Is Your Event Data Secure?

March 8, 2015
If you are attending an event and you see Michael Robinson, cyber threat analyst and forensic investigator, walking toward you, it’s likely not going to end well for you.
 
Cyber security was the topic of Michelle Bruno’s interview with Michael Robinson on the TSNN Webinar, “Securing Your Event’s Digital Data.”
 
What does Robinson think about the safety of our event data and what do we have to worry about? “Events, just by their very setup because they are so open and they have so many people attending, they are not very secure,” Robinson said.
 
He added that data security doesn’t happen by accident. It has to be planned for when we start planning our events.
 
Up for discussion during the webinar were common risks to events such as pineapple routers, fake cell phone towers, open Wi-Fi networks, unsecured registration kiosks and how even organizers can best protect themselves.
 
Robinson went on to discuss vulnerabilities around event mobile apps. Many of our apps have sensitive information. Hackers can break into that app and steal people’s contact information and target your attendees with Phishing emails. If the app is connected to backend systems such as registration, there is a potential to steal credit card information as well.
 
Basic questions event organizers should be asking developers at the start are, is the database you are storing on the phone encrypted? Do people have to log in with a name and password or just an email address? Does the app automatically encrypt traffic being sent back and forth?
 
Another thing that Robinson does not like are social sign-ins (allowing attendees to sign in to the event app via their LinkedIn, Twitter, Instagram or Facebook credentials). 
 
“We are in a mad dash right off the cliff. We are running as fast as we can like lemmings. We do this because we want to make things easy for people,” said Robinson.
 
While social sign-in is a useful tool, it comes with it’s own set of risks. Once someone gets that one set of credentials they can get into just about any system your attendees access.
 
What should you do if you find out your data has been compromised? Let your attendees know immediately. Warn them they might be open to phishing schemes.
 
Some basic tips Robinson offers event organizers:
 
1.     Be careful about what data you are collecting and ask yourself why you are collecting it. Do you need it? What would happen if someone stole it?
 
2.     Ask your app provider and web developer how they are protecting your data. Ask what kind of encryption they are using and what standards they are adhering to. Robinson says that no one is using something so proprietary they cannot share it.
 
3.     Do not share your event Wi-Fi password where people who are not attending your event can see. Change it every day and make sure everything passing through the network is encrypted.
 
4.     Ask your venue if they monitor their space to ensure no one sets up a wireless network that is not the venue’s, that no one turns on a fake cell phone tower, or that no one turns on a cell phone or wireless jammer. If they don’t do this, make sure your security people are prepared to take this on.
 
5.     Make sure no one can access USB ports, flash drives, or event systems on your registration kiosks and laptops. Protect all entry points where people can connect to the Internet. Make sure your vendors have secured all their equipment as well.
 
6.     Don’t be shy about asking questions about security with your vendors. These questions should be asked up front, not a few weeks before the event. Have a checklist in place so you don’t forget any key areas.
 
7.     Train room monitors and kiosk monitors to keep an eye out for people who are up to no good.
 
Robinson said that the examples he uses are not hypothetical scary stories. These cyber breaches are happening now at tech conferences and spreading into other industries.
 
“Hacking has been professionalized, people are being paid to steal data,” Robinson said. For $1000 anyone can buy a small piece of equipment that impersonates a cell phone tower. That’s not a hefty investment for someone who hacks for a living.
 
The complete recording of the webinar is now available.

Add new comment

Partner Voices
Overview: The award-winning Orange County Convention Center (OCCC) goes the extra mile to make every day extraordinary by offering customer service excellence and industry-leading partnerships. From their dedicated in-house Rigging team to their robust Exhibitor Services, The Center of Hospitality brings your imagination to life by helping you host unforgettable meetings and events. With more than 2 million square feet of exhibit space, world-class services and a dream destination, we are committed to making even the most ambitious conventions a reality. In October 2023, the Orange County Board of County Commissioners voted to approve allocating Tourist Development Tax funding for the $560 million Phase 5A completion of the OCCC. The Convention Way Grand Concourse project will include enhancements to the North-South Building, featuring an additional 60,000 square feet of meeting space, an 80,000- square-foot ballroom and new entry to the North-South Building along Convention Way. “We are thrilled to begin work on completing our North-South Building which will allow us to meet the growing needs of our clients,” said OCCC Executive Director Mark Tester. “As an economic driver for the community, this project will provide the Center with connectivity and meeting space to host more events and continue to infuse the local economy with new money and expanding business opportunities.” Amenities: The Center of Hospitality goes above and beyond by offering world-class customer service and industry-leading partnerships. From the largest convention center Wi-Fi network to custom LAN/WAN design, the Center takes pride in enhancing exhibitor and customer experience.  The OCCC is the exclusive provider of electricity (24-hour power at no additional cost), aerial rigging and lighting, water, natural gas and propane, compressed air, and cable TV services. Convenience The Center is at the epicenter of the destination, with an abundance of hotels, restaurants, and attractions within walking distance. Pedestrian bridges connect both buildings to more than 5,200 rooms and is within a 15-minute drive from the Orlando International Airport. The convenience of the location goes hand-in-hand with top notch service to help meet an event’s every need. Gold Key Members The OCCC’s Gold Key Members represent the best of the best when it comes to exceptional service and exclusive benefits for clients, exhibitors and guests. The Center’s Gold Key memberships with Universal Orlando Resort, SeaWorld Orlando and Walt Disney World greatly enhance meeting planner and attendee experiences offering world-renowned venues, immersive experiences and creative resources for their events. OCCC Events: This fiscal year, the OCCC is projected to host 168 events, 1.7 million attendees, and $2.9 billion in economic impact.  The Center’s top five events during their 2022-2023 fiscal year included:  AAU Jr. National Volleyball Championships 2023 200,000 Attendees $257 Million in Economic Impact MEGACON 2023 160,000 Attendees $205 Million in Economic Impact Open Championship Series 2023 69,500 Attendees $89 Million in Economic Impact Sunshine Classic 2023 42,000 Attendees $54 Million in Economic Impact Premiere Orlando 2023 42,000 Attendees $108 Million in Economic Impact