5 Safety Measures to Take With Your Valuable Cycling Data

Molly Hurford
·5 min read
shimano logo
What You Should Know After Shimano’s HackChris Graythen - Getty Images

As a cyclist, is cybersecurity something you should be thinking about? Actually, yes. After the recent alleged Shimano data hack, a Garmin ransomware attack earlier this year, and research showing Strava data could be used by cybercriminals, there are a lot of reasons that cyclists who leave a large virtual footprint should be nervous.

However, Lars Sorensen, a computer science professor at Rutgers University—a cyclist himself—says while you should be cautious, you shouldn’t be panicked by these headlines when you start seeing them online.

“You are always going to be vulnerable online,” says Sorenson. With all the systems and platforms you use and payments you make online, you are always going to be in a situation where something can become insecure. “But to be nervous and anxious and stop doing everything online because of security is a bad way to look at things,” he says.

Here, he’s sharing what you need to know to keep yourself safer virtually, as well as IRL.

Consider how you’re posting—especially on Strava

If you have a public profile, remember that it’s not just your friends who can see you. Your first privacy issue is the IRL aspect: You’re showing people your routes and routines, where you live, when you’re out of the house, and when you’re on vacation. You can set a privacy perimeter around your home/where you finish your runs in your Strava privacy settings, but as Sorenson says, if someone wants to figure out where you live, that circle can still give someone plenty of information to get started.

But the other issue is the virtual one: Often, we title our rides based on information about our day—intel about kid’s birthdays, pet names, anniversaries, school pickups… all mundane information, but all information that very likely is linked to your password or security questions you get asked when you try to log into your TrainingPeaks.

“A very popular saying in cybersecurity is that 80 percent or more of data breaches are due to social engineering, where somebody is calling you on a phone and getting personal information from you, or finding it online,” he says. “If I know your birthday, your husband’s birthday, your kid’s birthdays, and your favorite sports teams, there’s a really good chance I have about 70 percent of your passwords.”

Make your passwords smarter

Sorenson says he likes passwords that are phrases, so using a series of words that make it easy for you to remember—R@ceLeadville!Win100MTB—but difficult for a criminal to put together,.

“Put the words out of order, add numbers and other characters, and you’ve got a pretty strong password that's probably not going to be broken into,” he says. Additionally, diversify your passwords and where information is stored. Sorenson points out that this is potentially Shimano’s downfall, but you can apply it to your life as well. Shimano’s hack supposedly accessed not just employee records, but also customer data and intellectual property. That shouldn’t have all been easy to access together. (Shimano has not released a statement or information regarding the alleged ransomware attack.)

For you, this could simply mean not reusing the same password for everything and having important documents stored somewhere as a backup.

🚴♀️ Use two-factor authentication

Is it super annoying? Yes. Is it a smart safeguard? Also yes. Sorenson recommends using a two-factor authentication app (2FA) or your phone number as a way to authenticate every time you log into an app or account.

Do those upgrades

Still operating on iOS 10? It’s time for an upgrade. One of the simplest ways to protect your phone and computer is by upgrading when they tell you it’s time because those updates include updated security. Old systems also stop being supported, leaving them more vulnerable. So yes, it may be annoying adjusting to new settings on your laptop—but that beats having to cancel all of your credit cards.

Seriously, watch out for phishing

Unfortunately, phishing scams have gotten better and better over the years, and clicking on one wrong link in an email can be catastrophic to your virtual security. Sorenson recommends checking the URL an email is being sent from, first, but also, if you can then go to the site from your browser rather than clicking through the link, do that. For instance, if you get an Instagram notification that you need to reset your password, don’t click that link. Go to the app itself—and within the privacy and security section, it will show you if Instagram has sent you an email, or if there are any security issues you need to address. Rarely do you need to use a link from an email.

But what about the Shimano hack?

Good news: Sorenson says that realistically, the only data hackers could have gotten about Shimano’s client base would be what gear they purchased (so yes, they know if you’re still using mechanical shifters or 105 versus Di2!) which, if you were hiding that from a spouse, could be as bad as that Ashley Madison leak a few years back.

The leak from the client files could also potentially include credit card information. This may mean you need to cancel your card, or at minimum, keep an eye on your transactions. But most of the hack involved intellectual property from Shimano and employee data—bad for them, but not catastrophic for you.

You Might Also Like