In May and June of last year, two separate international cyber-attacks crippled groups, organizations and businesses in North America, Europe and Oceania. Those attacked included Washington law firms, London ad agencies, Britain’s National Health System, major corporations like Merck Pharmaceuticals and Maersk, power systems, and ominously, the Chernobyl Nuclear Power Plant. This raises the question: how safe is your business’s and your event’s digital footprint?
If cyber-security is only as good as the technologically-weakest or laziest attendee at an event, what should a planner be thinking about when considering the digital aspects of their program?
The current headline grabber is ransomware, which is basically software that blocks—kidnaps—access to a computer system until “ransom” demands are met, but the litany of malicious attacks includes:
malware (software viruses that damage/disable computer systems);
hacking (unauthorized access to computer systems);
phishing (fraudulent emails, made to look like legitimate correspondence from
and other types of fraud using digital communications.
Bijan Vaez, co-founder and chief technology officer of event app developer EventMobi, explains that there is a lot of fraud potential at events because a great deal of money and services are being exchanged rapidly, in a condensed time frame, making it difficult to detect the fraud. “A lot of registration companies have fraud teams who do look at suspicious activity and try to figure out if something is happening within the system,” he says.
Vaez’s point is that technology isn’t a get-it-and-forget-it tool, but something planners need to monitor. He suggests planners look at both the vendor’s and venue’s ability to provide secure access to technology.
Digital security isn’t the sexiest subject. For many planners, listening to experts speak about HDTTPS, DHCP networks and VLAN, is akin to the Peanuts cartoons where adult-speak is presented as “Whaa, whaa, whaa.”
Realizing that many planners are caught in the middle of technical discussions that leave them behind, places Vaez’s sector in an “interesting dilemma, mainly because there is a very big gap of understanding between what the planners need to know and want to offer [their attendees], and what their security teams—if they’re working for an organization big enough to have one—actually want them to have covered.”
There is a lot of back-and-forth in the conversation. Vaez has received as many as 450 security-related questions from a client IT department with a two-day turnaround. This puts the planner in the middle, not understanding how decisions are made or what is affecting the outcome of their usage of the application. “Overall, it’s not a great way to manage this,” says Vaez, “but people tend to be getting by.”
The upside is that many corporations are having digital security conversations with the suppliers and venues they work with. However, small shops and associations, who rely on outside contractors, may not be having such discussions.
Chris Taylor, telecommunications manager at the Metro Toronto Convention Centre (MTCC), suggests that thanks to the “Cloud,” most groups are only concerned with Internet connections so attendees can work remotely while at an event.
Taylor notes that as a venue they find themselves in a unique situation. “Most corporations have a firewall set up to keep the outside from coming in, while we invite people in to set-up on the other side of that firewall. So,, what we provide is not a client-server relationship, but essentially Internet access or internal networking access.
“The biggest protection we have on our wireless network is that the individual mobile units cannot talk to other individual mobile units. It’s fully blocked. Essentially, when you attach to our wireless network you can talk to the Internet and the Internet can talk to you, but that’s it. That’s meant to stop any cross-device communication that can lead to the spread of viruses and other malicious ware.”
The first thing planners, attendees and everyone else should do to protect themselves, says Bill McDonald, the MTCC’s chief information officer, is to click on those software updates, which are primarily security patches. “A lot of the things people need to do are basic practices that have been around for quite some time,” he explains. “Make sure your patches are up to date, and don’t use the ‘remind me later’ option.”
McDonald advises that planners also think through “what if” scenarios and ask some essential questions. “If something goes wrong, how well can I recover my data? What is my recovery strategy? Is my last backup an hour ago, a day ago or two months ago? That speaks to how much data loss you would have if you did get hit. And what amount of data loss is acceptable?” he says.
A cyber-secure event starts with good personal digital habits such as backing up data on a regular basis and updating apps. It might be helpful for planners to include back-up reminders in their event messages.
Allan Lynch is a freelance journalist based in New Minas, Nova Scotia. He writes extensively about the business events industry.