How to Keep a Conference from Being Compromised
The latest issue of Corporate & Incentive Travel Magazine tells the story of how I was at a conference—a cybersecurity conference of all things!—and it provided an unsecure general access wireless network. There was no preregistration for this network and the password was distributed freely to attendees. Most attendees wound up using the hotspots on their phones.
Many conferences and events of all types have inadequate cybersecurity protections in place. The Wi-Fi networks offered at these events may seem more secure than public Wi-Fi, but in most cases, they are not. In fact, they could be more dangerous to use because hackers interested in a particular type of data can target the network of a specifically relevant conference (rather than the general network of a coffee shop, for instance).
But it doesn’t have to be this way. Here are simple cybersecurity steps every event planner should take to protect attendees, staff, and their data.
Secured and regulated access, as opposed to open guest access, is a huge trend in network security, and conferences and events are a perfect example of a setting where this is a must. There are a number of systems that make it easy for individual attendees to have their own login credentials for the network. If this isn't the case, the conference Wi-Fi and anyone using it is vulnerable.
Knowing who is logging on to your event network and limiting it to registered participants is not only more cybersecure, it also reduces liability. There’s a long persistent rumor that if a crime is committed using a specific Internet access network, then the person offering the service is associated with that liability. That is not the case at this time. While it won’t necessarily result in prosecution, someone committing a crime over your network can still lead to major headaches. It’s important for conference organizers and meeting planners to avoid issues stemming from providing unsecured or unmanaged wireless networking services that could well be used for illegal purposes.
It appeared to me at the security conference I attended recently that the wireless access network was set up and left to run. It did not seem to be actively managed, which is what I would recommend. Any public access Internet service should be monitored and managed for malicious activity or inappropriate browsing. There are tools that can assist with this so that it is not a major drain on the event staff's time.
Change Your Mindset
As I mentioned in the Corporate & Incentive Travel interview, rather than assuming your event hasn't attracted the attention of cybercriminals, assume that it has. Don't provide an open, unmanaged network. Regulate who can log on, manage the environment, make it clear to attendees the service has no guarantee of privacy, and that it should be treated as a hostile environment for all users.
It won't be long before open versions of Internet access services will not be found to be of much value to the educated public. In the meetings and events industry, it will soon become the norm for users to be required to register for Wi-Fi at events and give specific device details in order to gain access. Users will have to acknowledge that access is at no charge, use it at your own risk, and that the environment is managed and monitored. These steps will make it easier to catch cybercriminals who will be prosecuted to the full extent of the law.