Cyber Safety Best Practices

Cyber Security
In today's connected world, improving cyber safety is crucial, not only for managing attendees’ expectations, but because every phone, tablet and laptop is an entry point for potential harm to planners, delegates and their events. In 2018, the Events Industry Council’s Industry Insights Committee conducted a survey of more than 200 event professionals on cybersecurity readiness. The survey found that while 82.46 percent of respondents feel that a data breach has the potential to adversely affect their organization, only 26.56 percent are aware of having an information security policy that provides for events. Survey respondents who had a meeting or event adversely affected by a data breach report the effects have included time away from managing the event, brand reputation damage, legal fees, financial damage, fines and attendee dissatisfaction. 1

Protecting Event-Related Data: Focus on Company Confidential Information

Broadly speaking, criminals will be interested in four types of information that event professionals may have: personal information, payment card information, company confidential information and other client data.

Protecting Company Confidential Information at Paperless Events

More and more events are going paperless, and it’s easy to understand why: Paperless meetings allow you to reduce printing (and environmental) costs, they are more forgiving for last-minute edits and participants appreciate the convenience of having the information they need on their devices. With that said, paperless events can increase your cyber risks. Fortunately, there are practical ways to mitigate that risk. Events can be an easy gateway for corporate espionage: Confidential information may be available on unsecured networks, and data such as financial information, business projections and operations manuals may be shared with participants. Paper-based meetings have the advantage of being able to track and manage who had access to reports, and these could be collected and shredded at the end of the event. Here are a few simple steps to make it more difficult for hackers to access your company confidential information at your events:
  1. Don’t display detailed confidential information if you don’t need to.
Unless required, avoid posting fully detailed financial information on slides. It’s easy to take images and circulate them. As an alternative, use an image to represent the data and report on it verbally. Although it doesn’t eliminate all risks, it can help reduce them.
  1. Use a secure board app for sharing documents.
Board meeting discussions often require members to access confidential data. To share these documents, look for an app that requires a password to sign in every time and where you can revoke access to the documents after a board member’s term has expired.
  1. Delete files from event laptops.
If you are using laptops provided by an audiovisual or event technology supplier, confirm that the files have been deleted at the end of the event. And, don’t forget to confirm that they have up-to-date security software! Alternatively, use your own equipment connected to the projector in the room.
  1. Have a social media policy and share this with your participants.
We love to have participants share information on social media, but there are times when this can result in confidential information being released. Help participants to know what should be kept confidential by providing a social media policy, informing them of the policy, and reminding them in any specific sessions where phones and devices need to be turned off.
  1. Arrange for a secure, password-protected network.
Open networks—often available for free in public spaces—are vulnerable to hackers. Arrange for a password-protected network for your event and take measures to protect this password. As an example, post the password after security checkpoints, rather than in exterior hallways. During the event, check for any rogue Wi-Fi spots that may have appeared. For increased security, encourage your participants to also use a virtual private network to access confidential information.  

General Guidance

While no system is perfect, you can make it harder for your data to be breached. Some specific actions that you can take to protect your own data and systems include:
  • Be suspicious of emails, pop-ups and websites. Use the old-fashioned way—go to the legitimate website and log in. If there’s an inkling of a doubt, don’t click!
  • When available, use two-factor authentication.
  • Use a virtual private network (VPN).
  • Avoid using USB flash drives to transfer files.
  • Backup, backup, backup!
  • Use a password manager.
  • Don’t store information you don’t need.
This article has been adapted, with permission, from the Events Industry Council’s cybersecurity resources. For more information on improving cyber safety for events, visit: www.insights.eventscouncil.org/Industry-insights/Internet-Access-and-Cybersecurity To learn more about cybersecurity and to receive a CMP credit, view our on-demand webinar: “Is Your Head in the Cloud?,” presented by Michael Owen. Prepared by: Michael Owen, Managing Partner, EventGenuity, LLC, Mariela McIlwraith, CMP, CMM, MBA, Director, Industry Advancement, Events Industry Council, Brandt Krueger, Owner, Event Technology Consulting.