By Amanda N. Wegner

With digital threats looming larger than ever, cybersecurity is becoming a fundamental requirement for meeting planners to protect their events, attendees and clients.

“Meeting and event cybersecurity is critical in order to protect sensitive information, ensure the continuity and credibility of events and maintain organizational trust,” says Steve Totzke, vice president of Information Technology for the Wisconsin Center District. “Whether it’s a corporate board meeting or a global conference, these events often involve the exchange of confidential data and intellectual property that, if compromised, could lead to financial loss, legal liability or reputational damage. As events become more digital and interconnected, cybersecurity is a key component of a successful event.”

“Event cybersecurity is no longer negotiable,” adds Andrew Hoyos, owner of Hoyos Consulting and Hoyos Events, which has been providing networking support for events for about 20 years. Cybersecurity is complex and changing rapidly. To help meeting and event planners navigate this moving target, here are some ways to fortify events against cyber threats.

LAY OUT YOUR REQUIREMENTS

Cybersecurity begins with defining IT and networking needs. The next step is to check with venues to determine how these needs fit the venue’s resources or whether outside help is required.

To develop those requirements, consider the event’s needs, such as on-site registration, sales, audiovisual, live streaming and more. Is there an app for attendees to use? An educational component? Outline all the ways speakers, exhibitors, attendees, front-of-house staff and back-of-house staff might interact with the Internet, apps and connected devices, as well as what interconnections are needed.

Totzke adds cybersecurity is primarily the event planner’s responsibility at most venues.

“Depending on the type of IT service purchased by a planner, we provide some basic inbound connection blocking and filtering. However, our IT terms and conditions specifically state that we do not provide security of any kind on IT services, and it is up to the event to ensure proper cybersecurity measures are in place,” he says. “This is common practice for most event venues.”

CONSIDER A PURPOSE-BUILT NETWORK

Gone are the days of just throwing up open Wi-Fi for everyone to use. Hoyos recommends a purpose-built network designed and optimized to support the unique requirements of a particular situation or application.

In an events setting, Hoyos explains a purpose-built network is designed to address different event networking needs and the specifics of each required need or use. For instance, a purpose-built network would have segregated Wi-Fi just for point of sale or registration, where PCI compliance is critical to protect financial transactions and information. A separate, segregated Wi-Fi network for lighting and A/V might also exist.

“For some events, it might be enough to offer attendees Wi-Fi so they can get on the Internet,” says Hoyos. “But once you start adding other ancillary things, a purpose-built network adds extra layers of security for everyone involved.”

GO FOR USER ISOLATION

User isolation is essential at large events to ensure privacy and security.

“When you’re at a big event, and you’ve got 1,000 or 20,000 people on the Wi-Fi network, you don’t want your phone to be able to see the phone or laptop of the person sitting next to you,” says Hoyos. “Obviously, there are some security concerns there.”

User isolation locks down the network so devices can only access the Internet, preventing corrupted devices and malware from causing issues.

PREP BEFORE THE EVENT

Planners and their clients have a critical role to play in cybersecurity. To that end, Totzke provides these key cybersecurity tips:

  • Perform a cybersecurity risk assessment on your event platforms, registration systems, payment gateways and communication tools. Invest in secure, reputable platforms from proven event technology vendors.
  • Assess what data you collect, where it’s stored, who has access and how it’s transmitted. Only collect the data you truly need for the event.
  • Implement strong access controls that use multi-factor authentication and role-based access.
  • Encrypt all data transmissions and data at rest. Do not assume venue Internet connections are secure.
  • Keep software and devices fully updated and patched, preferably before arriving at the venue. Ensure proper virus and malware scanning software is installed and up to date, and that firewalls are in place to block inbound connections.
  • Provide cybersecurity training on topics like phishing, social engineering, handling sensitive data, mobile device security, and recognizing/reporting security incidents to all staff. Ensure staff know the incident response plan and proper procedures.
  • Remind attendees of good cybersecurity practices: secure devices when not in use, use dedicated event Wi-Fi networks (preferably with a VPN), and think before clicking links or scanning QR codes.
  • Remind attendees to be mindful of the information shared in public or with new acquaintances, since the in-person networking that happens at events can be a convenient way for cybercriminals to gather details to craft personalized phishing attacks.
  • Communicate security measures to let attendees know how you’re protecting their data. Let attendees know what they are signing up for, how their data will be used and what you will do if a breach occurs.

When planners get smart about cybersecurity, they can mitigate risk and deliver safe, seamless experiences that inspire confidence and uphold reputations.