others considered dangerous or malicious.

Implement A password policy, a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. You want to ensure your policy has a constant reminder to update their passwords and not to make them their dogs or their child's name or repeat one of their most recently used passwords.

Also, implement MFA where you can. Use multi-factor authentications to force users to verify who they are through an additional verification method.

Lastly, you need a nightly backup plan and a disaster recovery plan. The nightly plan consists of an offsite backup of your critical data to a location of your choice. There are numerous services available. Have your IT staff research and choose a reputable company or contact your MSP (managed service provider).