Online event security is a crucial part of any event, yet it is often overlooked. If you are an event planner think about how much information is held on your event websites and registrations. At minimum, it is your responsibility as an event planner to actively protect your attendees and customers private information. Your attendees are logging in and adding valuable information to your site. If you have attendees registering for an event you may collect sensitive information such as home addresses, credit card numbers, flight reservations and more. This is a gold mine for any hacker. This is part of the reason event security is listed as one of the top 2018 event trends. You must guard this information carefully! Below are some of the best ways to implement online event security and create a safer place for all your event data to keep hackers at bay.
What is encryption? Why do I need it for my events website? If you have ever ordered anything online, logged in to see your lab results from your last doctor visit, or typed in a website that started with “https://” you have used some form of encryption. First off, let's discuss encryption in the most basic terms. Encryption is a method used to protect and hide data from people who you don’t want to see it. According to upwork.com “Encryption—based on the ancient art of cryptography—uses computers and algorithms to turn plain text into an unreadable, jumbled code. To decrypt that ciphertext into plaintext, you need an encryption key, a series of bits that decode the text. The key is something only you or the intended recipient has in their possession.” Encryption is used from things as simple as making a purchase online to protecting top secret information. Not all encryption is equal but you must use a form of encryption on your event websites and event apps.
Make Sure Your Website Has An SSL Connection
Make sure your site is secure. Your website needs to have an SSL to protect all your users and your own data. An SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The use of SSL technology ensures that all data transmitted between the web server and browser remains encrypted. Your web developer is responsible to make sure the website has this in place so be sure to reach out to them if you are not sure it is in place. This is an absolute must-have for your event website.
It is also a good practice to make sure your own data is secure when giving information to sites. A fast way to do so is to use Google Chrome. Chrome will notify you in the top left corner of the browser with a lock if the site has SSL and is secure. If Chrome doesn’t show you the lock, do not put any info into the website. You can see an example of this in the top left of the screenshot below.
Encrypted Wifi vs Not Encrypted
You’ve heard people say not to do your banking on public wifi before but do you know why? Well there are actually a few big problems with it. First of all this is an open network, think about how many computers and devices are connected to the network at any given event or conference. If any of those connected devices are compromised you could have a big problem on your hands.
Secondly, if you don’t need to type a password in to access the wifi it is not encrypted. This means that anything you do in your web browser is potentially visible to others. They may not see exactly what you are doing, but if your attendee logs into their bank or email they can see that. Always make sure your wifi at events is a secure connection to prevent being responsible for hacks. Don’t make your event an easy target.
Use a Password Manager
A lot of people don’t think they need a password manager but if you want to keep your logins safe from hackers, you do. Using a password manager has four main benefits:
- Create Very Hard to Guess Passwords: If you are still using something easy to guess or the same password for every account, it’s a matter of time before you run into trouble. Password managers can create long and impossible to guess random passwords for you. You won’t have to worry about remembering these as they are stored in the password manager. Our favorites are Dashlane and LastPass.
- Logins are Quick: Password Managers allow for easy logins that you can sync across devices. When you log in to a secure site, the manager offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials.
- Secure Place to Store Passwords: Passwords are stored in a database offline. No more post-it notes or even worse spreadsheets with event registration logs on it. Another feature worth noting is the ability to change all of your passwords in a click should you ever need to.
- You Can Safely Share Logins: One of ability of password managers that’s often overlooked is the ability to share passwords without actually giving anyone your password. With password managers you can share passwords and revoke passwords, and the person you share with will never see the actual password.
Make Sure Email is SUPER SECURE
Email being hacked is game over. Think about it, if someone gains access to your email they can request password resets on almost any site you use, then change your passwords to gain access to even more accounts. A hacker would also have instant access to your important contacts, vendors, and clients. You must make sure your email is super secure, as it is the gateway to everything! Change your password every couple of months at minimum and make it secure. Do not use any birthdays, or pet names the best passwords would be generated from a password manager as discussed above.
2-factor authentication/USB keys
Gone are the days where just requiring a username and password is secure enough. Hackers are becoming increasingly better at breaking in through this simple system. You need to be using 2-factor authentication if you want to avoid being hacked. Though this technology has been around for awhile (Google offered it in 2011), many people still are not using it. 2-factor authentication requires the traditional username and login PLUS a 2nd component such as a code sent to your cell phone to be entered. It is much harder to hack for this reason. USB keys are similar, their sole job is to generate keys that are time-based to log in. The downfall of USB keys is you need a physical device to access the codes and if you lose it you may have some big problems.
Keep Up to Date on Security
Security threats and issues change often. It is important to keep up to date on the latest news and technology to keep up any changes. Find a credible source to help you out and subscribe for the latest to be delivered straight to your inbox! Forbes and PC Mag’s Security Watch are great places to read and learn about security trends.
Hopefully by now you are feeling more aware of the importance of online security for events. You must take action to protect your business and event attendees from hackers. Keep your data secure by following the steps above. For even more information on online event security be sure to check out our webinar with Will Curran of Endless Events and Brandt Krueger of Event Technology Consulting on March 29th, 2018 at 1:30pm ET. You cannot miss it!