The Ostrich Pose Won’t Cut It—Data Security, Privacy and Ownership

February 3, 2022

Brian Scott

Brian Scott, president and founder of ClearTone Consulting, provides executive technology consulting services based on 35 years of technology expertise and 20 years of CIO/CISO experience within the exhibitions and events industry. Brian provides expert technology consultation in the areas of technology strategy, software development, systems integration, data warehousing and analytics, cyber security, data center operations, cloud computing, and end user support. He works with his customers to overcome technology challenges, leverage tech to drive growth and revenue, secure valuable digital assets, and execute projects to meet the organizational objectives.

Long, long ago (2006) in an industry far, far away, Clive Humby, a British mathematician and data science entrepreneur, stated “Data is the new oil. It’s valuable, but if unrefined, it cannot really be used. It has to be changed into gas, plastic, chemicals, etc., to create a valuable entity that drives profitable activity; so data must be broken down, analyzed for it to have value.”

In today’s event-tech-centric world, it’s relatively easy to generate new data, but in my opinion, much harder to refine it into profitable assets that fuel your business. This is not dissimilar to oil itself. But because it has so much intrinsic potential, oil companies invest a lot of money in protecting their raw crude. They implement all kinds of physical protections that range from perimeter fences, surveillance cameras, alarm systems, security staff and electronic monitoring equipment. I’m sure the list goes on and on.

These investments make sense when you consider the alternative. What could happen to a large storage of oil? Bad actors could steal it, I suppose, although that would seem to be a difficult task. More likely, bad actors could set it on fire, which would certainly create quite the scene and would effectively destroy the entire store. Additionally, these bad folks could alter something in the oil-management machinery that causes the oil to be spilled everywhere, like dumped into the sea. We’ve all seen what happens to a company’s reputation as well as bottom line when they end up leaking lots of oil into the environment. When I say Valdez, I bet you immediately know the oil company I’m referring to, right?

Why am I still talking about oil? Good question, but there is a method to my madness. As it turns out, this oily metaphor for data fits quite nicely as we consider the risks posed by cybersecurity incidents. Associations are sitting on a fair amount of data that certainly has value. In many cases, they have a complete Who’s Who listing for an entire industry. They have contact records, title and job role, historical engagement information, travel records and even credit card information. Have you ever heard of spear phishing or CEO fraud? I guarantee you every cybercriminal has.

CEO fraud is a scam in which cybercriminals spoof company email accounts and impersonate executives to fool an employee in accounting or HR into executing unauthorized wire transfers or sending out confidential tax information. According to FBI statistics, CEO fraud is now a $26 billion scam annually. It appears crime does pay in this instance.

Spear phishing is a social engineering method that targets specific individuals or groups within an organization, and it is a potent variant of standard phishing. Spear phishing emails are used by almost two-thirds (65%) of all known groups carrying out targeted cyber attacks. So, believe me, cybercriminals want to know who you are and what role you play in your organization. This is exactly the kind of information captured and stored by associations.

If security concerns alone were not enough, and they should be, our world is also increasing data management complexity by introducing ever more stringent privacy laws, some of which carry hefty fines. More states are following California with their own data privacy laws, and there are hints of a federal law coming in the near future.

The cherry on top of this pile of risk is data ownership. Who really owns the data you are holding? Most associations would be quick to state that they are the owners, but that picture has grown more complex as well. In actuality, a lot of the member data associations house is primarily owned by the individual. Well, if that’s the case, did you acquire the appropriate consent to use it like you are? Hmm. Let’s not forget about all of those data processors that you’re likely engaged with. Registration companies, association management systems, exhibitor systems, speaker manager systems, virtual event providers—this list goes on and on. Are you absolutely sure you’ve scoured every line of those 20-page contracts with these vendors in search of data ownership clauses? They love to use words such as “aggregate” and “metadata.” Are you sure you know exactly what that is in relation to your valuable oil asset?

Okay, enough of the problem statement. What is an association executive supposed to do about all this risk? For a majority of associations, having a full-time cyber security expert on staff is simply not realistic. Is it also unwise to blindly trust that your managed service provider (the team providing support of your staff’s computers) is also an expert security service, is up to date on the latest security best practices and is thinking about protecting your assets as if it were their own? The biggest problem first and foremost is simply this: too many questions and not enough knowledge.

Whether you’ve realized it or not, the world has evolved to require that every organization undergo an annual security assessment. I’m not referring to an all-out ISO 27001 (or fill in the blank for any number of other security frameworks) audit aimed at trying to award your organization a certificate of compliance to a regulation framework. These can be very expensive and rightly so. I’m referring to an assessment that covers a broad swath of areas and topics but doesn’t go as far as an audit. This keeps costs at a very reasonable level while still producing a report that turns on all the lights in the kitchen to uncover those darn security gap roaches.

To quote Himmilicious, “Do question, even the basics! You will be a fool for once. If you don’t, you will be for a lifetime.” Continually questioning to discover your weakest vulnerabilities is the only way to improve your security and protect your organization’s good name. Striking the ostrich pose with your head in the sand is simply not going to cut it because the criminals are at the gates today.

Don’t miss any event-related news: Sign up for our weekly e-newsletter HERE and engage with us on Twitter, Facebook, LinkedIn and Instagram!

Add new comment

Partner Voices

Women at the Helm: Lisa Messina, Chief Sales Officer, Las Vegas Convention and Visitors Authority

Less than six months ago, Lisa Messina joined the Las Vegas Convention and Visitors Authority (LVCVA) as the first-ever chief sales officer after leading the sales team at Caesars Entertainment. A 12-year Las Vegas resident, Messina is a graduate of Cornell University’s School of Hotel Administration and serves on MPI International’s board of directors. TSNN had a chance to catch up with this dynamic leader and talk to her about her vision for the new role, current shifts in the trade show industry, creating more diversity and equity within the organization, and advice to future female leaders. Lisa Messina, Chief Sales Officer, LVCVA With Las Vegas becoming The Greatest Arena on EarthTM, what are some of the things you’re most excited about in your role? Our team was at The Big Game’s handoff ceremony earlier this month, and I couldn’t help but think, “We’re going to crush it next year!” These high-profile events and venues not only drive excitement, but also provide unmatched opportunities for event planners. Allegiant Stadium hosts events from 10 to 65,000 people and offers on-field experiences. Formula 1 Grand Prix will take place in Las Vegas in November, after the year-one F1 race, the four-story paddock building will be available for buyouts and will also offer daily ride-along experiences that will be available for groups. And, of course, the MSG Sphere officially announced that it will open in September, ahead of schedule, with a U2 residency. It’s going to be the most technologically advanced venue as far as lighting, sound, feel, and even scent, and it will be available for buyouts and next-level sponsorships inside and outside. There’s no ceiling to what you can do when you’re doing events in Las Vegas. Allegiant Stadium As the trade show and convention business returns to the pre-pandemic levels, what shifts are you noticing and how do you think they will impact the industry going forward? Our trade show organizers are very focused on driving customer experience. Most of our organizers are reporting stronger exhibitor numbers and increased numbers of new exhibitors, with trade shows proving to be almost or above 2019 levels. Now our organizers are really doubling down on driving attendance and focusing on the data to provide that individualized, customized experience to help attendees meet their goals and get the best value. Some companies continue to be cautiously optimistic with their organizational spend when it comes to sending attendees, but I think it will continue to improve. As the U.S. Travel Association makes more progress on the U.S. visa situation, we also expect a growing influx of international attendees. What are some innovative ways the LVCVA helps trade show and convention organizers deliver the most value for their events? We focus on customer experience in the same way that trade show organizers are thinking about it. We got rave reviews with the West Hall Expansion of the Las Vegas Convention Center (LVCC), so over the next two years, we will be renovating the North and the Central halls, which will include not just the same look and feel, but also the digital experiences that can be leveraged for branding and sponsorship opportunities. Vegas Loop, the underground transportation system designed by The Boring Company, is also a way we have enhanced the customer experience. Vegas Loop at the LVCC has transported more than 900,000 convention attendees across the campus since its 2021 launch. Last summer, Resorts World and The Boring Company opened the first resort stop at the Resorts World Las Vegas , with plans to expand throughout the resort corridor, including downtown Las Vegas, Allegiant Stadium and Harry Reid International Airport. The LVCVA also purchased the Las Vegas Monorail in 2020, the 3.9-mile-long elevated transportation system that connects eight resorts directly to the convention center campus. This is the only rail system in the world that integrates fares directly into show badges and registration. For trade show organizers, these transportation options mean saving time, money and effort when it comes to moving groups from the hotels to LVCC and around the city. Also, the more we can focus on building the infrastructure around the convention center, the more it supports the customer experience and ultimately supports our trade show organizers. Scheduled to debut in Q4, Fontainebleau Las Vegas will offer 3,700 hotel rooms and 550,000 square feet of meeting and convention space next to LVCC. What are some of the plans for advancing DEI (diversity, equity and inclusion) within your organization? We’re currently partnering with instead of working with a leading consulting firm, to lay the foundation and create a solid DEI plan and be the leader when it comes to DEI initiatives. The heart of that journey with the consulting firm is also talking to our customers about their strategic approaches to DEI and driving innovation in this space. What are your favorite ways to recharge? My husband and I have an RV and we’re outdoorsy people. So, while we have over 150,000 world-class hotel rooms and renowned restaurants right outside our doorstep, one of my favorite things to do is get out to Red Rock Canyon, the Valley of Fire, and Lake Mead. Five of the top national parks are within a three-hour drive from Las Vegas, so there’s a lot you can do. We love balancing the energy of Las Vegas with nature, and we’re noticing that a lot of attendees add activities off the Strip when they come here. Valley of Fire What advice would you give to women following leadership paths in destination marketing? I think it’s about being laser-focused on what you want to accomplish; building a team around you that lifts you and helps you achieve your goals; and being humble and realizing that you do it as a group. No one gets this done alone. Thankfully, there are a lot of women in leadership in this organization, in our customers’ organizations, and in this city that we can be really proud of. We’re a formidable force that is making things happen. This interview has been edited and condensed. This article is exclusively sponsored by the Las Vegas Convention & Visitors Authority. For more information, visit HERE.