b2ap3_thumbnail_baseball_hacker_400.jpgIT can be like baseball. When a team is up to bat in a game of baseball, the team at bat is allowed to keep two coaches on the field. They are called the first base coach and the third base coach. While both coaches’ responsibilities mostly have to do with baserunning, the third base coach also takes on the responsibility of relaying “signs” from the manager in the dugout to the batter at the plate.

buck ib 1

These signs represent orders or suggestions from the manager, who is in charge of implementing the strategy each pitcher or batter throughout the baseball game. The third base coach is just an intermediary. He relays the orders to the batter, and it’s the batter’s job to execute the direction that’s given. Each team will try incessantly to steal the other team’s signs, as doing so will give them a distinct advantage on the field of play. For instance, if a hitter somehow was tipped off that the pitcher will be throwing a curveball, there is a better chance the player will let the pitch go by because it’s hard to throw a curveball for a strike, and even harder to hit a curveball.

What does this have to do with IT? It suggests just how much your competition gains from having information about your company; the information that only you should have access to. While “sign-stealing” on the diamond is looked on as gamesmanship, stealing information over your business’ network is a crime (or at the very least unethical), and should be thwarted if at all possible. The former scouting director for the St. Louis Cardinals is finding that out the hard way.

Christopher Correa, the former scouting director for the St. Louis Cardinals has plead guilty to five counts of unauthorized access to a private computer for using a former employee’s login information to access a Houston Astros’ secure database that was filled with data that could provide useful information. Correa had accessed both employee emails and the team’s database to gain information, an action that he admitted was, “stupid,” to U.S. District Judge Lynn Hughes.

Correa, who accessed information mainly to gain a competitive advantage over a rival team, was fired from the St. Louis organization after his improprieties came to light. Ironically, Houston, who had been playing in the same division with St. Louis since 1994, moved to the American League before any of these hacks had taken place.

Correa’s former boss, and current Astros General Manager, Jeff Luhnow is likely the “Victim A” from the indictment, and the likely owner of the passwords that Correa used to access the Astros’ system. Luhnow seemingly used the same credentials to sign into the Astros’ environment as he did when he handed over his laptop and password to Correa when he left to take the GM job in Houston in 2011. Luhnow made the following statement:

“I absolutely know about password hygiene and best practices. I’m certainly aware of how important passwords are, as well as the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard.”

In this case, however, Luhnow seemed to be lacking somewhat in his conscientious efforts to protect his organization’s intellectual property by using the same credentials he was using while a member of the St. Louis staff five years prior. When someone leaves your company, especially if he or she is leaving for a competitor, it’s important that you get all the credentials that they used to access all data systems. Conversely, when someone joins your company, it’s important to make sure they understand your organization’s cyber security protocols, to keep you from having to deal with data breaches and other situations that may put your business at risk.

Network security, including password management and intrusion detection are essential for every business that doesn’t want to their network hacked by their competition, or by random hackers out to make a quick buck. For more information about the best practices for comprehensive network security, or to talk with a technician about the options we offer to help you protect your network, call us today at 810.230.9455.