CYBER SECURITY: HAVE YOU ASKED THE RIGHT QUESTIONS TO PROTECT YOUR EVENT DATA?
It is crucial that you know the answers to these questions and ask even more in-depth questions with your suppliers who manage your platforms and internally with your technology team. Steve Baxter with Meetings & Conventions, wrote in an article that really highlights key questions you should focus on:
HOW IS MY EVENT DATA PROTECTED?
- Do you use strong, industry-standard encryption like HTTPS and Advanced Encryption Standard?
- How is my data protected at rest (when stored on servers) and in transit (when accessed from your event-management system over a public Internet network)?
- Where is your database stored, and how often do you back it up? (The more often, the better, so that no changes will be lost from your database if restoration is required.)
- Where is the physical location of your cloud servers (if applicable), and do you comply with accepted international standards and regulations?
- Who has access to the cloud servers, and what kind of security procedures do you have in place?
- How long do you keep this data on your servers? Is it moved to other locations or servers?
WHAT DATA SECURITY POLICIES ARE IN PLACE?
- How do you protect your own company data?
- How do you meet regulatory and legislative requirements (PCI-DSS, EU Data Protection regulations, etc.)?
- Who in the company has access to our data, and how do you handle authorization? What happens when someone leaves?
- How do you share client information (email/phone), and where is this stored?
WHO OWNS MY EVENT DATA?
Some event-management technology companies have a legal right to use your data for their own marketing purposes. If so, it is highly likely that they store this data somewhere other than your company’s database on their client servers, which can increase the risk of breach.
- Do you own my data? If so, what do you use it for?
- How long do you store it in your systems, and where is it stored?
WHAT SECURITY PRECAUTIONS DO YOU PROVIDE IN CASES OF INTEGRATION?
Your software provider may have issued you an application programming interface (API) key for any integration you have between your event platform and other third-party systems. The key allows these applications access to your event data and vice versa. If you have just one API key for all your integrations, a data breach would lead to far more serious consequences for you and your organization.
- Can you issue separate API keys for each integration (event app, customer relationship management platform, financial systems and so forth)? This way, if one API key were to get lost or exposed, you could revoke the key, which disables the integration, and set up a new one.
- Can you issue different API keys for different functions? Doing so allows you to spread the risk by having one key to connect your system to the delegate section of your event app, for example, and another for your exhibitor section. If one is compromised, then the other isn’t affected.
If you don’t know the answers to the above questions, you now know what to focus on. Understand each piece of these and if you don’t know the answer, then reach out directly to your supplier to get a better grasp and clear understanding. Your company or clients expect you to manage and own every part of the data, which also includes protecting it. For more information on cyber security as a whole, visit the Homeland Security website here which focuses on providing the public useful information to fend off cyber criminals.
Check back next week as we will focus on creating a strong cyber security strategy, and please email us at firstname.lastname@example.org with any questions!
- 4 Ways To Enhance Your Next Tradeshow
- It’s Time to Talk – Succession Planning for Your Franchise
- Now is the Time to Start Franchising!
- “Netiquette” – Minding Your Virtual “P’s” and “Q’s”
- ASE Group Company News
- Audience Engagement
- Brand Translators
- Conferences and Tradeshows
- Event Basics
- Franchise Conferences