With the explosion of virtual and hybrid events, cybersecurity has become a major responsibility for organizers. What are the risks? And what measures must be taken to safeguard your events?
With the sudden rush to move events online this year, there is cause for concern that cybersecurity has been neglected. With unprecedented levels of crime taking place online, planners must embark on another steep learning curve. Here is VEI’s introductory guide to keeping your events safe...
Why are events a target?
Anything with value has the potential to be a target for cyber crime. Thomas Squeo, chief technology officer of Intrado, explains: “Typically, the two most valuable assets that flow through an event are the content and attendees’ Personally Identifiable Information (PII), such as full name, Social Security number, bank account and credit card numbers, passport number and email address.”
‘Hacktivists’ with a political or social motive sometimes prey on organisations with controversial operations and views, although this is less common.
Cyber criminals may also earmark an event for the simple reason it is easy to do. Ivan Garcia, chief technology officer and co-founder of event management software provider, EventsCase, explains: “Attacks on virtual and hybrid events are extremely easy to carry out, even without technical knowledge. It is scary to think anyone could do it with a minimum amount of training and practice.”
What are the risks?
The security risks vary from event data breaches to high-scale system attacks. For virtual experiences the dangers centre mainly around phishing, which is when a hacker tricks people into thinking they have entered an event's website to lure them into providing sensitive data such as PII.
Malicious software, or malware, can also be used to steal data or access information without authorization. Another issue can be cyber impersonation where personal data is captured to impersonate a user to enter an online event, or session, to gain valuable information.
What measures can be taken?
An ideal starting point is to assess the potential risks by identifying:
Who is coming to the event and whether they are high targets for hackers
The event type and privacy level of the data related to it
The theme and content and whether it is of interest to hackers
Once this is established, it is vital to regulate access through a robust registration system. For private events, it is essential to define a closed list of attendees who receive an invitation with a single-access code or establish moderation measures to vet the people who are registering.
Communicating cyber security best practices to delegates can be a worthwhile task. For example, passwords should not contain words or numbers that are easy to guess. With many participants working from home without corporate firewalls, encourage them to download and be up to date with their anti-virus software.
One way to minimise phishing attacks is to “inform attendees of the official URLs and advise them to check that their website is secure by looking for a padlock in the browser, next to the URL,” recommends Garcia. Inform users about the type of communications being sent and make them aware that no one will contact them directly to verify their password if they have not requested a reset.
Strong network security is critical. It is also preferable to have experts on hand to secure the various layers of your virtual experience in the planning process and to monitor the network throughout the entirety of your event. The system should track and detect anomalous activity, such as a sudden and large data loss or a user logging in from two locations that are not in the same IP range or region. The secure network solution must also “incorporate mechanisms to avoid brute force attacks and establish a maximum number of attempts,” adds Garcia.
To verify delegates’ identities and provide an extra layer of protection, there should be a double authentication mechanism. Squeo recommends: “Two-factor authentication gives organizers the ability to verify who a delegate is and where they are located. It's not foolproof, but it makes the event much more secure.
“Event planners may think of this as a barrier to entry for their attendees, but it keeps the event secure. The greatest security weaknesses are when an event host makes a decision around ease of use, which undercuts security.”
Cybersecurity event trends for 2021
Looking ahead to next year, audiences will expect a virtual component at every event, which will push cybersecurity to the top of every organizer’s agenda. Eventprofs must take an active role in learning about the ever-changing world of cybersecurity to ensure their events live on, long into the future.