Perform security scans of all computers used at an event, especially those at registration kiosks and desks. Data thieves invariably target these computers. With this data, contact information can be stolen, and attendees and speakers can be further targeted for phishing attacks.
Smartphones certainly offer countless advantages for meetings and events. However, they also introduce a unique set of security concerns, creating a window of vulnerability for cyber attackers. Among common scams are phony SMS messages (known as SMiShing attacks) that are indistinguishable to attendees from official blasts, or malicious QR codes that bring attendees to hostile websites. Phone calls, texts and Wi-Fi traffic can be intercepted and leaked, providing hackers access to personal data.
The following precautions can help you protect your attendees.
Prevent Intercepted Information
For approximately $3,000, a hacker can set up a miniature cell phone tower that fits in a backpack and is capable of intercepting cellular calls and SMS messages. Attendees would not know if their phones were connecting to the impersonating or legitimate equipment from the hotel and cell phone carriers. For about $200, a hacker can set up a special wireless router that is capable of impersonating those set up by hotels and conferences. People who surf the web or transmit sensitive information would be victims without knowing it.
To prevent these devices from being deployed at your facility, arrange for qualified people from your staff or a vendor to provide real-time scans of the airwaves. This task requires specialized security training and equipment that is not usually part of a physical security team. Including this feature during the planning stages and throughout your event can provide valuable security for your attendees.
Audit Apps for Security Concerns
Before deploying mobile apps at an event, they should be audited to ensure that they function securely. The apps should securely store sensitive information, and communication should be encrypted. Data thieves can capture wireless traffic that is not encrypted and exploit mobile apps to seize information about the attendees. Having a third party assess the apps ensures an unbiased analysis. This type of audit goes beyond traditional computer security and requires additional skills to analyze mobile devices. Feedback from the analysis can be given to the developer, ensuring secure operations.
Validate QR Codes
Many exhibitors and show organizers use QR codes as a way of directing attendees to their websites, or to download apps. Unfortunately, it isn't possible to know what is really contained within a QR code just by looking at it. To safeguard an event, it is essential to require copies of all QR codes that are being displayed. Staff should use test devices to capture the codes. This will allow security personnel to perform side-by-side audits of the codes throughout the duration of the conference or event.
Michael Robinson is the director of forensics at Disruptive Solutions and an adjunct professor in the graduate computer forensic programs at Stevenson University in Maryland and George Mason University in Virginia. Contact: [email protected]