Join over 60,000 subscribers that use EventMB to stay on top of How to's, Trends & Event Technology.
Digital security is a hot topic in business and an ever growing concern for event professionals. We explore the current threats and what can be done to secure and protect event data.
Nobody can deny that the Internet is one of the greatest and most impactful inventions of all time. The rapid pace of Internet adoption and technological advance have brought both convenience and opportunity to the event industry in equal and abundant quantity. Pulling back the covers of the Internet, the important commodity here is data. As the internet gets bigger and better, and more people use it to do more things, the more data is produced. That data then contributes to further growth through intelligence. It's a cycle that could and should produce infinite growth. However, there is a problem...
Data = Cash
When any product, real or virtual, becomes commoditised, it also becomes valuable. The same is true of data. However, it's not a simple case of x number of gigabytes = $x. Different data types carry different values depending on who holds it. For instance, credit card data is obviously worth a lot to a fraudster and for that reason carries a sale value on the black market.
Digital Security For Events
For the more tech-savvy event organizers, this issue is water off a duck's back and for many smaller events, this, for now, isn't a huge problem. But this is changing. Data is becoming more valuable and even smaller organizations and events are at risk. Although this all sounds very bleak, there are lots of things event organizers can do to protect their event data. For large event teams who already have strict data processes and staff to manage them, these process can be built into existing IT policies and in many cases, are already. For smaller teams, this is not so easy, however, there are several routes that can be taken to mitigate risks. These could include employing a third party to handle event data security or employing a specialist Digital Security Chief to implement and manage the process.
We've compiled a list of our top ten tips for securing event data below:
How To Secure Your Event Data
- Ensure that any passwords used by your team are secure and unique
- Don't allow sharing of passwords under any circumstances
- Enforce a policy that ensures passwords are changed on a regular basis
- Never store unencrypted passwords anywhere
- Always keep your computer systems up to date
- Any data no longer needed should be deleted**
- Any personal data used for business intelligence should be anonymized
- Always keep regular backups of mission critical data
- Ensure your data is insured
- Always comply with local and international data protection and privacy laws
** In the case of deleting old data, check with your local authority. Certain types of data must be kept for legal reasons.
Data protection & privacy links:
- USA - Various federal and state privacy bills
- Europe (as of May 2018) - Protection of Personal Data
- UK - Data Protection Act
Different Types of Cyber Crime
Credit Card Fraud
The lowest hanging fruit for many cyber criminals is payment card data, including credit and debit cards. Often stolen in bulk, payment card data gives criminals instant access to money. For this reason, it's one of the most popular methods of attack. Hotels have been particularly unlucky in this area. Although many credit card systems are very secure in and of themselves, criminals find ways to access this through weak links in other connected systems.
The table below highlights some of the most high-profile hotel hacks that have happened since the beginning of 2016.
|Date **||Hotel/Group Name||Country||System Targeted||Type of Attack|
|4th March 2016||Rosen Hotels & Resorts||USA||Credit card system||Card data stolen|
|4th April 2016||Trump Hotels||USA||Credit card system||Card data stolen|
|5th July 2016||Hard Rock Hotel & Casino||USA||Credit card system||Card data stolen|
|8th July 2016||Omni Hotels & Resorts||USA||Credit card system||Malware|
|26 July 2016||Kimpton Hotels & Restaurants||USA||Credit card system||Malware|
|26th August 2016||Millennium Hotels & Resorts||USA||F&B Point of Sale||Not specified|
|5th September 2016||Hutton Hotel Nashville||USA||Point of Sale||Not specified|
|2nd September 2016||Noble House Hotels & Resorts||USA||Credit card system||Malware|
|29th Jan 2017||Romantik Seehotel Jägerwirt||Austria||Electronic key system||Data held to ransom|
|3rd Feb 2017||IHG Americas||USA & Canada||Credit card system||Malware|
**N.B. The dates above reflect the date the exploit(s) was reported, not the date of the exploit(s).
It's not just credit card data that is worth money in the hands of criminals. Any identifiable data, in the right hands, can be combined with other data to perform social engineering tasks which can lead to fraud, identity theft or worse. One of the most useful data types for criminals with a social engineering bent is stored passwords. A password, once tied to someone's personal data can be a very powerful thing. Often, people use the same username and password combination for several services from social networks to company logins to bank accounts.
Recently, music festival, Coachella announced that it had been targeted by cyber criminals. The breach was discovered when Coachella's customer database appeared for sale on the dark web. The festival organizers say that no passwords were stolen in this instance.
Another angle cyber criminals can take is to take a target's data hostage and demand a ransom. This type of attack recently gained a lot of press coverage when the British National Health Service fell prey to a malware attack affecting a large number of hospitals and other healthcare services throughout the UK. The malware (a type of software designed with malicious intent) program known as "Wannacry" once it infects a system, allows hackers to take ownership of target data by locking it in a virtual box that the original owner can't open without a key provided by the hacker. If you want your data back, you have to pay.
Where there is data, there is money and where there is money, there is the potential for crime and exploitation. This is a problem that will be with us now until the end of time but it's not all bad news. Nobody can stop the hackers altogether but with a few simple steps, it is possible to slow them down, make their lives more difficult than is profitable and make anything they do get hold of completely useless.