Cybersecurity and the conference and event industry

I have never thought about having to apply cybersecurity requirements to an environment like a trade show, concert environment or conference / seminar where lots of people come together for a short period of time and you have minimal control over their activities.

Thinking more about it, a high number of transient clientele like a trade show, would be a lucrative target for a cyber criminal.

Applying some of the basic principles that make an environment secure here are some ideas.

I am going to talk about things that I have seen and heard of in the last 2 years.

Some will seem far fetched!

An additional problem, is the fact that your attendees will NOT have cyber hygiene as a priority.

Unpatched and outdated system will be part of the norm.

This will make compliance with the new GDPR rules a large part of your organisations focus.

YOU have to protect your attendees from themselves!

Cybersecurity and protecting your environment is now business critical.

Free WiFi.   

You have to offer free WiFi in today’s world.

To secure WiFi you have to know what the capabilities are for creating a cyber issue.

The target are three fold.

  • Access to and theft of unencrypted information,
  • a man in the middle attack and
  • duplicate WiFi access point.
If you are thinking of running free WiFi with no encryption, don’t!   all encrypted information over a free WiFi can be captured as plain text and used.
If you are thinking of having a free WiFi system that people use by going to a website and “signing up / signing in”, don’t!   It is not hard for a dedicated cyber criminal to replicate the sign in page, make it look and feel like the original sign in.   By doing this the cyber criminal can capture the login process and In the process download malware to the device.
If you are thinking of having a single pass phrase for all users, don’t!  Once again, I can replicate your system and deliver internet to the clients but through my system.   There are a number of WiFi systems that use enterprise level support for WPA2.   you can use these systems to personalise and manage all of your staff and visitors.
One of the hardest systems to counter is the man in the middle attack using a Raspberry Pi pumpkin or a “WiFi pineapple”.   Either of these systems can be purchased and configured for under $200 and can cause monumental issues for any delivery of free WiFi.

They create issues by changing a fundamental process within the internet system.

The username and passwords (both randomly generated) can be delivered to the users with their badges.   This will allow for single sign on per account that is a managed and monitored connection.

Opportunities for marketing – putting individual usernames and passwords on the trade show passes.

“Drive by” attacks of Near Field Communication (NFC).

This is stealing information from a fit bits, credit cards, smart devices, passport or drivers license using a scanner for pin and chip technologies.

NFC is designed to allow people to pay for items using their credit card, wave the card over a reader and it deducts money from your bank accounts.

Normal readers have a range of approximately 2 centimeters, but criminals can buy or make scanners that increase the range to 2 metres.

Opportunity for marketing – branded thin aluminum rfid protective credit card sleeves as part of the sign up process.

Rapid response

In regards to all of the attacks that can happen over a WiFi network you need to be able to shut it down in a minimal amount of time to reduce the risk to your organisation as well as to your attendees.

Your WiFi system will need to have alerts and be monitored to allow your organisation to protect them.

Disruption.

In today’s world anything can cause a disruption to an event and although most are though about here are a couple more.

Print off a copy of all attendees and have it located at all entrances, just a basic power failure at the wrong time can be catastrophic.

Disaster recovery / business continuity

For any business in todays business world, a failure of the ICT can have a significant impact on the organisation.

A risk analysis of everything that could go wrong and will have an impact on the organisation needs to be put into perspective.

Each risk has to be mitigated, ignored, transferred or eliminated.

The organisation would also have required functionality to allow it to manage the number of people who will be attending.

The Basics

In addition to what expectations the attendees have there are certain expectation of the organisation that have to be addressed.

These include the fundamentals:
  • Passwords
  • patching
  • encryption
  • backups
  • End point protection

As you can see from above it is not just about protecting the actual event itself.

It is a slow build up to protect everything and everyone that comes in contact with your organisation.   In today’s litigious and compliant world we have to be very aware of the impact of a single event.

Do it correctly and you can use the security of the event as a selling point.   A marketing leverage point that puts your events well above any one else.

Posted in Uncategorized.

Leave a Reply

Your email address will not be published. Required fields are marked *