Cybersecurity Best Practices for Events
Just before the weekend, on the 28th day of Cybersecurity Awareness Month, it was announced that Events D.C. was the victim of a recent cyberattack (likely a ransomware attack), one that likely compromised employee and customer data. Events D.C. has over 400 employees and owns or manages 10 major venues across the District, including the Walter E. Washington Convention Center and RFK Stadium.
This is why cybersecurity needs to be top of mind for event planners. After all, event planners are responsible for managing people, logistics, finances, and all of the data that goes along with it – all of which are potential targets for cyberattacks. Here are some of the key vulnerabilities that event managers need to be aware of.
Data, Data, and More Data
Event planners are in possession of and responsible for a lot of sensitive information. Credit card numbers, social security numbers, addresses, and other personal data are all part of the job. And if that information falls into the wrong hands, it could be used for identity theft or fraud.
Here are a few best practices to help keep your data safe:
- Use a secure server to store sensitive information;
- Don’t use easily guessed passwords (don t even remotely consider 123456, password, or
Change them often and make them long and complex; - Encrypt all data that is transmitted electronically;
- Be careful about the WiFi networks you connect to. Public networks are not secure; and
- Educate your team about cybersecurity risks and best practices.
The Virtual Event Hack
When we all moved to Zoom and Google Meets virtual meetings at the onset of the pandemic cybercriminals were quick to follow suit. In their defense (Zoom and Google, that is), these platforms simply weren t fully prepared for the rapid adoption they experienced courtesy of a virus-who-shall-not-be-named. In December 2019, Zoom had 10 million daily meeting participants; by May 2020 they were up to 200 million.
Most people who attended a virtual conference in 2020 (before these platforms were able to find ways to better keep out Internet trolls) have a Zoom-bombing story .and it s usually a pretty unpleasant one (obscene images, name-calling, and just general all-around asshole behaviour). These Zoom-bombings may not have been damaging in the same way that other cybersecurity breaches like ransomware and phishing scams are, but hurtful and disruptive nonetheless. Neither of which is something that an event planner wants.
While the world is back to in-person events, virtual events still have a presence and will continue to do so for the duration. Which means that event planners still need to ensure they are following best practices in ensuring they are doing everything possible to avoid these virtual event breeches, including the following:
- Get to know your platform settings and how to rapidly disable or evict a jerk attendee if needed;
- Use the waiting room feature in order to have further control prior to admitting attendees;
- Always set a meeting password, and be discrete about how you are sharing it with your audience;
- Lock down screen sharing controls so unwanted intruders cannot hijack the screen for their own nefarious purposes; and
- If it s not imperative for your attendees to be able to communicate with each other and with the presenter then remove the ability for them to do so.
The Conference Hack
Conferences are fertile ground for cyberattacks. They bring together large groups of people, often from different organizations with different levels of security awareness. A lot of data is exchanged at large scale conferences and trade shows. Between the numerous email entries vying for the latest tech gadget giveaway to attendee demographic information to smart floors, data is available in spades, and you can bet that this has not escaped the attention of those cybersavvy folks with ill intent.
There have been a number of high-profile attacks on conferences in recent years, including an attempt to hack into the Montreux Jazz Festival and an attack on the DefCon security conference in Las Vegas. But the threat isn’t limited to big events. Smaller conferences are also vulnerable, especially if they don’t have the resources to invest in top-notch security. And because conferences often involve high-profile speakers and attendees, they can be an attractive target for attacks that seek to disrupt or embarrass the event.
That’s why it’s important for all conference organizers to be aware of the risks and take steps to mitigate them. Here are some tips:
- Make sure your WiFi network is secure, with strong passwords and encryption enabled;
- Use event management software that includes security features, such as two-factor authentication;
- Require all speakers and attendees to use unique passwords for their accounts; and
- Educate your team and participants about the dangers of phishing scams and other common attacks.
See Yourself in Cyber
October is Cybersecurity Awareness Month. The President of the United States and Congress declared this month in 2004 to help bring awareness to the importance of cybersecurity during a time when attacks were drastically on the rise.
The theme for 2022 is See Yourself in Cyber. This reinforces that despite all the tech lingo and complexities around cybersecurity, at the end of the day it s all about people. The Cybersecurity and Infrastructure Security Agency shares these four key actions that they encourage all to take:
- Think Before You Click: Recognize and Report Phishing: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
- Update Your Software: Don’t delay — If you see a software update notification, act promptly. Better yet, turn on automatic updates.
- Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A passwords manager will encrypt passwords securing them for you!
- Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.
Source: https://www.cisa.gov/cybersecurity-awareness-month
In honor of cybersecurity awareness month, why don t you go ahead and change all your passwords to something so ridiculous and random that it makes your head hurt. We guarantee .it will make your head hurt less than a data breach or cybersecurity attack.