Focusing on asking the right questions and understanding  how your event data is being protected is the first step. The most important step is creating a strategy based on the information that you have gathered. Google and Dropbox are a couple of companies that have taken extra precautionary steps to protect and keep data secure, which include adding extra layers when logging in or asking additional security questions. Although this example only covers the surface, this is a great example for when it comes to events. As a third party meeting and event planning company, ASE Group works with a lot of mobile apps which hold client and attendee’s names and at times, phone and email addresses. When we are managing any mobile app, we ensure that we have an added layer to our app to ensure that people’s contact information is secure to only those attending an event.

ASE Group also has their own security policies in place for all data that is managed in-house as well as all data that is housed with external companies. When managing data with outside companies for registration/event and mobile app platforms, we know where all of our data is held, what the protocols are and have a plan for the “worst case” scenario. Theresa Payton, former White House CIO and now CEO of Fortalice Solutions LCC wrote a great article in Security Intelligence focusing on a strategic cyber security strategy and provides a great check-list for those who do not have one in place to follow. She states that “Over the course of my career, one thing rings true over and over again: A breach is inevitable, but how you plan to respond to one is not. If you create and store data, there will be cyber criminals waiting to copy it, take it, post it, ransom it or destroy it”. Following these steps and answering the below five questions will help you define your event’s strategic strategy:

Event Cyber Security Checklist

  • Do we or does a third-party track our organization, physically and digitally (like an adversary would), using open source intelligence techniques?
  • For large physical events or concentrated places of work or travel for our executives, have we set up geofenced locations, and do we monitor for chatter or traffic that could be targeting the people at the event or our critical data?
  • Have we defined the top two assets that would destroy us if they were stolen or compromised? Have we made sure all human and technology processes ask about those two assets first?
  • What’s our worst digital and worst physical nightmare? Do we have a disaster plan to address these?
  • When is the last time we got all relevant parties together to conduct a tabletop exercise against our worst nightmare? If there are multiple stakeholders, do we have a simple, straightforward memorandum of understanding or agreement in place to define roles and responsibilities?

Offensive strategies with defensive mitigating controls work. A purely defensive strategy is a losing strategy. For every defense you put in the path of a cyber criminal, they will find a way to get around it to grab the data. Making sure that you play devil’s advocate while planning and brainstorming, will provide you a success outcome. For more information on cyber security as a whole, visit the Homeland Security website here which focuses on providing the public useful information to fend off cyber criminals.


Please Leave a Comment

We'd love to hear from you.