Does Your Event Need a Digital Security Chief?

Digital security is a hot topic in business and an ever growing concern for event professionals. We explore the current threats and what can be done to secure and protect event data.

Nobody can deny that the Internet is one of the greatest and most impactful inventions of all time. The rapid pace of Internet adoption and technological advance have brought both convenience and opportunity to the event industry in equal and abundant quantity. Pulling back the covers of the Internet, the important commodity here is data. As the internet gets bigger and better, and more people use it to do more things, the more data is produced. That data then contributes to further growth through intelligence. It’s a cycle that could and should produce infinite growth. However, there is a problem…

Does Your Event Need a Digital Security Chief?

Data = Cash

When any product, real or virtual, becomes commoditised, it also becomes valuable. The same is true of data. However, it’s not a simple case of x number of gigabytes = $x. Different data types carry different values depending on who holds it. For instance, credit card data is obviously worth a lot to a fraudster and for that reason carries a sale value on the black market.

Advertisement
Advertisement
Advertisement

Digital Security For Events

For the more tech-savvy event organizers, this issue is water off a duck’s back and for many smaller events, this, for now, isn’t a huge problem. But this is changing. Data is becoming more valuable and even smaller organizations and events are at risk. Although this all sounds very bleak, there are lots of things event organizers can do to protect their event data. For large event teams who already have strict data processes and staff to manage them, these process can be built into existing IT policies and in many cases, are already. For smaller teams, this is not so easy, however, there are several routes that can be taken to mitigate risks. These could include employing a third party to handle event data security or employing a specialist Digital Security Chief to implement and manage the process.

We’ve compiled a list of our top ten tips for securing event data below:

How To Secure Your Event Data

  1. Ensure that any passwords used by your team are secure and unique
  2. Don’t allow sharing of passwords under any circumstances
  3. Enforce a policy that ensures passwords are changed on a regular basis
  4. Never store unencrypted passwords anywhere
  5. Always keep your computer systems up to date
  6. Any data no longer needed should be deleted**
  7. Any personal data used for business intelligence should be anonymized
  8. Always keep regular backups of mission critical data
  9. Ensure your data is insured
  10. Always comply with local and international data protection and privacy laws

** In the case of deleting old data, check with your local authority. Certain types of data must be kept for legal reasons.

Data protection & privacy links:

Different Types of Cyber Crime

Credit Card Fraud

The lowest hanging fruit for many cyber criminals is payment card data, including credit and debit cards. Often stolen in bulk, payment card data gives criminals instant access to money. For this reason, it’s one of the most popular methods of attack. Hotels have been particularly unlucky in this area. Although many credit card systems are very secure in and of themselves, criminals find ways to access this through weak links in other connected systems.

The table below highlights some of the most high-profile hotel hacks that have happened since the beginning of 2016.

Date **Hotel/Group NameCountrySystem TargetedType of Attack
4th March 2016Rosen Hotels & ResortsUSACredit card systemCard data stolen
4th April 2016Trump HotelsUSACredit card systemCard data stolen
5th July 2016Hard Rock Hotel & CasinoUSACredit card systemCard data stolen
8th July 2016Omni Hotels & ResortsUSACredit card systemMalware
26 July 2016Kimpton Hotels & RestaurantsUSACredit card systemMalware
26th August 2016Millennium Hotels & ResortsUSAF&B Point of SaleNot specified
5th September 2016Hutton Hotel NashvilleUSAPoint of SaleNot specified
2nd September 2016Noble House Hotels & ResortsUSACredit card systemMalware
29th Jan 2017Romantik Seehotel JägerwirtAustriaElectronic key systemData held to ransom
3rd Feb 2017IHG AmericasUSA & CanadaCredit card systemMalware

**N.B. The dates above reflect the date the exploit(s) was reported, not the date of the exploit(s).

Social Engineering

It’s not just credit card data that is worth money in the hands of criminals. Any identifiable data, in the right hands, can be combined with other data to perform social engineering tasks which can lead to fraud, identity theft or worse. One of the most useful data types for criminals with a social engineering bent is stored passwords. A password, once tied to someone’s personal data can be a very powerful thing. Often, people use the same username and password combination for several services from social networks to company logins to bank accounts.

Recently, music festival, Coachella announced that it had been targeted by cyber criminals. The breach was discovered when Coachella’s customer database appeared for sale on the dark web. The festival organizers say that no passwords were stolen in this instance.

Ransomware

Another angle cyber criminals can take is to take a target’s data hostage and demand a ransom. This type of attack recently gained a lot of press coverage when the British National Health Service fell prey to a malware attack affecting a large number of hospitals and other healthcare services throughout the UK. The malware (a type of software designed with malicious intent) program known as “Wannacry” once it infects a system, allows hackers to take ownership of target data by locking it in a virtual box that the original owner can’t open without a key provided by the hacker. If you want your data back, you have to pay.

In Conclusion

Where there is data, there is money and where there is money, there is the potential for crime and exploitation. This is a problem that will be with us now until the end of time but it’s not all bad news. Nobody can stop the hackers altogether but with a few simple steps, it is possible to slow them down, make their lives more difficult than is profitable and make anything they do get hold of completely useless.

About The Author
EventMB Team
This post is brought to you by the EventMB editorial team.   
Comment Policy Comments
Julius Solaris
Editor, Julius Solaris

Plan awesome events & boost your career

How often should I update you?

Join over 60,000 subscribers that use EventMB to stay on top of How to's, Trends & Event Technology.