Meeting safety is a top priority for planners, but just assessing the physical risks of an event won't cut it. Planners should also consider cybersecurity, taking steps to secure their WiFi networks and protect attendee data before, during and after the event.
According to IACC's 2019 Meeting Room of The Future Report, 27 percent of planners said data security will become the most critical event technology in the next five years. For tips on how to protect your meetings from cyber criminals, we spoke to Rebecca Herold, CEO of the Privacy Professor, an information privacy, security and compliance consultancy.
"There are increasingly more locations where WiFi networks and open-access points are provided by hotels, event centers and other locations where meetings and gatherings occur," said Herold. "All these locations have people within them who are looking for ways to access the data of those in the vicinity, and then to either monetize that data by selling it to others, or by using it themselves for a wide variety of fraud. Competitors are also looking for such ways to gain access to event data."
Below are four of Herold's top suggestions for improving event cyber security.
1. Conduct a Cyber Security Assessment
Risk assessments aren't just necessary for evaluating the fire hazards of a venue and developing a crowd-control strategy. According to Herold, event coordinators should also conduct a cybersecurity assessment to identify all possible risks and all of the sensitive information that might be vulnerable to a data breach or cyber attack. The next step is to set up a detailed response plan for when information is compromised.
"Establish a team who would be responsible for implementing the plan. Have them test the plan during a tabletop exercise prior to the event to make sure it will work as intended," said Herold. "If you have contracted someone to do cybersecurity for your event, ask them to do a risk assessment of your event site one to two days prior to the opening of the event."
2. Implement Phishing-Attack Training
According to research from Wombat Security, a security-awareness training company, 83 percent of businesses said they experienced phishing attacks in 2018, up from 76 percent in 2017.
"Phishing tactics are increasing," said Herold. "Cyber crooks would love to get access to all the data about attendees and their associated businesses at meetings, events and conferences. Clever phishing emails, texts, social media posts, etc., that lead to malicious websites often give them a way to vacuum up all that valuable data."
To combat cyber crooks, every person on the event team should go through training about phishing attacks and receive frequent reminders on how to avoid them.
3. Establish a Secure WiFi Network
A strong WiFi connection is key to keeping attendees happy. But just as important as WiFi speed is network security. Herold recommends encrypting the WiFi network transmissions used by attendees and assigning a different WiFi password to each registrant.
"This takes more work but will be more secure in the long-run," said Herold. "It will also help you track down any misuse of IDs and help prevent widespread breaches by ensuring that everyone uses a unique ID/password."
Consult with your venue and network-technology supplier to determine the feasibility of that setup so you can establish the right balance of accessibility and security for your group.
4. Get Vendors On Board
Consider adding security and privacy requirements to contracts with all tech vendors, suggests Herold. Clauses that call for encryption and unique, two-factor passwords can be added into RFPs with IT/network providers. Herold also suggests requiring mobile-app and website providers to perform and share the results of their own security assessment.
"Few things could damage the reputation of an event more quickly than having the attendees suffer from a cyberattack and privacy breach, and then having networks and newspapers report the incident worldwide," said Herold. "Include data and cybersecurity privacy practices throughout your event process, from the beginning all the way through to post-event analysis."