What Footballers Wives Can Teach Us About Cybersecurity

Professional football (soccer for my American friends) is big around the world. The English Premier League is among the top in the world, attracting some of the best players, generating millions in revenue, and having fans who are loyal to a fault.

Depositphotos_150617900_s-2019 (1)

With top footballers gaining superstar status, it's no surprise the tabloid media is always digging for new and interesting stories about their lives both on and off the field. Be that about their house, their family, the type of cars they drive, or how much money they spent on a night out.

Being in the limelight, many footballers and their families have learnt how to keep their personal affairs private. But Coleen Rooney, wife of footballer Wayne Rooney, kept on finding their private stories kept making their way into the tabloid papers despite all of her best efforts. So, she hatched a plan.

Setting the Offside Trap

In a social media post, Rooney explained how stories she was posting on her private Instagram account were being leaked to one newspaper in particular. So she started going through a process of elimination by blocking access to her profile one by one.

Along with this, she began posting fake stories, such as her basement being flooded, which also made their way into the papers.

She continued blocking her followers until she was left with just one - Rebekah Vardy, wife of footballer Jamie Vardy.

Armed with all the evidence she needed, complete with screenshots of her false stories, and they're printing in the papers Coleen went public and accused Rebekah of being the traitor.

A Game Of Two Halves

Rebekah Vardy didn't silently turn the other cheek to the accusations. In her own post she stated in her defense, "If you thought this was happening you could have told me and I could have changed my passwords to see if it stopped. Over the years various people have had access to my insta & just this week I found I was following people I don't know and have never followed myself."

Penalty Shootout

I'm not writing this as a story about a feud between two ladies. Neither do I know whether Vardy really was the one leaking stories to the media, but there are some relevant security takeaways from this story.

Firstly as Coleen Rooney discovered, nothing that you post online is truly ever private. Even if you lock down your account with all the right technical controls, you are still sharing the information with people, who at the end of the day could be compromised, or act in their own self-interest.

Enterprises should also be aware of the dangers of over-sharing too much information. Even relatively benign information can be pieced together to arrive at some conclusions.

On Rebekah Vardy's side, we see how maintaining account security is of utmost importance. Accounts should never be shared, and others should not be given access to ones account. Any activity undertaken by that account will always be pinned onto that account owner. Access should be regularly reviewed, and multi-factor authentication deployed where available.

In enterprises, sometimes administrative or system accounts need to be used. In such cases, change or incident management process should be established and followed, where an account is released to an individual only to carry out a specific task, and closely monitored for the duration. Once complete, the account password should be securely changed and stored.

Train your users in not over-sharing on social media, and not sharing their passwords by our following training, see for yourself how KnowBe4 can protect you. 

Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews