Tag: APIs

How Companies Can Save Time and Money Around Their Events

untitled-design-72Technology is always pushing the boundaries on how we plan and run our events. From simple registration systems to sophisticated event management tools. From social media, live polling and event apps to the use of new technologies like GPS fencing and augmented reality.

All these different technologies help us collect and manage valuable data around our events. And we all know how valuable this data can be. The more you make of it and the more you share it across your organisation, the more valuable it will become.

But the value of event data isn’t just limited to what we collect and analyse from all these different systems we use around our events. As event planners, we deal with many other business systems that help us manage information and processes around our events.  It may be the customer data we have in our CRM solutions that helps us personalize attendee experiences. Or it may be the details of all the outstanding payments recorded in our finance system that can help us forecast revenue and cashflow. Or a list of all the transfer and hotel requirements we’ve recorded in our travel and accommodation booking systems.

The event data in these systems is just as important as the data we have in our registration systems or event apps.  Yet all this data has traditionally sat in silos as it has been difficult to share information between them and all the other systems we use around our events. However, recent advancements in communication tools like APIs has made the process of data sharing a whole lot easier. And event planners are starting to see that having an event data ecosystem where all the different systems automatically talk to each other can bring them all sorts of benefits.

What Our Research Found

A recent joint study by Event Industry News and Eventsforce found that 60% of event planners are already integrating their event data with their organisations’ business systems, with CRMs, corporate websites solutions and finance coming up top.

The industry seems to recognize the importance of having an integrated system with 75% of respondents claiming it can have a significant impact on the hours spent doing admin work like data entry, reporting and chasing departments for relevant information. Other highlighted benefits include better data sharing, increased revenue and improved data security.

The study also found that factors such as cost, time and issues in managing multiple IT suppliers were seen as the top barriers to this type of data integration. Yet despite these challenges, only 25% of respondents felt integration was not a priority for them moving forwards.

Key Considerations

So, how do you decide which type of integration is right for your organisation?

The key thing here is that there isn’t one type of integration that’s right for everyone.  Each organisation is different and each system is different.

What you need to ask instead is – what is my business need for integration?  Can it help solve a particular problem around my events?  Do you want to spend less time chasing updates with your finance team? Or do you want to cut out all the work you do copying data from one system to another?  Or maybe you want more synergy between your marketing and event campaigns?

All of these issues (and many more) can be addressed by integrating your event data with some of your organisation’s other business systems.

Have a look below at why companies like Schroders, Haymarket and RSS decided to integrate their event data, how they went about it and the impact it had in the way they manage their events:

schroders1. Schroders: Events and CRM Integration

Schroders is a global asset management company running hundreds of meetings and conferences each year.

The Challenge:

As most of Schroder’s events target their customers and investor contacts around the world, invitation lists were usually compiled by account managers who owned these client relationships. The lists would be put together using the company’s Salesforce CRM solution and would then have to be manually uploaded to the Eventsforce event management system, which would track and manage registrations around each event.

The problem was that as account managers had no access to the data in Eventsforce, the events team would spend a lot of time providing them with regular attendance updates and reports.  All the registration data recorded in Eventsforce needed to be manually uploaded into the CRM system – which was time-consuming, inefficient and prone to error. It also meant that the sales team didn’t have real-time visibility on which of their contacts were attending their events or which events and sessions they had engaged with in the past.

The Solution:

Schroders decided to integrate Eventsforce with the company’s Salesforce CRM system in an effort to improve data sharing between the two departments. The integration allows the events team to automatically pull invitation lists from Salesforce directly into Eventsforce, without the need for manual uploads.  More importantly, any updates around invitations or registrations that are recorded in Eventsforce are instantly updated within the CRM system in real-time.

The integration saves the events team a lot of time transferring data between the two systems, chasing responses and collating reports – helping them focus their efforts on other aspects of the events.

On the other hand, account managers have access to the most up-to-date information on how many of their contacts are attending an upcoming event. It also helps them decide whether or not they need to encourage people to register (instead of the less personal follow-up call from the events team) or if they want to arrange meet ups before or at the event.

“The integration between our event management and CRM systems has helped us see what value our event activities are providing to our organisation.  With better data sharing between the two departments, we have also saved a considerable amount of time collating reports and transferring data between the two systems,” said Viki Stapleton, Events Manager, Schroders.

haymarket-logo2. Haymarket:  Events and Finance Integration

As one of the largest media and publishing companies in the UK, Haymarket has a portfolio 120 events that gather over 20,000 attendees each year – from award ceremonies and gala dinners to conferences and breakfast briefings.

The Challenge:

The company deals with an incredibly high volume of payment transactions around its events – so having the ability to track funds was a top priority for the events team. Yet the system they had in place was inefficient and didn’t give them the financial insight they required.

Each night, a list of payment transactions recorded in the events system would be sent to the company’s accounting system via file transfer. As the data flow only flowed one way between the two systems, the events team didn’t have a real-time view of when the finance department issued invoices and when payments were actually coming in.

As a result, a lot of time was wasted chasing the finance team for the latest updates. The daily file transfer also meant there was always a gap between the time attendees completed their registrations and the time it took the accounts team to issue their invoices.

The Solution:

The events team wanted to take control of the entire invoicing process and decided to address the issue by integrating its events and finance systems together. Now, each time an attendee completes an online registration form or submits an award entry, their financial information is automatically sent to the finance system, however invoices are generated directly through the events system.

This allows the events team to easily chase payments before the start date of each event by pulling up automatic reports on outstanding invoices and contacting attendees through one quick email.  The integration has not only simplified processes but has also meant that most of its events can kick off with very few outstanding payments.


Not sure if data integration is right for you?  Get a FREE copy of the ‘Save Time & Do More with Your Event Data’ eBook – a comprehensive easy-to-read guide from Event Industry News and Eventsforce that gives you everything you need to know about integrating your event data with other business systems (CRM, marketing, finance, membership).


“The integration between the two systems has been critical to our cashflow. It has really given us the visibility we need regarding the financial situation of each event and has also helped us reduce a lot of administrative work around managing attendee payments,” said Carla Jones, head of event operations and client services, Haymarket Events.

 

rss-logo3. The Royal Statistical Society (RSS):  Events and Membership Integration

As one of the leading organisations promoting the importance of data and statistics around the word, RSS has an active events portfolio running around 100 meetings and events for members and non-members each year.

The Challenge:

The organisation has integrated its events and membership systems together so that it can provide automatic membership check as part of its online event registration process. The integration makes sure that RSS event attendees are going through the right registration channels and non-members are not paying discounted member fees.

The Solution:

Each time an attendee selects the ‘member’ box on the registration form, their email address is automatically checked against the RSS membership system. If the membership is valid, attendees can continue with their registrations – otherwise the system will ask them to try again.

Click to get in touchRSS Conferences and Events Manager, Paul Gentry, commented: “Without integration between the two systems, non-members could have registered as members as we wouldn’t have had the time or resources to manually check the status of the hundreds of members that attend our events each year.  But with this system in place, we are confident that the membership status of each attendee is accurate and more importantly, everyone is paying the correct registration fee.”

The integration secures a key revenue stream for RSS and it also saves the events team considerable time chasing payments from those people who may have otherwise registered under the wrong category.

It also helps RSS address queries around memberships a lot more quickly.  So, if a particular membership has lapsed, a notice can show up on the registration form advising users to contact the membership services team.

Infographic: Save Time and Do MORE with Your Event Data

infographic-do-more-with-your-event-dataTechnology is always pushing the boundaries on how we plan and run our events. From the use of simple registration systems to complex event management tools. From check-in solutions and event apps to new technologies like iBeacons and augmented reality. As the significance of technology continues to grow for the events industry, so does the importance of managing all the data we get from our events.

Event data is incredibly valuable – the more you make of that data and the more you share it across your organisation, the more valuable it becomes. Over the last few years, event planners have done some great things by integrating (or connecting) their event data with applications like payment gateways, scanning tools and more recently, of course, event apps. Today, more and more organisations are starting to apply this same concept of data sharing with big back-end business systems – from CRM and finance to marketing, travel booking and membership solutions.

How does data integration help event planners?

Event planners deal with so many different systems to capture and manage information around their events – from their event management and ticketing systems to marketing, sales, finance, membership and so on. Putting all this data together where all the different systems automatically talk to each other is where integration comes in. In fact, having this kind of data ecosystem saves event planners an enormous amount of time around data entry and other admin tasks. It also makes sure that people have real-time access to critical and accurate event information at all times

Last month, Eventsforce and Event Industry News conducted a research study with over 200 senior event planners to take a look at the current uptake of data integration in the industry and the results were very interesting. The study found that 60% of organisations have already integrated their event data with back end systems with CRMs, corporate websites and finance solutions coming up top.

What did our study results say were the key benefits of data integration?

Time savings, data accuracy and improved productivity were seen as the top three benefits of data integration with 75% of event planners saying integration had a significant impact on the hours spent doing admin work like data entry, reporting and chasing departments for relevant information.  However, factors such as cost, time and the challenges of managing multiple IT suppliers were seen as the top barriers to integration.

The study also found that that despite the overwhelming 75% of event planners who want to integrate their event data, a third felt uncertain of where to start.  With this in mind, Event Industry News and Eventsforce decided to create a new ebook that provides event planners with a comprehensive easy-to-read guide on data integration.  Download it for free here and let us know what you think.

For a more comprehensive look at the findings from the Event Industry News and Eventsforce ‘Do More with Your Event Data’ study, please download the infographic below:

infographic_can-you-do-more-with-your-event-data_final


Interested in integrating your event data with back end systems?  Have a look at our API and integration offerings here or get in touch by filing in our enquiry form here.


How The Liberal Democrats Are Using Event Tech to Maintain Security at Annual Party Conferences

Lib Dem BlogThis month, we talked about how an increasing number of event planners are taking big steps in integrating their event data with some of their organisation’s critical business systems – from finance, travel and marketing to CRM and membership solutions.   In fact, we have seen a 40% increase in the number of customers working on data integration projects over the last year – we expect this trend to grow significantly in the next three years as event planners try to make better use of their delegate data.

One organisation that has successfully embraced this strategy is the Liberal Democrats.  The British political party has not only taken the initiative to integrate their event management solution with one of their own business systems (more on that later) but they have also done it with the national accreditation system of the UK’s own Police Force.

Changing Politics, Changing Priorities

Formed in 1988, the Liberal Democrats (also referred to as the Lib Dems) are a liberal political party in the UK with more than 60,000 party members. Unlike other parties in the country, Lib Dem members put forward and vote on all proposed policies at their annual party conferences.  The party hosts two conferences each year – with the main four-day conference in Autumn gathering over 5,000 attendees, which include party members, lobbyists, business people and media.

The party came into government in 2010 as part of a coalition group with the British Conservatives, which prompted a major change in the security requirements around its party conferences. Home Office regulations required all attendees to be fully vetted by the National Accreditation Team (NAT) before receiving clearance to attend the event.  This meant incorporating a new accreditation system as part of the online registration process and the only way of doing this effectively was to integrate its Eventsforce event management system with the UK Police NAT database.

Data Integration with UK Police Accreditation Database

marketing-manager-2The planning stage of this large-scale integration project was key.  The Lib Dem conference team had to work closely with the UK police accreditation team to agree on new workflows and the kind of delegate data they needed to collect to comply with the new accreditation requirements.  This included things like delegate photos (which had to meet strict guidelines), passport details and previous home addresses – all of which would help the NAT team verify the identity of delegates and approve their accreditation.

“The photo is a crucial part of the accreditation system.  If our delegates complete their registration without the correct photo, the NAT won’t be able to process their application and we’ll be unable to issue them a photo pass. So it was important for us to design a feature in the system that would allow us to permanently store uploaded photos within delegate profiles. This way, a returning user can save time by choosing the same photo the next time they register for a conference,” said Sian Waddington, Lib Dem’s head of conferences. “From a customer service point of view, we also wanted to give our delegates the option to send us their photos within seven days of submitting their registration forms.   In some cases, an attendee may register at a certain date to take advantage of an early bird discount but is unable to provide us with a suitable photo in time to meet the deadline.  The system guarantees their discounts even though their accreditation is not yet complete.”

Once a delegate submits their completed registration forms, the data is then automatically pushed to the NAT database where the team reviews and processes the accreditation.  The information is passed back to the event management system, which triggers an automatic email to the delegate informing them that their accreditation has been approved or if there is a query regarding their application.

The data flows in both directions across the two systems, allowing the Lib Dem conference team to see the status of each application within Eventsforce.  “If delegates ask us why they haven’t received their photo pass, we can see in real-time whether their application is currently being looked at, or if it has been approved or declined.  This facility also allows us to collate reports at the end of each day and see how many applications are currently in progress so that we’re better able to manage our own timelines,” continued Waddington.

Data Integration with Membership System

Untitled design (20)Following the integration of its event data with the NAT database, the Lib Dems decided to take on another important integration project – this time between their event management software and the party’s Salesforce membership database.  Party members attending the annual conferences are subject to discounted registration fees and special voting passes – so it was important for the conference team to verify the membership status of each attendee at the start of their online registration journey.

Once delegates select one of eight member categories in the registration form, membership data such as surnames and addresses are automatically checked against the membership system. If they correspond and the membership is valid, delegates can continue with their registration.  The system ensures that attendees are going through the right registration channels and non-members are not paying discounted member fees.  More importantly, the Lib Dem team can be sure that no voting passes are issued to non-members.

“Without integration, non-members could have registered as members as we had no ability of manually checking the thousands of party members that attend our conferences each year. Having membership validation as part of the registration process has also helped us address queries around memberships a lot more quickly.  For example, if a membership has lapsed, a notice shows up on the registration form advising the user to contact the membership services team.”

Overcoming Unexpected Challenges

There were a few noteworthy challenges that the Lib Dems had to overcome when first using the newly integrated systems – some mere oversights and some due to circumstances out of the Lib Dem’s control.  For example, the conference team soon realised that any small change to the registration details of a delegate (such as changing a photograph) would prompt another round of the accreditation process with the NAT, even if it had already been approved.  Accreditation rules also changed over time, while a new NAT firewall temporarily stopped the integration from working.

“Although we had planned everything in detail and were all ready to go, things kept coming up so you always need to be prepared.  Having said that, we had the right technical support from both sides of the integration at all times and this helped us address these issues and resolve them as quickly as possible,” concluded Waddington.

The Road Aheadregistrations right

The overall success of both projects has spurred the Lib Dem to do more around their integration efforts.   The events team plans to push more of its registration data to the Salesforce system, which will allow regional and local party officers a real-time view on how many of their supporters are attending an upcoming conference.  It will help them decide whether or not they need to encourage people to register or enable them to arrange meet-ups before or at the conference.  Extending the integration between the two systems will also allow for automatic updates in both systems whenever any changes are made to delegate profiles (eg. address changes).

Click to get in touchMoving forwards, the Lib Dems also have plans to integrate their event data with the party’s finance system in an effort to reduce administration work around delegate payments. The integration will provide the events team with real-time updates on all outstanding payments without having the need to chase the finance team directly.

 

 

 

 

Top 6 Considerations When Integrating Your Event Data with Other Business Systems

Untitled design (20)Almost every blogger, analyst, journalist and vendor has identified data integration as one of the most important trends in the events industry this year. The concept isn’t something new with most organisations having taken on some form of an integration project through payment gateways, registration scanning tools or event apps. What is new, however, is the increasing number of event planners taking the plunge and integrating their event data with some of their organisations’ other business systems – from finance and CRM to marketing and membership systems.

The case for data integration is quite simple:  It makes business sense. It cuts costs and improves your team’s productivity. It reduces the endless hours event planners spend replicating data from one system to another and it also helps eliminate all the errors and inconsistencies commonly associated with data entry. More importantly, it makes better use of your data by putting it in the hands of the people who need it the most. Integration between your event management and membership systems, for example, can provide automatic delegate membership checks as part of your event registration process.  Integration with your finance system can provide your events team with real-time updates on delegate payments.  Integration with your CRM can help you create detailed invitation lists, whilst providing your sales team with new leads whenever you have new registrations.

If this is something you’re considering doing in the near future, then there are some key things to think about to make sure your data integration project works and brings real value around your events. Have a look below:

Make Sure You Know What You Want to Achieve

The most important consideration when implementing a data integration project is to figure out why you want to integrate your event data with another system. Is there a strong business need for it? Can it help solve a particular problem around your events, like chasing delegate payments from your finance team?  In the case of an event app, what data do you want to pass on from your event management system? Should the app be used by delegates to make changes to their agendas?  What will this entail and how is that information tracked?  Assess and document the benefits of integrating the two systems together, both in terms of cost and time savings, before making any decisions. If you’re finding it difficult to identify how the integration is going to answer important questions around your events, improve the service you provide to your delegates or create efficiencies within your events team, you’re probably wasting your time.

Ensure All Stakeholders Are Involved from the Beginning

shutterstock_61234468The more you know about exactly what you want to achieve, the more likely you are able to identify who needs to be involved in the project.  If you want to integrate your event data with your CRM, then it makes sense to have your CRM manager involved.  If it’s with your accounting system, then it should be your finance manager, and so on.  The next step is to approach your software providers, find out if the integration is technically possible and agree on the objectives.  It is in your interest to help the provider understand your business requirements correctly as this will help them accurately identify and integrate all the required data points.

A common pitfall at this point is for event planners to pass the project on to their developers or IT departments but you need to remember, data integration is a business initiative, not a technology one.  There should be someone throughout the whole process that understands the value of this data and will be able to lead discussions about the long-term goals of the project in order to make it consistent, successful and beneficial.

The other important factor is good communication with all team members throughout the duration of the project. This involves ensuring that there is ‘buy in’ for your project from everyone involved – from the executives in the different departments within your organisation to the techies who will be carrying out the roll out of the project and the events team whose work will be affected by the integration. Everyone need to understand what it is you are trying to achieve and why – you’ll be in a better position to identify potential problems and won’t need to make as many last-minute changes to the development work.

Agree Detailed Specifications & Data Maps Before Starting

It is crucial to determine early on which systems need to talk to each other, which fields within your systems need to be updated and how often this needs to be done. Is the data going to flow one way or two ways between the systems? So if you’re integrating your registration software with a CRM solution, you should decide which questions from your registration page (names, address, telephone numbers) should be updated in the CRM and vice versa. This ‘data mapping’ process is important as it ensures that the right data goes into the right field of each system.

Often, your expectations of what you’re able to do must be realigned as the sheer quantity of data that needs to be dealt with is sometimes underestimated – especially with CRM integrations. Gathering the data can be harder than you think and the data you have might need more ‘cleaning up’ than you first thought.  Take delegate phone numbers, for example. They could be entered in all sorts of different formats: ‘020-888-4567’ or ‘(020) 888-4567’ or they may have no separators at all.  Slightly different formats, minor typos or extra spaces and characters in your CRM system can cause problems when your event management system is expecting things one way and gets another. Take these factors into account when mapping out your data flows. Consult with both software providers and make sure you have workarounds put in place as even the smallest discrepancies and inconsistencies can stop your integration from working as it should.

Be Realistic Over Time and Budget!Untitled design (4)

The good news is that integrating two pieces of software together is no longer the big financial commitment it once was, largely due to generic communications tools (such as Java, APIs and REST) that make it simple to consume and post data from one system to another. Dealing with good software companies also helps as they can provide all the relevant support and expertise you need – which means the whole process can take as little as a few days at a fraction of the cost. However, don’t underestimate the time and budget you need to allocate for such a project.

Think about things like data discrepancies we mentioned earlier on.  If your event management and membership systems, for example, record delegate birth dates in different formats, you will probably need to invest in a bit of development work that will allow the automatic conversation of data from one format to the other. This is a small example of a simple format issue and by itself, no big task.  But multiply this across thousands of data fields and records and dozens of types of formats, and the development work to do clean-up, workarounds and validation can be substantial. Remember that development time can be expensive so think about all these eventualities when mapping out your data flows at the beginning of the project.

Allocate Adequate Technical Resources

Avoid wasting valuable time by ensuring you have the adequate IT staff on hand to answer any technical queries that may come up during the development, implementation and testing stages of your data integration project. Developers from your event management solution provider, for example, may have specific inquiries about the set-up of your bespoke finance system or vice-versa. If you don’t have the necessary technical staff, consider hiring an independent consultant or specialist system integrator for the duration of the project. Once the development phase is over, your technical staff should also be responsible for the proper testing of the integration to ensure that data flow between the two systems is correct, complete and up-to-date.

Make Time for Thorough Testing and User Acceptanceintro_tech_to_assn_congress

Both the technical and business teams need to be involved in the testing stage to ensure that the results are as expected or if anything needs to be resolved.  So if it’s an integration with your finance package, set up a test on your event management system and put through enough transactions to make sure both sides are comfortable and have covered all delegate payment scenarios.  It is then the responsibility for each department head to train their relevant teams on how the system works.

Ensure your team are aware of how the integration impacts their daily tasks.  When creating new events in your event management system, for example, staff need to know that certain fields can no longer be changed as they are now also being used by the finance team to track delegate payments. Create an action list of do’s and don’ts or include it with your event management system template each time a user logs in as an administrator.

Conclusion

Click to get in touchThinking about all these points when planning your data integration projects will ensure that the whole process will be smoother and lot more flexible for any changes you want to make in the future. It is important to note though that regardless of size, an integration between two systems is a moving thing and technology can always change. Don’t forget about it once implementation and testing is over. Stay on top of it with continuous testing and regular meetings with your software providers to ensure everything is working as it should.

Written by Ian Webb, Business Development Manager, Eventsforce

 

5 Easy Ways of Securing Your Event Data

Untitled design (17)Data security is increasingly becoming top of mind and making headlines as it continues to impact businesses around the world. Just about every week, there is a fairly major cyber-security event that gets talked about in public – and there are many more that don’t get talked about. It is a major problem for any organisation that has valuable information to protect (which means most companies these days) – especially for those involved in the world of events.

We have talked a lot about the issue in the last couple of months, addressing things like the kind of data security questions you should be asking your event management solution provider and some of the considerations you need to take when dealing with delegate card payments.  Most event planners will also be following their own organisation’s security policies when it comes to storing and sharing event data – from communication procedures to firewalls, encryption and anti-virus software.

However, while IT focuses on outside threats, there is also an element of risk lurking from within.  Over 40% of data loss1 is the direct result of internal threats which come about from staff mishandling data – whether intentional or unintentional. In fact, our event data security study exposed a number of important vulnerability areas – like staff password hygiene, email communications and data storage –  that event planners should be putting greater attention in order to prevent data from getting into the wrong hands.

Have a look at the following best practice guidelines that can greatly improve security around your event and delegate data:

Don’t Put Anything in Email That You Wouldn’t Put on a Postcard

ID-100354956Email communications is one area of vulnerability. Our study found that 65% of respondents emailed their event data (attendance reports, registration lists, invoice reports) to third parties or other departments within their organisation after downloading the information from the event management systems. Another 36% admitted to having emailed their API key – a form of authentication that allows third party systems like event apps to access data saved in your event management systems.

The truth is that it is difficult and cumbersome to encrypt data in emails from end to end – so you should always think about what you are sharing on email.  Check before sending that you have the right recipients and encrypt data within if necessary. If you don’t need to email it, don’t.  For example, when confirming registration details with your delegates, don’t include all their details within the body of the email but instead, include a personalised link that will lead them directly to their registration page on your event website. Equally, never email your event system API key(s) to ANYONE as this could expose your data to anyone who has access to this key.  If you need to share it, do so over the phone.

Be Smart About Your Passwords

Data SecurityMore than 500 million records of login names, passwords and other ID information went astray in the last 12 months, according to a report this week by security firm, Symantec2. It sounds pretty obvious but you would be surprised with the number of people that ignore the importance of passwords. Our survey found that over 80% of event planners don’t change their event management system passwords as often as they should (less than once a year). Another 33% claim to have shared their passwords with other people.  This widely increases the risk of breach and makes it difficult to accurately identify who has access to the system at any given point in time.

Using strong passwords, NOT sharing them and changing them once every three months can greatly improve security around your event data.   The problem is that the human brain can only remember so many passwords, not to mention we’re actually really bad at picking good ones. So, too often we just reuse passwords across multiple sites. This is an issue because so many of us use the same password for our work and personal accounts like Facebook, Google and online banking.  Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for words or letters. For example, “I want to see the Eiffel Tower” could become 1W2CtEt.

Another solution is to use a password manager, a software tool for computers and mobile devices, which will pick random, long passwords for each site you visit, and synchronise them across your many devices. Two popular password managers are 1Password and LastPass.  You can also use a Single Sign-On (SSO) system, which allows you to control access to your event management software using your authentication servers (e.g. Microsoft Active Directory) – so passwords are never submitted to your event system and access can be controlled centrally by your organisation. If someone from your team leaves their job, then their access to all systems can be cut off from one place.

Share Only What is Necessary

The study also revealed that an overwhelming 89% of event planners downloaded the data in their event management systems to external spreadsheets, with a further 81% sharing it with colleagues and other departments by printing or email.  As well as following your organisation’s policies on how to securely share and dispose of data, you can also reduce security risks by integrating your event management system with some of your other back end systems like finance, CRM and marketing.  The integration will allow for automatic updates on both systems whenever you need to make any changes, eliminating the need to download, print or email event data to other departments within your organisation.

For example, integration with your company’s finance system will allow you to automatically update delegate payment details into your finance system and vice versa without the need for printing and emailing reports and manually transferring them from one system to another. Event invoices, credit notes and received payments can be all be generated and sent from either system. This saves time and more importantly, vastly reduces the security risks associated with email communications and having printed documents lying around.

Know Your Personal Vs. ‘Sensitive’ Personal Delegate Data

Our study found that there was some confusion differentiating personal and ‘sensitive’ delegate data.  Personal information can include things like names, addresses and phone numbers.  However, sensitive data is any information relating to the delegate’s racial origin, political opinion, religious beliefs or mental and physical well-being.   The survey found that 40% of event planners didn’t think race and religion was considered as sensitive and only 26% thought dietary requirements (which may indicate religious inclinations) as sensitive.

Why is this important? EU Data Protection regulations require extra security measures when dealing with ‘sensitive’ delegate data – as this information could be used in a discriminatory way and is likely to be of a private nature.  Most registration forms will have a question asking delegates if they have any additional requirements.  This may include things like dietary requirements or the need for wheelchair assistance. Storing this ‘sensitive’ data means you must comply with the Data Protection Act from the moment you obtain the data until the time when the data has been deleted, overwritten or securely destroyed (e.g. shredding, incineration or pulping).

Don’t Forget About ‘Offline’ Security

As a general rule, try not to store any of your event data in any physical form (print or external hard drives, USB drives etc.) as this greatly increases the chance of it getting into the wrong hands.  If you are, invest in secure cabinets, fit locking doors and ensure you have the proper mechanisms in place to dispose of this data if you need to.  At your events, don’t leave your registration lists, laptops and smart phones unattended and ensure that event data on your screens are not visible to unauthorised users.  Be cautious when discussing details over the phone and avoid discussing sensitive information in public areas where you can be overheard.

Lastly, make sure your employees understand how important your event data is and all the measures they can take to protect it. Encourage security awareness among your staff, training them not to leave sensitive material lying around and to operate a clear desk policy – both at the office and at your events.  The ultimate goal is for everyone, at every level, to believe that data security is critical, understand the policies and procedures for achieving a secure environment and ensuring these are followed every day.

Written by Steve Baxter, CTO of Eventsforce

1 Information Week: Insider Threats: 10 Ways to Protect Your Data

2 BBC News: Security snapshot reveals massive personal data loss

 

Top 8 Security Questions to Ask Your Event Technology Provider

Data Security

 

 

 

 

 

 

 

 

 

 

 

Many of you have read the scandalous stories we saw in the headlines last year regarding major security breaches at companies like Talk Talk and the Ashley Madison dating site.  Cyber hackers raised their game with millions of people having had their private data stolen and national governments scrambling to combat the growing threat of cyber-attacks. Now imagine your organisation’s systems got hacked and exposed the personal details of the hundreds (or thousands) of delegates attending your events each year.  Doesn’t really bear thinking about, does it?

Events deal with highly sensitive customer information, including names, emails, telephone numbers, employment information, disabilities and other confidential details. The wealth of information we collect from our delegates is a gold mine for hackers.  Safeguarding this data is critical and more and more organisations are starting to see the importance of this issue. Our new data security survey found that 80% of event planners marked data security as a top priority for 2016.  Surprisingly, however, only 40% of them felt they had the adequate security policies in place across their organisations.   In fact, according to MPI members at last month’s MPI European Meetings & Events Conference, event planners were said to be lacking awareness on the topic of cyber security despite the global terrorism threat1.

So how do we address this issue of event technology security?

Most event planners these days deal with some form of event registration technology that helps them manage all their event and delegate data.  The software captures, manages and stores a lot of the sensitive data we mentioned earlier – so it makes sense to start there. Have a look at the data security policies of your event tech provider.  Are you confident they have the right processes in place to safeguard your data? Are they doing everything they can to minimise the risk of breach?

Here are the top 8 data security questions you should be asking your event tech provider today:

How is My Event Data Protected?

Maximum protection of your event data should probably be your event technology provider’s top priority.   You want to ensure that your event data is fully secure and protected by a comprehensive recovery system.  The first step in achieving this is the use of strong industry-standard encryption, like HTTPS and AES, which helps protect your data from prying eyes and can provide you with assurance that it hasn’t been modified in any way. Find out how your data is encrypted both at rest (when stored in servers) and in transit (when accessing data from your event management system over an Internet network). ID-100354956

What Data Security and Safeguarding Policies Do You Have in Place?

Find out where your database is stored, how it is stored and how often they back it up – the more often, the better so that no changes can be lost from your database if restoration is required. In the case of a breach to their own servers, find out what response plans they have in place to protect your data.  Find out what security policies they have in place within their organisation – how do they protect their own data and how do they meet regulatory and legislative requirements?  Who has access to client data, how do they handle authorisation and what happens when someone leaves? How do they share client information (email/phone) and where they do they store this information?

 How Can I Ensure Secure Access to my Event Management System?

All major event management systems manage access via username and password authentication.  However, you can also manage access using an external authentication service, which can restrict access for certain individuals to particular functions (e.g. abstract reviews) or particular events. Find out if your event tech provider can integrate your event management solution with a Single Sign-On (SSO) system. This will allow you to sign in using your company’s existing corporate authentication infrastructure – so passwords are never submitted to your event system and access can be controlled centrally by your organisation. If someone from your team leaves their job, then their access to all systems can be cut off from one place.

SSO improves security by giving you the choice to restrict event websites and registration to internal personnel or selected individuals or groups, effectively making them private. Only people chosen to view the event website or register for the event will be able to do so and invitations cannot be shared – useful if you have an internal awards event going on involving confidential company information.

Where is my Event Data Stored?

As mentioned above, this is something that should be outlined in the security policy of your event technology provider. It is worth noting, however, that if your event management software provider is storing your data in US-based datacentres and you deal with delegates from the EU, then you need to ensure that they comply with the newly announced Privacy Shield agreement. This replaces the old Safe Harbor agreement, which allowed US companies to legally transfer European citizens’ data to America, provided the location it was being sent to had the security and privacy conditions that met EU standards.

Read more: New EU/US Data Sharing Deal: What Event Planners Need to Know

If you are using a web-based system, find out the physical location of their cloud servers and whether or not they adhere to EU Data Protection regulations. Find out who has access to these servers and what kind of security procedures they have in place.

Do You Own My Data?

This is an important question as some event management technology companies have a legal right to use your data for their own marketing purposes, which means it’s highly likely that they store this data somewhere other than your company’s database on their client servers.  This increases the chance of breach so again, you need to find out what data protection policies they have within their own organisation, how they manage access to this data, what do they use it for and how long they keep it.

Are You PCI-DSS Compliant?

Our survey revealed that almost 50% of event planners who took payment from their delegates didn’t know if they were PCI-DSS compliant and a further 73% were unaware of the fines for non-compliance (ranging anywhere from $5,000 to $100,000).  If your events are set up to accept payments from delegates via credit or debit cards, then your organisation is obligated to achieving and maintaining compliance with the PCI Data Security Standard (more info here).  One way of simplifying compliance is to outsource the process to one of the many PCI-DSS-certified payment gateways that meet the required standards, such as Stripe, PayPal, Sage Pay and Worldpay, among others. However, make sure you understand from your event tech provider how these payment gateways interface with your event management/registration system. If your event website integrates with these gateways via an API, then you are still liable for PCI compliance since your servers capture and transmit the credit/debit card data first. Equally, if your event management system uses its own payment gateway or processes payments on your behalf, make sure that their systems have the correct level of compliance and that they are not permanently storing your delegate payment card data on their servers.

Read more: Top 5 Things to Think Abut When Dealing with APIs

What Security Precautions Do I Need to Take?

If your event management system is integrated with other third party systems (CRM, event apps, finance packages), your event management software provider may have issued you with an API key for any integrations.  Often used instead of usernames and passwords, the key allows your event app and other third party applications access to your event data, and vice-versa. Remember that anyone who has access to this key has access to your data – so you need to make sure it doesn’t get into the wrong hands.  You can minimise the risk of breach by asking your event tech provider to issue different API keys for different functions – for example, use one key to connect your system to the delegate section of your event app and another to connect it to the exhibitor section of your event app. Also, if you’re integrating with more than one system, ask for separate API keys for each integration (event app, CRM etc).  This way, if one of your API keys gets lost or exposed, you can revoke the key (which disables the integration) and set up a new one.  If you have one API key for all your integrations, then a data breach would lead to far more serious consequences for you and your organisation.

How Long Do You Keep My Data For?

In our survey, 54% of event planners said they use their event management systems as a permanent storage space for all their event data.  If you’re happy with your event tech provider’s data security policies, then keeping your data in the system after your event is complete is a good idea – especially if you don’t have adequate procedures to safeguard this data within your own organisation. Find out how long they keep this data on their servers, whether it is moved to other locations or servers and whether or not they delete it after a defined period of time.

Conclusion

Click to get in touchThere is no such thing as 100% security when it comes to safeguarding your data.  However, following best practices and taking the precautions outlined above can help you understand the risks involved and minimise the chances of a data breach.

To learn more about event technology security and how Eventsforce’s systems keep your data safe, read the related posts below or get in contact.

Written by Steve Baxter, CTO of Eventsforce

1 C&IT: Event Planners Don’t Understand Real Threat of Cyber Hacking

 

Delegate Card Payments & Security Compliance: Questions Answered

PCI COmplianceEnter registration details, make your payment and click submit.  It’s the kind of information most event websites ask for. But when your delegate makes a payment, how do we make sure their card details are kept safe? If your organisation is involved in storing, processing or transmitting any delegate cardholder data – manually or electronically – you need to comply with the Payment Card Industry Data Security Standard (PCI DSS).  And that means meeting tough standards that maximise your delegate’s payment card security – or face the prospect of fines.

Unfortunately, many organisations don’t bother thinking about PCI compliance until they are due to be audited, which at best, leaves them playing catch-up or at worst, means they fail because they haven’t met the requirements. A recent report by Verizon – which assessed more than 5,000 organisations across 30 countries – found that nearly 80% of all businesses failed their interim PCI compliance assessment. More importantly, lack of compliance was linked to data breaches: Of all the data breaches studied, not a single company was found to be fully PCI DSS-compliant at the time of breach. The study also found 69% of all consumers were less inclined to do business with a breached organisation1. So the stakes of non-compliance are pretty high.

Last month, Eventsforce conducted its own survey with senior event planners in the UK and the US to assess their understanding of delegate payments and PCI-DSS requirements. The results were quite surprising.  Nearly half of those surveyed didn’t know if they were PCI DSS compliant, with 84% not being able to identify compliance requirements and a further 73% unaware of the fines for non-compliance.

So what exactly is PCI-DSS and what do event planners need to know about it? Below are six of the most common questions we come across when discussing issues around delegate payments and data security.

What is PCI-DSS compliance?

If your events are set up to accept payments from delegates via credit or debit cards, then your organisation is obligated to achieving and maintaining compliance with the PCI Data Security Standard.  PCI DSS is an information security standard for any organisation handling credit card transactions from the major card schemes, including Visa, MasterCard, American Express, Discover and JCB.  The standard was created to increase controls around cardholder data to reduce credit card fraud. It has three basic components which include analysing IT systems for vulnerabilities; patching weaknesses and deleting unnecessarily stored data; and submitting compliance records to banks and card companies (a detailed description of all 12 requirements can be found here).

In the case of events, compliance would mean ensuring that no delegate payment card data is stored unless it is necessary to meet the needs of your event or business. This applies to all types of transactions – electronic (card payments through event website) or manual (card payments over the phone or on-site). If it is absolutely necessary for you to store this information, then you need to know what you can and can’t do. Sensitive data from the magnetic strip or chip, for example, may never be stored but other information such as card numbers (PAN), expiration dates, service codes or cardholder names may be stored if the correct encryption procedures have taken place to ensure data safety (more on this further down).

Isn’t This the Responsibility for My IT/Legal/Finance Department?

 Setting policies and procedures around compliance usually is the responsibility of these departments but adherence to these policies is a shared responsibility across any department dealing with delegate card payments – including the events team. In the case of any fraudulent activity involving the payment card of one of your delegates, a bank can easily trace it back to a PCI-related breach to your organisation and hold you responsible. There are considerable fines associated with non-compliance following a data compromise; these can range from ten to hundreds of thousands of pounds. Many non-compliant organisations have stopped trading because the fines could not be accommodated.

Do I Have to be PCI-DSS Compliant?

PCI-DSS compliance does not just apply to the storage of payment card data but also to the handling of data while it is processed or transmitted over networks or phone lines. While not storing credit card data does eliminate some compliance requirements, the majority of the controls dictated by the DSS remain in effect.

ID-100354956One way of simplifying compliance is to outsource the process to one of the many PCI-DSS-certified payment gateways that meet the required standards, such as Stripe, PayPal, Sage Pay and Worldpay, among others. This makes it possible for delegates to interact with the gateway software directly so that card information never hits your own servers. However, make sure you understand how these payment gateways interface with your event management/registration systems. If your event website integrates with these gateways via an API, then you are still liable for PCI compliance since your servers capture and transmit the credit/debit card data first.

Read more: Top 5 Things to Think About When Dealing with APIs

Do I Still Need to Consider it if my Payment Gateway is Compliant?

Yes, if you take delegate/attendee payments offline or over the phone. In our event data security survey, 49% of event planners said they take credit/debit card details from their attendees over the phone. This doesn’t help with PCI compliance unless the information is directly entered into the payment gateway system. Even then, are the card details written down somewhere first?  If so, do you dispose of the paper?  How is the paper disposed and when?  Do you email these details to anyone? These are all very important questions you and everyone else on your team need to be very aware of at all times. So make sure you have the correct policies in place and that your staff are trained to follow all necessary procedures that ensure compliance.

What if I do Need to Store Card Details for Some of my Events?

Our survey found that 11% of event planners ask their attendees to fill in card details within registration forms as a form of deposit on possible extras like transport, hotel rooms, dinners, and so on. Some payment gateways like Stripe have a good way of managing this without making your organisation subject to PCI-DSS regulations.  At a minimum, PCI DSS requires card numbers (PAN) to be unreadable anywhere they are stored (the first six and last four digits are the maximum number of digits that may be displayed).  However, as a general rule, it is not advisable to use registration forms to capture credit card details as it does increase the risk of breach.

What Are the Main Data Security Guidelines for PCI-DSS Compliance?

If you do have a legitimate business reason to store your delegate’s payment card data, it is important to understand what data elements PCI-DSS allows them to store and what measures they must take to protect that data. Below are some basic do’s and don’ts for data storage security:

Data Do’s:

  • DO understand where delegate card data flows for the entire payment transaction process – from initial registration until the completion of the event.
  • DO verify that your payment applications (including third-party applications like PayPal) are PCI-DSS compliant. Have clear access and password protection policies and remember, it is your responsibility that compliance is not just met but continuously maintained. Security exploits are non-stop and get stronger every day, which is why compliance efforts should be a continuous process.
  • DO retain cardholder data only if authorised and ensure it is protected
  • DO use strong cryptography to render unreadable cardholder data that you store, and use other security technologies to minimise the risk of exploits of criminals

Data Don’ts

  • DO NOT store cardholder data unless it’s absolutely necessary – delete all data as soon as you know that you no longer need it. Never print or email this information.
  • DO NOT store the 3-digit card validation code on the back of the payment card on paper or any digital format.
  • DO NOT store any payment card data in unprotected devices such as PCs, laptops or smart phones
  • DO NOT permit any unauthorised people to access stored cardholder data

Summary

Understanding and implementing all the requirements of PCI-DSS can seem daunting, especially for those without security or large IT departments.  However, PCI DSS mostly calls for good, basic security.  Even if you don’t have to be PCI-DSS compliant, the best practices we mentioned above are steps that any organisation running events would want to take anyway to protect sensitive delegate data.

Click to get in touch

For further advice and guidance on event card payment security, please contact our friendly team on 0207 785 6997 or fill in our enquiry form here.

1 80 Percent of Businesses Fail Interim PCI Compliance Assessment