A wise, unknown speaker once said, “The best offense is a good defense.” As unlikely as it may seem, this adage applies both to football and to cybersecurity. In football, you need a strong defense to keep the other team’s playmakers out of your endzone. When it comes to cybersecurity, you need a strong defense to keep cyber criminals from getting their hands on your personally identifiable information (PII). You need the strongest defense possible to protect your data. You need all systems on high alert to protect your business, your people, and your assets – including your money.
It’s not often we get to do sports analogies when we’re talking about cybersecurity, but a football analogy makes a lot of sense. Keeping the other team (bad actors) out of your endzone (your systems) takes more than one defender; it takes a defensive line. And it takes more than one position (tool) on that line – it takes a variety of positions – defensive ends, defensive tackle, nose guard, linebackers, and so on.
To keep your business, your people, and your assets safe, you need the best defensive line you can muster, with all the positions working together to protect you..
But wait, there’s more analogy to be had here.
If you think of the ball as malware (virus, spyware, etc.) and the offensive players as cyber criminals, even more connections appear between football and cybersecurity. For example, many teams use a strategy called “play action,” where the quarterback pretends to hand off the ball to a running back only to pull the ball away at the last second and throw it.
This is similar to the cybercriminal strategy of phishing where a criminal uses a fake but authentic-looking email to trick their victim into opening up an attachment or clicking a link that leads them to malware. Both strategies use deception to trick their victims into thinking one thing is happening (a run play or a normal email), only for a different and detrimental action to occur instead (a pass play or a malware infection).
So, can NFL defenses work against these plays help us to understand how to not fall for a phishing attempt? They sure can!
Defenses will watch the offensive linemen to figure out whether a play is really a run or if it’s a pass in disguise. If the linemen move forward to open a hole for the running back, then it’s actually a run. If they stand straight up and pass block, then it’s a pass. In the same way, there are things you can look for in a suspicious email to figure out whether it’s real or not. We even have a fun name for it. It’s called the SLAM Method.
SLAM stands for Sender, Links, Attachments, and Message.
When you come across a suspicious email you should first check the sender. Make sure the address the email is coming from is correct and doesn’t have any spelling errors. If it’s in any way wrong, you are likely being phished.
Then hover over any links present in the email to see where they are taking you. If what shows up doesn’t match with the name in the link or if it looks at all suspicious, do not click on it.
Never open attachments from unknown emails; they could contain dangerous malware that can infect your device. Even if it comes from someone you know, if anything looks off (or phishy) double-check with the sender through another form of communication.
Lastly, check the message of the email for any spelling/grammar errors or an uncommon sense of urgency.
Back to that defensive line...
The SLAM method is part of the education you provide to your people so they can be an effective part of keeping your business defenses up.
Education is one of the critical positions on the defensive line. Other tools include your data storage methodology, including encryption, your corporate firewall, and even your policies and procedures.
Just like a single linebacker could not possibly keep the other team out of the endzone, neither can a firewall alone protect your business, your people, and your money and other assets. It’s critical that you understand the threats and deploy the defense that’s going to give you the best chance of keeping the other team scoreless.
Analogy concluded. Stay safe out there.