I have never thought about having to apply cybersecurity requirements to an environment like a trade show, concert environment or conference / seminar where lots of people come together for a short period of time and you have minimal control over their activities.
Applying some of the basic principles that make an environment secure here are some ideas.
I am going to talk about things that I have seen and heard of in the last 2 years.
An additional problem, is the fact that your attendees will NOT have cyber hygiene as a priority.
Unpatched and outdated system will be part of the norm.
This will make compliance with the new GDPR rules a large part of your organisations focus.
YOU have to protect your attendees from themselves!
Cybersecurity and protecting your environment is now business critical.
Free WiFi.
You have to offer free WiFi in today’s world.
The target are three fold.
-
Access to and theft of unencrypted information,
-
a man in the middle attack and
-
duplicate WiFi access point.
They create issues by changing a fundamental process within the internet system.
The username and passwords (both randomly generated) can be delivered to the users with their badges. This will allow for single sign on per account that is a managed and monitored connection.
“Drive by” attacks of Near Field Communication (NFC).
This is stealing information from a fit bits, credit cards, smart devices, passport or drivers license using a scanner for pin and chip technologies.
NFC is designed to allow people to pay for items using their credit card, wave the card over a reader and it deducts money from your bank accounts.
Normal readers have a range of approximately 2 centimeters, but criminals can buy or make scanners that increase the range to 2 metres.
Rapid response
In regards to all of the attacks that can happen over a WiFi network you need to be able to shut it down in a minimal amount of time to reduce the risk to your organisation as well as to your attendees.
Disruption.
In today’s world anything can cause a disruption to an event and although most are though about here are a couple more.
Disaster recovery / business continuity
For any business in todays business world, a failure of the ICT can have a significant impact on the organisation.
A risk analysis of everything that could go wrong and will have an impact on the organisation needs to be put into perspective.
Each risk has to be mitigated, ignored, transferred or eliminated.
The organisation would also have required functionality to allow it to manage the number of people who will be attending.
The Basics
In addition to what expectations the attendees have there are certain expectation of the organisation that have to be addressed.
- Passwords
- patching
- encryption
- backups
- End point protection
As you can see from above it is not just about protecting the actual event itself.
Do it correctly and you can use the security of the event as a selling point. A marketing leverage point that puts your events well above any one else.