Sports Teams and the Question of Security

March 20, 2023 | by Rachel Kronenfeld

As an organization that has served various professional sports teams, leagues and individual athletes, Hg has observed a troubling trend regarding the security of players, spectators, referees, executive team management as well as premises from training facilities to stadiums. While larger sports organizations have state-of-the-art Global Security Operations Centers (GSOC) that monitor the online sphere and social media in particular for threats, they can still struggle to have eyes on everything with such a large volume of content to monitor. In particular, they often need outside professional social media intelligence (SOCMINT) experts during surge periods such as playoff games or an incident response. Smaller professional sports teams and collegiate teams often lack the capacity and resources to successfully monitor social media, which increases the risk of security, legal and reputational becoming crisis matters. 

Of course, stadiums and arenas are filled with an abundance of security professionals from the gatekeepers who screen ticket holders to those in control towers monitoring the hallways and spectator areas via state-of-the-art camera systems. If only online security teams for all sports organizations were as well-staffed as the physical security team…today’s most concerning security threats often initially manifest online. 

Just as in other industries, the threats to security in the sports sector are now technologically sophisticated and methodical. Often, bad actors leave abundant evidence of their harmful intent over many weeks, months, even years via social media, chat rooms and the dark web. They activate misinformation campaigns, obtain personal identifiable information (PII) about athletes, referees and team executives and dox their residential addresses, the schools and colleges the sports figures’ children attend and the work addresses of spouses, using information obtained from public databases. With the abundance of open source data available to anyone online, unless a sports organization is taking the initiative to remove PII of all their athletes, executives and referees including that of family members, they are leaving this information vulnerable for anyone to access within minutes. 

The corporate sector that purchases naming rights on sports complexes and banner ads inside arenas should also be concerned about their brand reputation.  A trusted reputation can rapidly erode online as consumers associate a brand name with a particular security incident handled poorly. Further, if a league is not monitoring their products online to stop sales of counterfeit sports memorabilia, consumers may later learn it is not authentic, causing them to lose trust in their favorite team. Let’s not forget about the athletes themselves, who should be monitored online to be aware and mitigate reputational issues and potentially even lawsuits. For example, players sometimes use music or other IP in their posts that is copyright-protected, potentially exposing the athlete and the team to copyright infringement lawsuits.

What can sports organizations do to keep everyone associated with their organization safe? Hiring outsourced OSINT (Open Source Intelligence) professionals who know how to effectively monitor websites, chat rooms and social media to detect intent to harm quickly can enable  preventative action that can avert a crisis. Further, OSINT professionals have the sophisticated research capabilities and software to discover and remove personal data from online public records, keeping the private details of athletes, executives and referees exactly that — private —  neutralizing threats to their families by eliminating their personal details and preventing online doxxing. OSINT professionals also play a critical role at live sporting events, monitoring online resources and social media, alerting event and arena/stadium security in near real time to credible security threats and flagging specific persons or groups in attendance.

In addition to obtaining professional assistance, it is imperative that in-house operations teams become educated about OSINT and learn to properly detect cyber threats which will strengthen their ability to integrate with their outside OSINT advisors to avert harmful, even potentially catastrophic, security incidents.