While security threats in the physical world understandably grab most of the headlines, cybersecurity breaches have also impacted the meetings and events world, from corporate espionage over insecure Wi-Fi networks to credit card hacks and data theft at major hotel chains.
“Unless each individual on your team has a basic understanding of information security, every device is a potential entrance on your data, so everyone has to be aware,” advised Michael Owen, managing partner of business event producer EventGenuity, a member of The Meetings Industry Wi-Fi Coalition and past chair of the Events Industry Council (EIC) APEX Standards Committee. “The basic thing [to remember] is think before you link; everything you do has the potential to allow a portal of entry.”
Owen shared his insights at IMEX America 2018 on the “Cybersecurity: Tackling Industry Vulnerabilities” panel discussion, along with event designer and producer Tahira Endean, author of Intentional Event Design, and John Rissi, senior vice president of sales for PSAV.
"Cybersecurity: Tackling Industry Vulnerabilities" Panel Discussion, Left to Right in Photo: Michael Owen, Tahira Endean, John Rissi
According to Rissi, only an estimated 4.7 percent of data breaches are reported, which essentially gives hackers a license to steal. This is compounded by typically lax Wi-Fi security precautions at most meetings and hundreds, if not thousands, of attendees that could bend or break the rules.
A recent EIC Industry Insights study found that only 27 percent of events have an information security policy. Other highlights of the survey discovered the following information:
- 72% of events take measures to safeguard credit card info.
- 66% of events take measures to protect attendee registration information.
- 44% of events take measures to safeguard presentation content.
“It’s really about risk management,” Rissi said. “You have to weigh security on one hand and accessibility on the other hand. Hackers are looking for a soft target, and any time you have a large gathering there’s a problem with security. We have to be across-the-board secure.
“Convenience is the enemy of security,” he added.
According to the “Cybersecurity: Tackling Industry Vulnerabilities” discussion panelists, meeting and event planners should take the following precautions to shore up their cybersecurity:
- Understand what types of information you hold.
- Ask the right questions.
- Employ the right resources (internal or third-party).
- Use the right behavior (before, during and after an event).
- Modify agreements to address cybersecurity.
- Avoid USBs unless you know where they’re from and disable USB ports and Windows Help/Microsoft Support options at registration kiosks.
- Collect presentations in advance.
- Inform participants of social media policies.
- Have protocols for how to display business intelligence.
- Disconnect from the internet if it is not needed.
- Run registration information at a local level.
To protect credit card data, consider the following cybersecurity measures:
- Know how to recognize legitimate hotel booking sites.
- Don’t store information that you don’t need (called tokenization).
- Be careful about how you collect and give credit card information and consider using paper for on-site registration forms. Though realize paper registration forms also come with risk!
Personal information cybersecurity measures include the following:
- Use a password manager.
- Make sure your software and operating systems are updated.
- Update and use security software.
- Always be suspicious of emails, pop-ups and websites.
- Use charging stations with caution.
- Backup your data.
- Employ RFID protectors.
Related Reading on Risk Management From Meetings Today: