Boston Celtics face off against spyware

While the Boston Celtics fought for a spot in the playoffs nearly two years ago, another battle raged behind the scenes. Jay Wessel, the organization's vice president of technology, was trying to score points against the spyware that threatened the laptops staffers use while the team is on the road.

People's laptops would get infected on the road and then they'd bring their machines back here and clog up the network. I was going from machine to machine to clean them up. Jay Wessel, vice president of technologyBoston Celtics

Spyware had always been a challenge for the team, which, like any sports franchise, spends a lot of time on the road during the season. Coaches, recruiters and other staffers rely on their mobile machines to go over plays and update the status of players, among other things. But those machines kept getting infected and a stop in Indiana was the last straw.

"Hotel Internet connections are a hotbed for spyware activity," Wessel said. "People's laptops would get infected on the road and then they'd bring their machines back here and clog up the network. I was going from machine to machine to clean them up."

During the playoff battle 21 months ago, he said a torrent of spyware poured into the machines through a bad Internet connection in an Indiana hotel. That's when he decided to fight back. Since then he's put together a defense that consists of strong user awareness and a variety of security tools, and the spyware infections are down to almost nothing.

Wessel said his first order of business was finding the right mix of antispyware technology. He tried Ad-Aware and Spybot Search and Destroy, as well as the Spy Sweeper tool produced by Boulder, Colo.-based Webroot Software Inc.

"All these tools play a role, but to keep the client from getting infected in the first place, we needed something else," he said. "We have a small administrative staff and don't have a lot of resources to throw at security every day. We don't have the security resources you'd find at a financial institution, so we needed a box we could just have up and running."

Contrary to the perception some might have that sports franchises have massive IT departments with unlimited resources, Wessel said the Celtics operation is more like a small business. He and one other person are responsible for the IT well-being of the organization, which consists of 75 administrative employees in a building across from the TD Banknorth Garden -- where Celtics home games are played -- and the actual basketball staff based in Waltham, Mass.

Battling spyware: Spyware war may be a losing battle, experts say Spyware Learning Guide Survey: Women more likely to download spyware Quiz:Is spyware getting the best of you?

So for his main weapon against spyware, Wessel chose an appliance from Sunnyvale, Calif.-based Mi5 Networks that could keep constant watch for spyware without getting the user involved. While it may not be the biggest and best tool out there, he said the price was right for the Mi5 appliance, and it fit well with the rest of the Celtics' IT infrastructure.

Though the appliance blocks most of the spyware 24-7 without the users having to play a role and he considers it the centerpiece of his antispyware strategy, Wessel said he also relies of a variety of other tools, including an email and Web filter from Scotts Valley Calif.-based SurfControl Inc., antivirus from Tokyo-based Trend Micro; firewall and intrusion detection technology from Sunnyvale, Calif.-based SonicWALL, Inc.; and Aladdin's eSafe malware-detection tool.

While that mix of technology has all but eradicated spyware from his network in less than two years, Wessel said his security program wouldn't work without a heavy dose of user education. Employees are required to sign an acceptable use policy that outlines what they can and can't do on their work machines, and the dozen or so interns who work for the Celtics each semester are read the "pre-emptive riot act," Wessel said.

The goal is to keep employees and interns from visiting Web sites that could be used to download more malware onto the network.

Fortunately for the Celtics, Wessel said, there are no crown jewels to protect as there are at financial institutions, for example. "For us the big threat is an attack from someone who wants to brag about shutting down the Celtics' network," he said.

And if someone wanted to knock down the Celtics Web site, that's not something Wessel has to worry about. "We don't run the Web site from here," he said. "The NBA runs all the team Web sites from a huge center in New Jersey."

He doesn't worry about online outlaws trying to steal plays from the team's computers, either.

"It's easier for someone to steal plays by sending a scout to our games," he said.