More great information from Trade Show News Network (TSNN)!
Cyber security was the topic of Michelle Bruno’s interview with Michael Robinson, cyber threat analyst and forensic investigator, on the TSNN Webinar, “Securing Your Event’s Digital Data.”
Robinson stresses that that data security doesn’t happen by accident. It has to be planned for when we start planning our events. “Events, just by their very setup because they are so open and they have so many people attending, are not very secure.”
Up for discussion during the webinar were common risks to events such as pineapple routers, fake cell phone towers, open Wi-Fi networks, unsecured registration kiosks, and how even organizers can best protect themselves. Vulnerabilities also plague event mobile apps. Hackers can break into that app, steal contact information, and target your attendees with phishing emails (for example). If the app is connected to back-end systems such as registration, credit card information is also at risk.
Basic questions event organizers should be asking developers at the start are, “Is the database you are storing on the phone encrypted?” and “Do people have to log in with a name and password or just an email address?” and “Does the app automatically encrypt traffic being sent back and forth?”
Robinson also cautions against social sign-ins (allowing attendees to sign in to the event app via their LinkedIn, Twitter, Facebook, etc.). “We are in a mad dash right off the cliff… because we want to make things easy for people,” said Robinson. Once someone gets that one set of credentials they can get into just about any system your attendees access.
Some basic tips Robinson offers event organizers:
1. Better Safe than Sorry
Be careful about what data you are collecting and ask yourself why you are collecting it. Do you need it? What would happen if someone stole it?
2. Protect Me
Ask your app provider and web developer how they are protecting your data. Ask what kind of encryption they are using and what standards they are adhering to.
3. Secret Password
Do not share your event Wi-Fi password where people who are not attending your event can see. Change it every day and, make sure everything passing through the network is encrypted.
4. Keep a Lookout
Ask your venue if they monitor their space to ensure no one sets up a wireless network that is not the venue’s, that no one turns on a fake cell phone tower, and that no one turns on a cell phone or wireless jammer. If they don’t do this, have your own security people take this on.
5. Defend the Gate
Make sure no one can access USB ports, flash drives, or event systems on your registration kiosks and laptops. Protect all entry points where people can connect to the Internet. Make sure your vendors have secured all their equipment as well.
6. Speak Up
Don’t be shy about asking questions about security with your vendors. These questions should be asked up front, not a few weeks before the event. Have a checklist in place so you don’t forget any key areas, such as encryption, Wi-Fi pineapples, fake cell towers, open Wi-Fi, unsecured hardware (such as registration kiosks), mobile apps, password protection, and social media.
What should you do if you find out your data has been compromised? Let your attendees know immediately. Warn them they might be open to phishing schemes.
What are YOUR thoughts on all this? We’d like to hear your comments!
Call or email us for information on our products! 630-860-1661 or email@example.com
Helping Exhibitors With
One Booth At a Time…