2025’s NFL Draft Showed Why Cybersecurity is Important Everywhere

There are a few occasions that we get a very apparent example of how important basic cybersecurity is, regardless of where you are, and this year’s National Football League draft is one such example.

For those who don’t follow the NFL or the draft proceedings, multiple draftees received prank calls during the process, although one in particular is applicable to businesses of all kinds. Let’s examine this situation to reinforce a few critical cybersecurity best practices.

To begin, let’s discuss what happened and the ramifications these events have brought.

In Short, an iPad Was Left Unlocked

In order to preserve security, draftees don’t use their normal phones to communicate with recruiters. Instead, a fresh number is used, and these numbers are only provided to the teams participating in a given draft. One of these teams was the Atlanta Falcons, who distributed this contact information to their staff… including Jeff Ulbrich, their defensive coordinator.

This contact information was stored on Ulbrich’s iPad, which was left unlocked.

A few days before the draft began, Jeff Ulbrich’s 21-year-old son, Jax, was using this iPad and came across Shedeur Sanders’ draft contact phone number. The younger Ulbrich recorded this number, and on the second draft day, sat with a friend who called up Sanders and posed as Mickey Loomis, general manager of the New Orleans Saints. The friend told Sanders that the Saints wanted him as their next pick, only to tell Sanders he would have to wait a little longer, immediately hanging up.

For context, Sanders (the son of the famed NFL player Deion Sanders) was anticipated to be among the first 32 players selected, but wound up waiting until 143 other players had been drafted to various teams.

With video of the call emerging online, the younger Ulbrich has apologized for his involvement, but that has not prevented the National Football League from fining Jeff Ulbrich $100,000 and the Falcons organization $250,000.

Clearly, This is a Bad Situation for Everyone

Fines aside—and these are not fines to take lightly—the ripples of this issue are going to be far-reaching. 

The Falcons management will now have to consider how much they share with the elder Ulbrich, while they have decided not to take any action against their defensive coordinator. In addition, whether or not this call impacted Sanders’ ranking order, the salary difference between the first pick and pick 144 is $42.2 million over four years. Comparatively, Sanders’ image, name, and likeness gained him $5.1 million during his last college season.

Jax has since apologized via a social media post addressing Sanders directly.

What a Business Can Take Away from This Situation

There are a few lessons that can—and very much should—be learned.

The Principle of Least Privilege

The concept behind the principle of least privilege is to keep everything on a strictly need-to-know basis, which is something that the NFL did do. Sanders himself has expressed his surprise and confusion because of the phone number’s secrecy.

While not directly related, one of the best ways to keep business data secure is to treat it similarly and restrict access to only those who need it, and only as much as they need it.

Authentication is Important

As the iPad that Jax Ulbrich used to get the number was not password protected, it can almost be seen as lucky that it was only used to access a number for a prank. All devices (especially those used for work) should be locked down through stringent authentication measures to ensure that the data they hold remains private. If that iPad had been properly secured, this mess would not have happened.

Phishing Comes in All Shapes and Forms

It isn’t a stretch to see this situation as analogous to a phishing attack, as the only thing that really separates the two is the motive. As such, it serves as a great reminder to always try to confirm communications through a secondary source.

We’re Here to Help Your Business Avoid Similar Mistakes

While the stakes are undoubtedly different, you can’t afford to risk your business’ future by making these same errors. That’s where White Mountain IT Services can help. We’ll review your business and ensure it is properly secured against threats, helping keep an eye on things to keep them out.

Learn more about our modern cybersecurity services by calling (603) 889-0800.

Related Posts

The Dangers of Double and Triple Extortion

Ransomware has emerged as one of the most dangerous modern threats to businesses, and when you consider just what’s at stake with a ransomware infection, you’ll realize we’re not exaggerating. The worst variants of ransomware will attempt to extort you through any means necessary, and when you don’t give in so easily, they’ll pull out the big guns: double and triple extortion. Double-Extortion ...

Cybersecurity Will Save Your Business, One Prevented Hack at a Time

When it comes to cybersecurity, businesses have a lot to keep tabs on—even a small business like yours. In fact, you wouldn’t believe just how much goes into cybersecurity and why your organization needs to make it a priority. Today, we want to convince you that cybersecurity is more than just a buzzword on the Internet; it’s a lifeline that will keep your company secure. Cyberattacks Are Serio...

How to Minimize Cybersecurity Sprawl

Obviously, we won’t tell you to cut down on your cybersecurity. That said, it can be easy to overinvest and overreach if you aren’t careful about what you’re implementing. This phenomenon is known as cybersecurity sprawl, and if not prevented, it can easily have serious consequences for your business. Let’s go into how to avoid this sprawl. But wait, you may be asking, why shouldn’t I implement...

Why Do Businesses Have Such a Hard Time Identifying Threats?

Cybersecurity is intensely important, so a business owner would think implementing every security feature and defense would be a good idea. However, as research has shown, this can be counterproductive, as only 67% of surveyed security leaders know what led to cybersecurity incidents in their businesses over the past year.  Let’s explore why security breaches often go unnoticed by the bus...