How Secure Is Your Event Data?

March 31, 2014

Tradeshow organizers are sitting on top of a plethora of data these days. There is data being collected via registrations and housing systems, social media, surveys and mobile event apps.

The upside to this digital world and the mountain of data that comes along with it is that shows are able to really drill down into what their attendees, exhibitors and sponsors really want from an event.

The downside is that show organizers are sitting on a mountain of data and they have the responsibility of protecting that data. What can show organizers do to protect themselves from a data breach?

One worry is a breach of financial data. We’ve seen this type of breach in the news recently with Target. This is an issue for show organizers in terms of registration and housing transactions.

“Step 1 is find out if your vendors are PCI compliant. If so there’s less chance of having attendee data security issues,” said Brian Scott, CIO of Experient.

Don’t stop at just asking if your vendoris PCI compliant. Ask to see their Report On Compliance (ROC).

Scott said that when a vendor goes through the auditing process for PCI they get a report that says they either are compliant or they are not. An executive summary should be readily available and your vendor should be happy to share that with their customers.

David Mortman, chief security architect and distinguished engineer a tDell/Enstratius, Inc. suggests that PCI is only a baseline. “You also want to ask ‘what other assessments have you done and what have you used to test those?’”

An additional audit is the Statement on Standards for Attestation Engagements No. 16 (SSAE 16). This is a basic audit that covers everything from how the vendor is doing patch management to how they are managing their firewalls.

“None of this is a guarantee, but what you’re looking for is, is this organization one that cares about security? Nothing is guaranteed, but the odds are in their favor,” Mortman said.

Mobile event apps are another area of concern. Recently, IOActive discovered what they called "a half-dozen security issues with the RSA Conference mobile event app."

They reported “the highest impact vulnerability had to do with the app being vulnerable to man-in-the-middle attacks, where an attacker could inject additional code into the login sequence and phish credentials.”

The second issue was the ability for someone to access a file that contained information of every registered user of the application–including their name, surname, title, employer and nationality.

Jay Tokosch, CEO of Core-Apps, said that if someone wants to hack into your app, he or she has all day to do it. It’s not like information stored on servers, where alarms go off when certain suspicious activities are taking place.

Tokosch said, “When our customers say, 'we want the attendee list on the mobile app', I say show me your privacy policy that says you can do that.”

Tokosch admits, “Locking down (an event app) with a password adds a level of frustration. If you want to open it up, then that’s fine but just be aware of what you’re putting on the app. Make the networking feature opt-in."

“Sit down with your mobile app providers and talk about what information you want to put in your app and the best way to protect it,” Tokosch said.

Because there are no guarantees that systems will never be breached, Mortman suggests it’s also important to ask your vendors “if and when you are breached how will you notify me, how quickly will you notify me and how will we work together to resolve this.”

But data security is not only a vendor responsibility. Show organizers concerned about data security with vendors should first ensure their own house is in order. If show organizers are storing any data on their own systems, those systems must be hardened as well.

Scott recommends organizers maintain a policy that addresses information security. Part of that policy should address how you share information with your customers and your vendors, require everyone accessing your systems to have a unique ID and require regular password changes and make sure everyone’s personal computers and laptops are up-to-date on their virus protection.

The important advice here is not to assume data security is in place. You have to ask the right questions and ask for the appropriate documentation of all your vendors. Then ensure your own systems are adequately protected. Once you’ve done all that, cross your fingers and hope the worst does not happen.

Add new comment

Partner Voices

NO WISH IS TOO BIG AT THE ORANGE COUNTY CONVENTION CENTER

Overview: The award-winning Orange County Convention Center (OCCC) goes the extra mile to make every day extraordinary by offering customer service excellence and industry-leading partnerships. From their dedicated in-house Rigging team to their robust Exhibitor Services, The Center of Hospitality brings your imagination to life by helping you host unforgettable meetings and events. With more than 2 million square feet of exhibit space, world-class services and a dream destination, we are committed to making even the most ambitious conventions a reality. In October 2023, the Orange County Board of County Commissioners voted to approve allocating Tourist Development Tax funding for the $560 million Phase 5A completion of the OCCC. The Convention Way Grand Concourse project will include enhancements to the North-South Building, featuring an additional 60,000 square feet of meeting space, an 80,000- square-foot ballroom and new entry to the North-South Building along Convention Way. “We are thrilled to begin work on completing our North-South Building which will allow us to meet the growing needs of our clients,” said OCCC Executive Director Mark Tester. “As an economic driver for the community, this project will provide the Center with connectivity and meeting space to host more events and continue to infuse the local economy with new money and expanding business opportunities.” Amenities: The Center of Hospitality goes above and beyond by offering world-class customer service and industry-leading partnerships. From the largest convention center Wi-Fi network to custom LAN/WAN design, the Center takes pride in enhancing exhibitor and customer experience. The OCCC is the exclusive provider of electricity (24-hour power at no additional cost), aerial rigging and lighting, water, natural gas and propane, compressed air, and cable TV services. Convenience The Center is at the epicenter of the destination, with an abundance of hotels, restaurants, and attractions within walking distance. Pedestrian bridges connect both buildings to more than 5,200 rooms and is within a 15-minute drive from the Orlando International Airport. The convenience of the location goes hand-in-hand with top notch service to help meet an event’s every need. Gold Key Members The OCCC’s Gold Key Members represent the best of the best when it comes to exceptional service and exclusive benefits for clients, exhibitors and guests. The Center’s Gold Key memberships with Universal Orlando Resort, SeaWorld Orlando and Walt Disney World greatly enhance meeting planner and attendee experiences offering world-renowned venues, immersive experiences and creative resources for their events. OCCC Events: This fiscal year, the OCCC is projected to host 168 events, 1.7 million attendees, and $2.9 billion in economic impact. The Center’s top five events during their 2022-2023 fiscal year included: AAU Jr. National Volleyball Championships 2023 200,000 Attendees $257 Million in Economic Impact MEGACON 2023 160,000 Attendees $205 Million in Economic Impact Open Championship Series 2023 69,500 Attendees $89 Million in Economic Impact Sunshine Classic 2023 42,000 Attendees $54 Million in Economic Impact Premiere Orlando 2023 42,000 Attendees $108 Million in Economic Impact

Learn More