Ticket holders for the annual Coachella Valley Music and Arts Festival received a bit of bad news from festival organizers. “We recently discovered that unauthorized third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers, and dates of birth individuals provided to Coachella,” read an official email statement from the festival.
This Coachella breach and high-profile hackings of Target, Home Depot, Dropbox (68 million users!) and the Democratic National Committee show just how pervasive cyber-attacks have become. For event professionals, the Coachella or DNC incidents are reminders that every server with a massive amount of private data represents a potential prize for online hackers.
Accustomed to the reality of doing any kind of business online: information is at risk.
However, many attendees may not accept the risk of a data breach as the cost of doing business. Instead, they’ll hold it against the organization responsible for producing the event. Cisco’s 2017 Annual Cybersecurity Report revealed that 22% of organizations that suffered breaches lost customers, and 23% indicated that they lost business opportunities.
Many organizations are still failing to take additional steps to shield their attendees from sophisticated hacking attempts. Why? Budgets. 35% of respondents in the Cisco report indicated that budget was their “top constraint to adopting advance security products and solutions.” The numbers also show that it will create an even bigger challenge for the hacked organization’s budget: nearly 30% of hacked organizations in Cisco’s report lost revenue.
Data security may not sound like fun priority for an organizer. After all, wouldn’t investing in other areas such as famous speakers or lavish receptions have a greater impact on the attendee experience? While that is true, if attendees return home to an email notification that a malicious party is selling their information online, it will wipe out all that hard work and cast a pall on those memories.
Conferences with hundreds of bankers, CEOs, and CFOs are particularly attractive targets, especially when they’re all in one place at one time. They bring laptops, tablets, phones, and leave them on the table when they go get a coffee, network or they leave them in a room unattended. “Hacking and stealing of data at conferences has been professionalized. Your attendees are targets.” says Michael Robinson, CCE, senior cyber threat analyst and a professor at Stevenson University who contributed to Cisco’s report.
Data deserves the same type of security protections as any other aspect of a meeting. Open the conversation about the ins and outs of data security with your teams. The importance of communicating security policies and procedures to attendees, exhibitors, and on-site staff is paramount. “You have to be tactful, because you don’t want to give people a sense of paranoia about getting their badge when they check in to the hotel,” Robinson said. “Just like with the security of the overall conference, it doesn’t take that much if you plan it well.”
Privacy and security measures taken before and after events are just as important as what happens during the meeting. In the months leading up to a program, planners should make sure their online-registration system is completely secure, minimize data collection to reduce risk to attendees, and create as few hard-copy files as possible ahead of the meeting.
Robinson advises planning teams to conduct an on-site security audit leading up to a meeting. “Create a map of your event progression, so that you know not only your highest risks, but also what might be solvable for less money or less time investment,” he said. And after the event? Shredding physical documents and purging sensitive digital files is a must.
Photo Credit: Luis LLerena via www.unsplash.com, https://creativecommons.org/publicdomain/zero/1.0/