Event planners bear the responsibility to protect the private information entrusted to them by their attendees and stakeholders by ensuring it doesn’t fall into the wrong hands. However, as we’ve all seen from the unprecedented surge in online events in response to the onslaught of the coronavirus pandemic, there has been a worrying lack of regard for security and privacy.
Indeed, virtual and hybrid events do present unique challenges around information security, but with the right technologies, they’re usually easy to mitigate. In this article, we’ll look at the various online threats and safety measures that event managers need to consider:
What are the Threats Facing Virtual Events?
As is always the case when it comes to any kind of serious disruption, cybercriminals are quick to take advantage of the situation. The sudden shift to virtual business conferences and other events is no exception. Hackers have been quick to exploit virtual events by eavesdropping on them or even masquerading as legitimate attendees to carry out social engineering scams.
While many of the cases of Zoom-bombing we’ve heard about over the past year have been carried out by trolls bent on harassment and practical jokes, more serious threats persist. After all, virtual events often involve the exchange of sensitive information, such as trade secrets, intellectual property, and personally identifiable data. All this information is valuable, which is why hackers will be out in force to steal it.
Why End-to-End Encryption is a Must
It’s almost inevitable that some of your attendees will be connecting from home networks with inadequate security. For example, most people never change the admin login credentials for their routers or their wireless network security keys, instead of using their default values. Others may connect via unsecured wireless hotspots, which are vulnerable to eavesdropping.
If you’re holding an event solely for your employees, you can mitigate these risks by requiring all attendees to connect via an enterprise-grade VPN. However, that’s not a reasonable expectation if your attendees include people outside your organization. The better approach is to choose an event platform that provides full end-to-end encryption for all communications.
With end-to-end encryption, wireless eavesdroppers and man-in-the-middle attacks may still be able to access the network traffic, but they won’t be able to use the data being transmitted. This is because the data is encrypted at source, and only decrypted once it gets to the intended recipient.
To further boost the effectiveness of end-to-end encryption, as well as guard against phishing scams, you should also consider using multi-factor verification (MFA), especially with events of a more sensitive nature. MFA requires attendees to verify their logins with a secondary authentication measure, in addition to a password. Common methods include single-use SMS codes, although you can also restrict sign-ins to certain times and regions. This can also help prevent disruption to your events caused by a distributed denial of service (DDoS) attacks. Although using MFA means it takes longer to login, you can mitigate the productivity disadvantage by using single sign-on (SSO), whereby users use an existing set of login credentials, rather than having to create new ones. Popular SSO identity systems include OpenID and SAML.
Finally, avoid using a personal meeting ID (PMI) that can be used for any future meetings, unless your events are strictly internal.
Keeping Things Safe in the Cloud
One of the biggest data protection challenges companies face today is the fact that there are so many potential single points of failure in the typical network infrastructure. Every individual device, software program, user account, and protocol is a potential entry point into the network and, therefore, to your virtual event.
People will likely be joining your event from a wide range of different devices, such as tablets, smartphones, and desktops, all of which have their own operating systems and vulnerabilities. If they have to install an app on their device that stores event data and recordings locally, then that’s another potential point of failure that could be exploited by hackers.
A cloud-based event management platform makes it possible to host secure events online by ensuring that no data has to be stored on the myriad devices your attendees will be using. It also ensures managers have complete oversight of their events by keeping all data, such as recorded audio and video and instant messages, in one place.
Compliance with Global Regulations
No modern organization can function without third-party software, but it’s also important to consider the fact that many data breaches cloud platforms too. While this should in no way put you off using cloud-hosted solutions, it does mean you must carefully vet any potential software provider, event management platform vendors included.
You must ensure the software you choose meets the compliance demands of your industry and the contents of your events, as well as your internal policies. You should also consider broader-reaching compliance regimes, such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which are intended to protect user privacy across all digital and physical mediums.
Most international privacy laws define two main parties – data processors and data controllers. Data processors are the vendors you work with, such as your event management platform vendor, while your organization is defined as the data controller. Both parties must be aligned when it comes to compliance.
Note that some privacy laws also require organizations to store event attendee data in regions under their jurisdictions. For example, data about EU citizens generally have to remain in the bloc. Thus, if your events have attendees joining from the EU, but your organization is based in the US, you should choose an event platform that provides server locations in the EU as well. Not only does this help ensure compliance – but it can also improve performance significantly.
Recommended Resource: Wondering how GDPR will impact meetings, events and your organization? Discover how to comply with GDPR regulations in our Event Planner's Guide to GDPR Compliance, which discusses the basic requirements needed for GDPR and examples throughout our industry.
The most dependable cloud solutions are backed by vendors that consider cybersecurity and privacy their highest priorities. As technology companies themselves, these vendors will have dedicated security teams of their own. These departments will be tasked with the continuous monitoring of potential threats and vulnerabilities and responding to them promptly. No matter where you live-stream your virtual event, or how many attendees you have, your vendor must make every effort to ensure your data is secured to the highest possible standard.
Aventri’s integrated event management platform makes extensive use of cutting-edge security and privacy controls to ensure that your virtual events can be broadcasted confidentially and with full adherence to GDPR and CCPA. Request your demo today to see how it works.