I've come across several requests for proposal recently, and despite many warnings and numerous reports of data hacking — most recently IHG in the U.S. and the Romantik Seehotel Jaegerwirt in Austria — many corporate planners and meeting/event organizers still are not rigorously and proactively defending their valuable, vulnerable data.
It's abundantly clear that we all need to work together to ensure that any cyber hacker attempting to get access to meeting/event data will at least encounter a first level of defense. At that point many hacker(s) will abort their efforts and look for easier-to-breach targets, but it's no guarantee they won't continue to seek their ultimate goal — your attendee information, including credit card and hotel room data, and more.
Think about it: We all promote events well in advance of them happening, and hackers worldwide are put on notice that if they want to exploit data-gathering weak points, they can do so when ABC company is hosting XX attendees in a city where the attendees are being housed at several hotels. They will always go for the easier points of entry, such as open or hotel WiFi (especially in guest rooms), mobile phones with vulnerable apps, non-secured conference apps, etc. Key to remember here is that hackers don't have to physically be present to hack into systems; they can do it from Europe, China, Russia or literally anywhere. Remotely, they can pull up your conference/meeting website, look at the host hotel information, registration link, agendas, etc., and then plan on taking actions harmful to your attendees.
The urgency to address this issue now is acute. Don't simply hope for the best, because, like Russian roulette, it's just a matter of time before something or someone you're working with is impacted by a data breach, which in turn will impact you and your event.
Here are some things you can work on now to ensure that you are at least doing something to prevent and mitigate any data breaches that may occur with your event or with suppliers associated with your event:
- Regularly run virus scans, including separate scans for malware, Trojan viruses, etc., to ensure you haven't already been hacked by someone who is collecting your data. Do it for your work laptop, tablets, etc., but also for your personal devices. I know some people who have re-infected their work equipment from personal devices that hadn't been scanned property. It's a vicious cycle, so make sure all your access-point equipment is regularly checked.
- Use your corporate VPN (virtual private network) all the time, with no exceptions, especially whenever/wherever you are traveling or in public places using open WiFi. VPN provides a level of encryption that is invaluable for protecting your and your team members' information and communications, including that of your third-party suppliers. Make it a requirement in your service-level agreement/statement of work for meeting and events that all parties need to be using a firewall VPN for all communications. There are free VPN protection offerings available online that you can subscribe to. Here's a link to review some options.
- To help mitigate your vulnerability, engage your IT security team to help you prepare RFPs, and/or take a best practice from standardized hotel addendums and apply it to your meeting/event to develop minimum data-security standards for attendees and suppliers (hotel, third party, professional services, etc.). Make sure all parties are aligned and that policy on the security of all data transmitted pre- during and post-event is rigorously enforced.
- It's a good idea to add IT security representatives as part of your stakeholder council or, at bare minimum, start a relationship with them to help you design program standards that you will need to communicate to your supplier partners and internal-external teams.
- Check your agreements with tech suppliers such as your meeting/event registration and attendee management-solution providers, app providers, third-party logistics support, professional services team(s), etc., and make sure they address issues such as data-security precautions, your ability to audit their data-security standards and practices, and liability insurance coverage.
- Develop a "what if" scenario for data-security breaches, which is better than experiencing a "shoulda, coulda, woulda" scenario. The sooner you can spring into action with a solid plan when a data breach occurs, the less damage you will experience, which will result in quicker mitigation and resolution ofthe situation. One best practice here is to have a standard letter/note ready to send to all affected parties that's been fully vetted by your legal department. You can fill in the fresh details as the situation requires, but at least the time-consuming "what to do next" procedural recommendations are ready to communicate to those impacted by the breach.
Hackers are everywhere and are relentless in their pursuit for data and personal information. It's the collective responsibility for all of us to safeguard our events, employees, suppliers and attendees. Don't wait until it happens to you — be vigilant and proactive now!
Kevin Iwamoto is senior consultant at GoldSpring Consulting. You can follow him on Twitter @KevinIwamoto. His book, Your Personal Brand: Your Power Tool to Build Career Integrity, is available from Amazon (including a Kindle version), as well as from CreateSpace.