Let’s say you’ve been appointed to run a government event of national importance or a confidential business meeting. In most cases, the first thing you’ll have to think about (after celebrating, of course) is event data protection.
How do you prevent the threat of a cyberattack on your event infrastructure? Where do you find the rules for data protection? Would compliance with GDPR principles be enough to get the weight off your mind?
As the tech partner of DPRK–USA Summit 2018, the GEVME team knows the ropes. To give you an insider’s view of the most important data security measures at events, we’ve interviewed our onsite lead, Benjamin Wong, and curated a list of practical tips for event planners who take cybersecurity seriously.
Why is it important to enable data protection for events?
Even the most basic event infrastructure is a mix of cloud-based solutions, APIs, and applications that have to be synced to ensure the frictionless functioning of registration and onsite check-in systems. Due to the growing concerns over data privacy and cyberattacks, event tech providers need something more reliable than simply a prevent-and-detect mechanism.
According to Benjamin Wong, the key issues that organisers are concerned about when it comes to the facilitation of onsite infrastructure are the following: 1) security compliance of a software, 2) contingency in case of data breach, and 3) contingency in case accounts have been compromised. In this context, an integrated software system that can be aligned with data protection regulations is no longer just nice to have but rather the backbone of a reliable onsite IT ecosystem.
How to protect your event data: best practices
Looking at the practical side, which steps should you take to ensure no data breach can possibly occur before, during, or after an event? Here is a primer on the strategies that we nurture at GEVME:
Conduct a risk assessment before any event, and conduct it twice before a government event.
Before learning how to protect event data, you should understand the threats to watch out for. A comprehensive risk assessment aligned with each particular onsite infrastructure can help organisers focus on the most important aspects. Explore both internal and external threats, including network breakages, APTs, password phishing, and more. We also recommend meeting with the venue host to discuss any aspects that could impact the security of your data infrastructure, from backup connectivity systems to space capabilities.
Here’s the strategy for analysing cyber risks from the GEVME onsite lead, Benjamin Wong:
“We start with hardware security overwatch. We’ll need to prepare our locks as well as ensure that the laptops are password locked and accounts logged out by the end of the day. Secondly, the network should be checked: We ensure the venue provides a separate SSID because a public network is vulnerable to attacks. If SSID is not provided, we will bring our router with Internet access to create our own network. Finally, we take care of the database. It’s important to determine who the users handling the system will be, whether they are allowed to access the backend data, and to what extent. If not at all, we will create a separate user that can only have access to the kiosk mode.
Educate your staff.
Maintaining event data security is the responsibility of the whole team working onsite at the event. Even the smallest mistake in terms of responding properly to a breach or threat can cost event organisers millions. According to Mr. Wong, the first step to educating the team is conducting a general ISO training where the general emergency procedures will be explained. Before gaining access to any data management systems, it’s critical to ensure that each member of our onsite team understands the following security measures:
1) Network Breach: Disable any network access on devices
2) Account Breach: Disable/Lock account
3) Data Breach: Disable accounts, check logs, trace the data breach (what data is stolen, by whom, is the attack still going on, how far/deep into the database did the hacker go, etc.)
4) Loss of Device: Immediate device/account lock (device level – via Google account; GEVME account level – via GEVME)
Conduct a system test before the start.
It’s not enough to choose a super strong event management software system and just hope that everything goes well. Considering the complexity of onsite infrastructures, there are always thousands of reasons why a hardware or software system could fail at the most inconvenient moment, unless you conduct proper system diagnostics before the event.
“As each event has a set of unique requirements, we at GEVME always do the testing before launching the system,” says GEVME’s Benjamin Wong. Here are the key highlights of the testing process:
- Printer drivers: You should be able to set print preferences and conduct major maintenance processes.
- Printer server: Check whether it’s able to accept print jobs, assign IP addresses, and save a PDF copy of each printed name badge.
- Laptop network access: A user should be able to connect to a network as well as communicate across different devices within this network.
- Printer: Check the printing function, colour correction, alignment correction, paper feeding, ink levels, paper jamming, etc.
- Tablets: Test network access, the latest APK version, account limitations, database correction, and sessions. Also, a tablet should be able to detect a printer via the printer server on the same network as well as execute two-way syncing, both outgoing and incoming.
Whatever system you use for event management, make it a rule to always double check data protection compliance. Since the regulations for data privacy can vary across different locations (for instance, in Singapore event tech providers must comply with PDPA laws), each case should be treated individually. At GEVME, we constantly work to improve the mechanics of risk assessment, onsite system testing, and staff education to ensure foolproof protection.