As we embark on the steep learning curve required by our current safest course of action, virtual events, it's more important than ever that we all gain the training we need to protect our attendees and other stakeholders from breaches in our data.
At this point, we've all heard the stories of Zoom webinars being vulnerable to Zoombombing and trolling from unwanted and unexpected guests. Over half of eventprofs have pivoted their events online in the last few months, and with that massive rush online came a widespread lack of regard for digital security and privacy.
As event planners, we are given extremely personal and valuable information on our attendees and stakeholders, and it's our responsibility to safeguard it and make sure it doesn't fall into the wrong hands. We spoke with two experts on the issue of data protection and security — here's what you need to know to ensure a safe and secure virtual event.
Know Your Vulnerabilities
Brandt Krueger, Technical Producer at Event Technology Consulting, has over 20 years of experience in the meetings and events industry with a particular focus in event technology. His motto when it comes to online privacy is that "cybersecurity is everyone's responsibility."
Unfortunately, this is not a mindset that many people — and especially eventprofs — have.
"Far too often, people are looking for it to be taken care of by the vendors, by the event app platform, by the virtual event platform, and they're not taking responsibility for it themselves."
- Brandt Krueger, Technical Producer, Event Technology Consulting
According to Krueger, part of the problem with the virtual event security breaches we've seen thus far is planners "throwing public URLs out onto the web and including all information completely publicly without any thought whatsoever to privacy or security."
This issue has been made worse and more complicated because of the increase in people working from home without any sort of corporate firewall to protect them. Jim Bray, co-founder and director of US sales at Identite, adds that links are one of the main ways that hackers infiltrate people's computers with malware, so it's important to limit them as much as possible.
Hackers who are trying to steal information on event clients and stakeholders tend to use it in social engineering schemes where they craft realistic emails to manipulate people into opening a bad link or providing further sensitive information.
Cybersecurity and data privacy measures should absolutely be included in the list of questions you ask potential virtual event tech suppliers. Krueger notes that most reliable suppliers will already be implementing some amount of security measures, especially if they do business in Europe (thanks to GDPR).
However, Bray shares that many mobile event apps in particular tend to be vulnerable to malware, so it's important to properly vet suppliers and consider getting cybersecurity insurance to make sure you cover all your bases in the event of a lawsuit.
Your exact requirements will depend on the size of your event and the level of security you require, but at the very least, it's a good idea to ask about encryptions, password protections, custom registration links, and the ability to approve or deny registrations.
Bray also suggests that "event planners should have a relationship with somebody who's a cybersecurity expert of some type who can help them navigate through the process of vetting potential partners."
6 Ways to Protect Your Event
When thinking about online event security, Krueger reminds us to think about how we would approach security at a physical event. For example, at minimum there would likely be a registration desk for checking IDs.
Securing a digital event is much more challenging, but it's just as important. Here are some things to keep in mind to make your event more secure.
Lock Down Registrations
When setting up registrations, make sure you enable individual links for each attendee so that you can easily track activity and data related to each link. It's also important to be very clear about the nature of the links in your event communications so that attendees realize that they're personalized and are aware they shouldn't be sharing their links with anyone else.
Implement a Code of Conduct
Think about how you would handle a Zoombombing situation and how you might be able to eject someone who doesn't follow your code of conduct. Include the code of conduct along with terms and conditions in your registration so that everyone understands what is expected as well as the consequences of noncompliance.
Get a Password Manager
One of the simplest ways to improve your event security, and your online privacy in general, is to use a password manager. These tools generate and keep track of randomized passwords for you to ensure that you're not reusing the same, easy-to-guess password across multiple event platforms and services.
All you need to do is remember one master password, and your other data will be securely stored within the system. Krueger suggests checking out Lastpass, but there are a variety of other options on the market as well.
Keep an Eye on Your Integrations
Integrating your event platform with other tools, such as an event app, is sometimes inevitable, especially for a virtual event. It's not necessarily an issue to do so, but it's a good idea to try to limit the number of integrations as much as possible.
Always be aware of who you're granting access to and make sure you regularly monitor your integrations so you can remove any that are no longer being used.
Use a VPN When Possible
If possible, using a company VPN will allow you to access and use your office's server from home, which will be much more secure than a home or public WiFi network when sending and sharing sensitive information over the internet. Even if the only option available to you is a consumer-grade VPN, such as ExpressVPN, it's still better than nothing and will make it more difficult for your data to be traced and hacked.
Consider Two-Factor Authentication
You've likely already encountered two-factor authentication when trying to log into sites like Gmail and Apple. This is a system that aims to verify someone's identity by requesting two pieces of evidence as opposed to just one (which is generally a password).
These sites typically use text or email as the secondary authentication method. However, Krueger warns that these methods have been proven to be very hackable. Both he and Bray recommend using an actual two-factor authentication app that generates a temporary, one time code or a physical USB-C key when securing access to any event platforms’ content management systems as you’re creating your event and inputting information.
Cybersecurity is not a new topic, but it's becoming increasingly important for eventprofs to take an active role in learning about cybersecurity and how to safeguard their data as events largely move online. These best practices will also be useful even once live events resume, given that there will still certainly be a virtual component.