Tag: data security

Event Planners – Look After Your Attendee Data or Face the Music

Posted on by Eventsforce

As an event planner, you will know how important the new EU General Data Protection Regulation (GDPR) has been in raising the issue of data security.  In fact, a 2018 industry found that more than 75% of event planners believe that the safekeeping of their attendee data will be a much bigger priority for them because of GDPR.  But why should event professionals start taking responsibility for data security and what are the things they need to do to minimise the risks of breach?

What Event Planners Need to Know About GDPR and Data Security

Remember that GDPR is all about protecting the rights of individuals over organisations. It is an important piece of legislation that ensures that organisations dealing with personal information (and the events industry is no exception here!) are doing so in a transparent and secure way – and always in the individual’s best interests.

We’re already starting to see how GDPR is changing the way companies market themselves. After Facebook’s recent data breach scandal with Cambridge Analytica, the social networking giant has run an extensive advertising campaign promoting its security credentials.  We’ve also seen others like Barclays and the NHS using radio ads and billboards to assure customers that the safety of their personal information is a priority for them as an organisation.  This is only the beginning.

Read: Is the Facebook Data Breach Scandal a Wake-Up Call for the Events Industry?

For meetings and events, there are three important reasons why data security is now more important under GDPR:

  • GDPR makes ‘Privacy by Design’ a legal requirement, which means privacy concerns and the security of attendee data should be a consideration from the offset of all your event planning activities – and not just an afterthought.
  • GDPR requires you to take responsibility on how your third-party data processors (hotels, venues, agencies and event tech suppliers) are also looking after your attendee data.
  • GDPR makes it compulsory to notify authorities within 72 hours of discovering a security breach – it is therefore important for event teams to understand what constitutes a breach and what they should do if data is compromised.

eBook: The Event Planner’s Guide to Data Security in a Post-GDPR World

You may think that the whole issue of data security is something that needs to be dealt with by your IT, legal and operations team.  But the reality is that there are many day to day things that you may be doing as an event planner that could easily put your organisation under serious risk of a breach. Things like sharing system passwords and emailing delegate lists.  Not briefing freelances properly, losing devices and using open Wi-Fi networks.   These are just some examples but there are many more.

A new eBook from Eventsforce titled, ‘The Event Planner’s Guide to Data Security in a Post-GDPR World’ investigates some of these common data security vulnerability areas for meetings and events and offers readers some practical advice on what they can do to look after their attendee data. It also provides some useful information on how to identify a data breach and what steps to take if attendee data does end up getting lost, stolen or compromised.

Event planners can also use the two checklists that are included within the eBook. One is for event team leaders and the other for individual team members, to ensure everyone follows the same processes when it comes to data protection and the safety of attendee data.

The eBook follows the publication of the ‘Event Planner’s Guide to GDPR Compliance’ which looked at the impact of the new legislation on things like event marketing, data management and event technology – along with some practical steps on how planners can prepare for the new GDPR requirements.

Conclusion

If there is one thing that GDPR has achieved it is that the ownership and responsibility for data protection and security now rests on everyone.

The volume of personal information we collect in our industry is staggering. And doing things that minimise the chances of this data getting into the wrong hands will give your attendees confidence that you are on the case and looking after them properly.

Doing this all the time will boost your reputation, generate more confidence and ultimately bring you more business.  After all, why would people want to work with organisations who are doing as little as possible to safeguard their personal information?

But it will, however, require a shift in thinking.  Some of the ways in which event planners operated in the past will need to be changed.  But those who embrace this change will be the ones who stand out.  By making data security a priority around their events, they will be able to show attendees that their organisation can be trusted with their most valuable asset – their personal information.

You can download the ‘Event Planner’s Guide to Data Security in a Post-GDPR World’ here.

Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help with data security and support the event planner’s journey to GDPR readiness. Get in touch by contacting one of our team members at gdpr@eventsforce.com.

 

 

 

 

Is Facebook Data Breach a Wake-Up Call for Events Industry?

Posted on by Eventsforce

The Facebook data scandal that’s unravelled this week is an important reminder to everyone in the events industry as to why GDPR is happening. The incident has shaken up people’s trust in the way organisations manage their personal information and highlighted the need for more tighter regulations around data protection.

Event planners should use this opportunity to learn from the mistakes made by both Facebook and Cambridge Analytica and think very carefully about how they’re going to look after the personal information of attendees in a post-GDPR world.

Download eBook: The Event Planner’s Guide to GDPR Compliance 

Why is Facebook in Trouble?

In 2014, Facebook invited users to find out their personality type via a quiz developed by a Cambridge University researcher. About 270,000 users’ data was collected, but the app also collected some public data from users’ friends. Facebook has since changed the amount of data developers can gather in this way, but a whistle-blower says the data of about 50 million people was harvested for political consultancy firm, Cambridge Analytica. He claims the firm used the data to psychologically profile people and influence voters on behalf of clients – including Donald Trump’s presidential campaign. Facebook says users’ data was obtained legitimately but Cambridge Analytica failed to delete it when told to do so. Meanwhile, Cambridge Analytica denies any wrongdoing – saying it did delete the data when told to by Facebook.

The repercussions of this incident so far?  Facebook has lost around $50 billion in its market value over two days and we’re now seeing the #DeleteFacebook campaign which is rapidly sweeping across the Internet, as people leave the site in protest again its use of data harvesting and manipulation. Advertisers are also now telling Facebook ‘enough is enough’ with news on the BBC emerging that the ISBA, a trade body which represents major UK advertisers, will meet Facebook this week saying if the company fails to provide assurances about the security of users’ data, advertisers may spend money elsewhere.

How is it Related to GDPR?

According to Reuters, privacy experts have said the data breach is a prime example of the kind of practices that GDPR is supposed to prevent or punish: “Had the Cambridge Analytica incident happened after GDPR becomes law on May 25, it would cost Facebook 4% of their global revenue,” said Austrian privacy campaigner and Facebook critic Max Schrems. Because a UK company was involved and because at least some of the people whose data was misused were almost certainly European, GDPR would have applied.

The maximum GDPR fine would come into play in an incident like this because of the number of users affected and what appears to have been inadequate monitoring of third-party data practices: “The fact of the matter is that Facebook lost control of the data and wasn’t adequately monitoring what third-parties were doing,” said Scott Vernick, partner and expert in privacy and data security at law firm, Fox Rothschild.

The article goes further to say that the firestorm has prompted a furious response from lawmakers on both sides of the Atlantic, raising the prospect of expanding GDPR’s approach to privacy protection regulations to other countries. Again, a warning for organisations of what may lay ahead once the new legislation comes into force.

Facebook founder, Mark Zuckerberg, has admitted that the social network ‘made mistakes’, apologising for the incident and admitting that a huge ‘breach of trust’ has occurred – but needless to say, damage is done.  People have lost confidence in Facebook and the way it manages their personal information.  And this is key when you look at why GDPR is happening in the first place.

GDPR is all about the protecting the rights of individuals over organisations.  And it’s happening because current legislations no longer meet the privacy needs of the connected world we live in today. We’re giving away our personal information freely to organisations without much thought into how they’re using it and how they’re keeping it safe from both theft and manipulation.  And this is exactly what GDPR wants to address: that organisations dealing with personal data (the events industry is no exception here) are doing so in a transparent and secure way – and always in the individuals best interests.

Ironically, Zuckerberg’s response to the incident reiterates the same thing: “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”

The Importance of Data Security in Events

GDPR will certainly change attitudes to individual rights when it comes to data protection – especially in events. It will also change the mindset of event planners when it comes to deciding what data they should collect from attendees, how they use that data for things like marketing campaigns and personalisation, and what they need to do to keep that data safe.

Did you know that a data breach is essentially what can get your events into a lot of trouble under GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.

In fact, the issue of data security in a post-GDPR world is hugely important for the events industry.  A survey by Eventsforce last month assessing the GDPR readiness of more than 120 event professionals found that 81% believe data security will be a bigger priority for their events after the May 2018 deadline. And yet surprisingly, only 30% have taken steps to update their data security practices or prepare for a data breach (both of which are key to compliance requirements).

Data security is also an important issue when assessing the GDPR readiness of technology providers that process personal data on behalf of events (ex. registration systems, mobile apps, surveys, networking tools). The survey, however, found that only 41% of event planners were confident that their systems met the new requirements.

As an event professional, you may think that the whole issue of data security is something that needs to be dealt with by your IT, legal and operations teams – but the reality is that there are many things event planners do today that can put their organisations at a serious risk of a data breach and non-compliance to the new GDPR requirements:

  • Emailing unsecure spreadsheets that contain personal attendee data
  • Not paying attention to the data freelancers and temp staff have access to
  • Leaving printed registration lists unattended on-site
  • Not reporting theft or loss of laptops and devices that contain personal information
  • Not changing system passwords often enough/sharing passwords with others

It is therefore more important than ever for event planners to understand what they should and shouldn’t do when it comes to collecting, processing and securing the personal information of attendees under GDPR.

What Should Event Planners Do?

Most event planners will follow their organisation’s own set of data security and protection policies when it comes to storing and sharing event data – from communication procedures to firewalls, encryption and anti-virus software.  However, it is important to take some additional steps that will help your events meet GDPR requirements and minimise the chances of data getting into the wrong hands:

1) Keep Your Data Safe

GDPR makes ‘Privacy by Design’ a legal requirement, which put simply means that privacy concerns should be a consideration from the offset in any event planning campaign – and not simply an afterthought. Data protection and processing safeguards must become part of the DNA of all the systems and processes you have in place. This will be a major shift in thinking for event planners and something they need to think about now, not later.

You need to think about risk factors and see how you can minimise them. For example, find out who has access to your event data, whether they need to have that access and what happens to that access when the event is over? You should also assess the kind of personal information you’re collecting in registration forms, apps and surveys around your events.  Do you need to ask your attendees all the demographic information you currently do? If you’re never going to use their phone numbers, then don’t ask the question. If you only need to verify they’re over 18, don’t ask for birth dates or passport details.  Don’t forget, the more personal data you hold, the higher your chances of risk.

Read: Infographic – How to Keep Your Event Data Safe

2) Assess Security Practices of Suppliers

Just like Facebook should have taken more adequate measures in monitoring what third-parties were doing with users’ personal data – event planners should look into how their event data is being managed by all the third-party suppliers they deal with around their events (tech vendors, staffing agencies, hotels, venues, event management agencies etc). Why? Because if in the course of an investigation, the authorities find that these parties have not been compliant, then the host organisation may also be liable too (even if they themselves were compliant).

Find out how suppliers like your registration software vendor are managing the data they’re processing on your behalf.  How are they using the personal information of people coming to your events, who has access to this data and where are they based?  How important is data security for them and do they follow best practices?  How long do they keep your data for and what procedures do they have in place to delete this data when you ask them to? What about their own suppliers and contractors who also have access to their data?  You need to ensure they can clearly explain what contractual and legal safeguards they have in place to look after your data at all times. Having the answers to these questions will protect you from any unpleasant surprises in the future.

Read: 5 questions to ask your event tech providers about GDPR compliance

3) Prepare for a Data Breach

Failing to report a data breach within 72 hours can result in crippling fines under GDPR – so ensuring that everyone on your events team has a good understanding of what constitutes a data breach (ex. Loss of iPad containing registration lists) and how to follow best practices is key to compliance. You also need to think about what processes you need to put in place once a breach has been identified, including how to report it within the three-day timeframe.

Conclusion

GDPR clearly presents some new challenges for event planners, but it also brings some big opportunities too. By focusing on the rights of individuals over organisations, the new regulation will help events become a lot more responsible in the way they manage the personal information of people coming to their events. Those that can show they’re dealing with personal information in a transparent and secure way and have respect for the privacy of individuals will succeed in building new levels of trust.  And given what we’ve seen this week, this will be key in deciding which organisations people choose to deal with in the future.

Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help with data security and support the event planner’s journey to GDPR readiness. Get in touch by contacting one of our team members at gdpr@eventsforce.com.

 

Top 8 Security Questions to Ask Your Event Technology Provider

Posted on by Eventsforce

Data SecurityMany of you have read the scandalous stories we saw in the headlines last year regarding major security breaches at companies like Talk Talk and the Ashley Madison dating site.  Cyber hackers raised their game with millions of people having had their private data stolen and national governments scrambling to combat the growing threat of cyber attacks. Now imagine your organization’s systems got hacked and exposed the personal details of the hundreds (or thousands) of delegates attending your events each year.  Doesn’t really bear thinking about, does it?

Events deal with highly sensitive customer information, including names, emails, telephone numbers, employment information, disabilities and other confidential details. The wealth of information we collect from our delegates is a gold mine for hackers.  Safeguarding this data is critical and more and more organizations are starting to see the importance of this issue. Our new data security survey found that 80% of event planners marked data security as a top priority for 2016.  Surprisingly, however, only 40% of them felt they had the adequate security policies in place across their organizations.   In fact, according to MPI members at last month’s MPI European Meetings & Events Conference, event planners were said to be lacking awareness on the topic of cyber security despite the global terrorism threat1.

So how do we address this issue?

Most event planners these days deal with some form of event registration technology that helps them manage all their event and delegate data.  The software captures, manages and stores a lot of the sensitive data we mentioned earlier – so it makes sense to start there. Have a look at the data security policies of your event tech provider.  Are you confident they have the right processes in place to safeguard your data? Are they doing everything they can to minimise the risk of breach?

Here are the top 8 data security questions you should be asking your event tech provider today:

How is my event data protected?

Maximum protection of your event data should probably be your event technology provider’s top priority.   You want to ensure that your event data is fully secure and protected by a comprehensive recovery system.  The first step in achieving this is the use of strong industry-standard encryption, like HTTPS and AES, which helps protect your data from prying eyes and can provide you with assurance that it hasn’t been modified in any way. Find out how your data is encrypted both at rest (when stored in servers) and in transit (when accessing data from your event management system over an Internet network).

What data security and safeguarding policies do you have in place?

Find out where your database is stored, how it is stored and how often they back it up – the more often, the better so that no changes can be lost from your database if restoration is required. In the case of a breach to their own servers, find out what response plans they have in place to protect your data.  Find out what security policies they have in place within their organization – how do they protect their own data and how do they meet regulatory and legislative requirements?  Who has access to client data, how do they handle authorization and what happens when someone leaves? How do they share client information (email/phone) and where they do they store this information?

 How can I ensure secure access to my event management system?

All major event management systems manage access via username and password authentication.  However, you can also manage access using an external authentication service, which can restrict access for certain individuals to particular functions (e.g. abstract reviews) or particular events. Find out if your event tech provider can integrate your event management solution with a Single Sign-On (SSO) system. This will allow you to sign in using your company’s existing corporate authentication infrastructure – so passwords are never submitted to your event system and access can be controlled centrally by your organisation. If someone from your team leaves their job, then their access to all systems can be cut off from one place.

SSO improves security by giving you the choice to restrict event websites and registration to internal personnel or selected individuals or groups, effectively making them private. Only people chosen to view the event website or register for the event will be able to do so and invitations cannot be shared – useful if you have an internal awards event going on involving confidential company information.

Where is my event data stored?

As mentioned above, this is something that should be outlined in the security policy of your event technology provider. It is worth noting, however, that if your event management software provider is storing your data in US-based datacenters and you deal with delegates from the EU, then you need to ensure that they comply with the newly announced Privacy Shield agreement. This replaces the old Safe Harbor agreement, which allowed US companies to legally transfer European citizens’ data to America, provided the location it was being sent to had the security and privacy conditions that met EU standards. If you are using a web-based system, find out the physical location of their cloud servers and whether or not they adhere to EU Data Protection regulations. Find out who has access to these servers and what kind of security procedures they have in place.

Do you own my data?

This is an important question as some event management technology companies have a legal right to use your data for their own marketing purposes, which means it’s highly likely that they store this data somewhere other than your company’s database on their client servers.  This increases the chance of breach so again, you need to find out what data protection policies they have within their own organization, how they manage access to this data, what do they use it for and how long they keep it.

Are you PCI-DSS compliant?

Our survey revealed that almost 50% of event planners who took payment from their delegates didn’t know if they were PCI-DSS compliant and a further 73% were unaware of the fines for non-compliance (ranging anywhere from $5,000 to $100,000).  If your events are set up to accept payments from delegates via credit or debit cards, then your organization is obligated to achieving and maintaining compliance with the PCI Data Security Standard (more info here).  

One way of simplifying compliance is to outsource the process to one of the many PCI-DSS-certified payment gateways that meet the required standards, such as Stripe, PayPal, Sage Pay and Worldpay, among others. However, make sure you understand from your event tech provider how these payment gateways interface with your event management/registration system. If your event website integrates with these gateways via an API, then you are still liable for PCI compliance since your servers capture and transmit the credit/debit card data first. Equally, if your event management system uses its own payment gateway or processes payments on your behalf, make sure that their systems have the correct level of compliance and that they are not permanently storing your delegate payment card data on their servers.

What security precautions do I need to take if my event management system is integrated with other third party systems (CRM, event apps, finance packages)?

Your event management software provider may have issued you with an API key for any integrations you may have between your event system and other third party systems such as your event app.  Often used instead of usernames and passwords, the key allows your event app and other third party applications access to your event data, and vice-versa. Remember that anyone who has access to this key has access to your data – so you need to make sure it doesn’t get into the wrong hands.  You can minimise the risk of breach by asking your event tech provider to issue different API keys for different functions – for example, use one key to connect your system to the delegate section of your event app and another to connect it to the exhibitor section of your event app. Also, if you’re integrating with more than one system, ask for separate API keys for each integration (event app, CRM etc).  This way, if one of your API keys gets lost or exposed, you can revoke the key (which disables the integration) and set up a new one.  If you have one API key for all your integrations, then a data breach would lead to far more serious consequences for you and your organization.

How long do you keep my data for?

In our survey, 54% of event planners said they use their event management systems as a permanent storage space for all their event data.  If you’re happy with your event tech provider’s data security policies, then keeping your data in the system after your event is complete is a good idea – especially if you don’t have adequate procedures to safeguard this data within your own organization. Find out how long they keep this data on their servers, whether it is moved to other locations or servers and whether or not they delete it after a defined period of time.

Conclusion

There is no such thing as 100% security when it comes to safeguarding your data.  However, following best practices and taking the precautions outlined above can help you understand the risks involved and minimise the chances of a data breach.

Written by Steve Baxter, CTO of Eventsforce

1 C&IT: Event Planners Don’t Understand Real Threat of Cyber Hacking

 

Eventsforce #Techsperts: Event Data Security and Integration Top Technology Priorities

Posted on by Eventsforce

Steve - B&WEach month, we highlight a ‘Techspert’ from our team and take a closer look at their
background and experience in the events industry. This month we’re focusing on our CTO Steve Baxter…

What is your area of expertise at Eventsforce?

I’m the Chief Technical Officer for Eventsforce. My team and I look after the technical side of the business – product development, operations, technical support, training and client services. My background is software design and engineering, but I love getting involved across the business to ensure we deliver great products and services. I first started working with Eventsforce as a consultant in 2012 – when I was asked to join as a director in 2014 I jumped at the chance!

Tell us a little about your background in the events industry

Before Eventsforce my experience of events was mostly as an attendee – I spent 15 years building software for life science research, and went to a lot of scientific conferences. The last 3 years have been an amazing learning experience, the variety and complexity of the events industry is beyond anything I had imagined. It makes life very interesting as a software engineer in this business!

What recent tech development do you think has impacted the industry the most?

Mobile technology is having a huge impact – the ability to access event information (and even manage an event) while on the move has been a massive shift. Event apps have a valuable role to play (particularly for offline content or “active” features such as push messaging), but as connectivity becomes more and more ubiquitous at events I think responsive websites and web apps that work brilliantly across a range of screen sizes from smartphones to desktops will become the norm.

What are your predictions for the future of event technology?

It’s all about the data. Whether you are a membership organisation running events for members, an event agency running events for clients or a corporate running events for employees or customers, you need to measure your event ROI and show how your events are contributing to your business goals. High data quality, cross-event reporting and integration with other parts of the organisation are key to that.

I also think data security will continue to be a big issue. 2014 saw a record number of vulnerability disclosures – Heartbleed and POODLE were two that were covered extensively in the media, but there were many more. So far there have been no breaches involving the event industry (or at least none that have been publicly reported), but it’s likely to be only a matter of time. Security hardening (to prevent breaches) and data segregation (to limit the loss when a breach happens) will become more and more important.

How to Use Technology to Effectively Manage Your Event Data

Posted on by Eventsforce

big-data-1667212_1920Technology is always pushing the boundaries on how we plan and run our events. And as the significance of event tech continues to grow, so does the importance of managing all the data we now get from these events.

george-siriusEvent data is incredibly valuable. The more we make of that data, the more valuable it becomes. And yet, managing all this data is one of the most complex issues that event planners are facing today, according to George Sirius, CEO of Eventsforce. He explains here in an interview with global hotel chain, NH Hotel Group, about the challenges and opportunities of data management in the events industry and the kind of technologies that are helping improve event experiences.

Today, there are a number of databases full of customer information generated through various types of events. How can we use this information to provide them with a more personalised event experience?

Personalisation is seen as one of the hottest trends in our industry with attendees increasingly expecting both the communication about an event and the live experience to be tailored to them in some way. Sophisticated data capture tools – from event registration systems and RFID to online surveys and event apps – are helping organisations collect and analyse valuable customer information to create more powerful and targeted events.

Read: How to Collect Valuable Data from Events

So let’s look at a registration system as an example. You can use the data in the system to collate a report on all the delegates that will be attending a particular session at your event.  You may share this list with all the other delegates attending that session to facilitate networking opportunities that are relevant to them.  But you can also do more. Break it down by company type, interests and goals and share the list with your session speaker.  He or she can then use this information to tweak the content of their presentation or personalise it with content or examples that are more relevant to the audience.

Although the legislation is different in each country, is it ethical to use customer contacts collected at an event for subsequent commercial actions? 

Only if the customer is aware and has given authorisation for such actions. Otherwise it is totally unethical.

How does the management of Big Data help to improve the preparation of an event? 

Organisations have different databases to capture different types of information – whether it’s events, sales, marketing, finance, memberships and so on.  All these systems have data in them that can help improve the preparation of an event – so it makes sense to pool them together.  For example, your CRM may have in-depth information on the customers that you want to invite to an upcoming event.  Having this information on hand can help with the personalisation and marketing efforts around your events.

Regarding to post event, how can we transform Big Data into Small Data, or useful information about our attendees or customers? 

There are many ways a customer can engage with an organisation.  For example, with associations, members may attend their events, watch their seminars, sign up to magazine subscriptions, publish papers, attend award events and so on.  Having all this data in one place can give associations clear insight on the kind of things their members are interested in and personalise their event experiences accordingly.

Thanks to technology, we get a lot more information. What technology is providing event planners with the kind of data that would have been difficult to get in the past?

Event apps have made the whole process of collecting data at events a whole lot easier – from facilitating live polls and Q&As to networking tools that can give insight on who your attendees are meeting with at your event. We also now have new tools like iBeacons which prompt your event app to perform a specific action when attendees come within a certain range of the beacon. It’s exciting because it gives event planners control over what they want their attendees to experience. Suppose you want feedback about the sessions and speakers at your event.  You can set up a beacon outside the room so that when people pass by it on their way out from a session, it will prompt the event app to open that session’s survey.

Data security is one of the concerns of the M&E industry. Is there anything that event planners can do to prevent the theft of personal data from their guests or customers? 

Data theft is a problem for any organisation that has valuable information to protect and the events industry is no exception – the amount of information collected from attendees is a goldmine for hackers. Eventsforce conducted a data security study with event planners earlier this year, and the results exposed a number of important vulnerability areas.

Email is one area of vulnerability. It is difficult to encrypt data in emails from end to end – so you should always think about what kind of information you are sharing on email. If you don’t need to email it, don’t. Regularly change the passwords to your event or registration systems and make sure you know who on your team has access to these systems.  Do not store your event data in any physical form (print or external hard drives, USB drives etc.) as this greatly increases the chance of it getting into the wrong hands. If you are, invest in secure cabinets, fit locking doors and ensure you have the proper mechanisms in place to dispose of this data if you need to.

At your events, don’t leave your registration lists, laptops and smart phones unattended and make sure that data on your screens is not visible to unauthorised users.  Be cautious when discussing details over the phone and avoid discussing sensitive information in public areas where you can be overheard.

What are the next challenges or trends that event management software companies face for the next future? 

One of the most important technology trends in the events industry today is data integration. Over the last few years, event planners have done some great things by integrating (or connecting) their event data with payment gateways, check-in solutions and more recently, event apps. However, what is really starting to gain ground is the integration of event management solutions with other business systems – from CRM and finance to marketing and membership solutions.

Want to save time and money and do more with your event data?  Explore new opportunities with this new FREE eBook from Event Industry News and Eventsforce that provides event planners with everything they need to know about event data integration.

Having the ability to automatically share information between your Event Management Solution (EMS) and other business systems can bring a host of benefits:

  • Reduce the endless hours your organization spends replicating data from one system to another.
  • Eliminate security risks associated with email communications and having printed documents lying around.
  • Improve productivity by spending less time on admin tasks and focusing your team’s efforts on other aspects of the event.
  • Deal with accurate data – less errors and inconsistencies that commonly cause problems in communications.
  • Make critical information around your events readily available to the right people, at the right time.

You can read the full interview with NH Hotel Group here.

Want to be a tech savvy event planner?  Subscribe to our weekly EventTech Talk newsletter for the latest technology trends, discussions ad debates shaping our industry today.

 

 

 

 

Infographic: How to Keep Your Event Data Safe

Posted on by Eventsforce

infographic-imageData theft is a problem for any organization that has valuable information to protect and the events industry is no exception – let’s face it, the amount of information we collect from visitors and attendees is a potential goldmine for hackers.  Keeping this data safe should be one of the event planner’s top priorities but are we doing enough?

The Rising Risk of Cyberattacks

Last month, hackers really upped their game by using internet-connected home devices, such as CCTV cameras and printers, to attack popular websites like Twitter and Spotify. We also saw how 500 million Yahoo user accounts also got compromised – with stolen data including things like usernames, email addresses, telephone numbers, dates of birth and encrypted passwords. The truth is that just about every week a major cyber-security event gets talked about in public – and there are many more that don’t.  And the fact that none of them seem to involve the events industry is no reason to sit back and not think about it.

Here is another worrying fact: Most companies sit on cybersecurity breaches for weeks before they’re discovered – while they take hackers only minutes to perpetrate. In 93% of cases where data was stolen, systems were compromised in minutes or less, according to Verizon’s 2016 Data Breach Investigations Report.  But in over 80% of cases, victims didn’t find the breach for weeks or more. The report states that criminals are getting better and faster, yet the defending side is struggling to keep up.

But the threat is not just limited to cyberattacks.  The report found that what was even more pervasive was the effect of physical theft of sensitive paperwork from desks or cars, insiders stealing data for financial gain, and mistakes like sending sensitive information to the wrong person. In fact, one article from Information Week stated that over 40% of data loss is the direct result of internal threats which come about from staff mishandling data – whether intentional or unintentional.

What Has Our Research Found?

Eventsforce conducted its own data security study this year, which exposed a number of important vulnerability areas that event planners should be paying greater attention to – including email communications and managing event system passwords to where and how you should be storing your event data.

Have a look at the infographic below which outlines six preventative tactics that greatly improve the security around your event data:

infographic_how-to-keep-your-event-data-safe

Eventsforce solutions offer event planners a comprehensive range of event planning tools that are highly secure and can be integrated seamlessly with multiple payment gateways and back end business systems.  Find out here how the Liberal Democrats are working with Eventsforce to manage security vetting around its party conferences.

Click to get in touchSources:

Information Week: Insider Threats: 10 Ways to Protect Your Data

CNBC: Most hacks take minutes to do – and weeks to discover

BBC:  Smart home devices used as weapons in website attack

 

5 Easy Ways of Securing Your Event Data

Posted on by Eventsforce

Untitled design (17)Data security is increasingly becoming top of mind and making headlines as it continues to impact businesses around the world. Just about every week, there is a fairly major cyber-security event that gets talked about in public – and there are many more that don’t get talked about. It is a major problem for any organisation that has valuable information to protect (which means most companies these days) – especially for those involved in the world of events.

We have talked a lot about the issue in the last couple of months, addressing things like the kind of data security questions you should be asking your event management solution provider and some of the considerations you need to take when dealing with delegate card payments.  Most event planners will also be following their own organisation’s security policies when it comes to storing and sharing event data – from communication procedures to firewalls, encryption and anti-virus software.

However, while IT focuses on outside threats, there is also an element of risk lurking from within.  Over 40% of data loss1 is the direct result of internal threats which come about from staff mishandling data – whether intentional or unintentional. In fact, our event data security study exposed a number of important vulnerability areas – like staff password hygiene, email communications and data storage –  that event planners should be putting greater attention in order to prevent data from getting into the wrong hands.

Have a look at the following best practice guidelines that can greatly improve security around your event and delegate data:

Don’t Put Anything in Email That You Wouldn’t Put on a Postcard

ID-100354956Email communications is one area of vulnerability. Our study found that 65% of respondents emailed their event data (attendance reports, registration lists, invoice reports) to third parties or other departments within their organisation after downloading the information from the event management systems. Another 36% admitted to having emailed their API key – a form of authentication that allows third party systems like event apps to access data saved in your event management systems.

The truth is that it is difficult and cumbersome to encrypt data in emails from end to end – so you should always think about what you are sharing on email.  Check before sending that you have the right recipients and encrypt data within if necessary. If you don’t need to email it, don’t.  For example, when confirming registration details with your delegates, don’t include all their details within the body of the email but instead, include a personalised link that will lead them directly to their registration page on your event website. Equally, never email your event system API key(s) to ANYONE as this could expose your data to anyone who has access to this key.  If you need to share it, do so over the phone.

Be Smart About Your Passwords

Data SecurityMore than 500 million records of login names, passwords and other ID information went astray in the last 12 months, according to a report this week by security firm, Symantec2. It sounds pretty obvious but you would be surprised with the number of people that ignore the importance of passwords. Our survey found that over 80% of event planners don’t change their event management system passwords as often as they should (less than once a year). Another 33% claim to have shared their passwords with other people.  This widely increases the risk of breach and makes it difficult to accurately identify who has access to the system at any given point in time.

Using strong passwords, NOT sharing them and changing them once every three months can greatly improve security around your event data.   The problem is that the human brain can only remember so many passwords, not to mention we’re actually really bad at picking good ones. So, too often we just reuse passwords across multiple sites. This is an issue because so many of us use the same password for our work and personal accounts like Facebook, Google and online banking.  Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for words or letters. For example, “I want to see the Eiffel Tower” could become 1W2CtEt.

Another solution is to use a password manager, a software tool for computers and mobile devices, which will pick random, long passwords for each site you visit, and synchronise them across your many devices. Two popular password managers are 1Password and LastPass.  You can also use a Single Sign-On (SSO) system, which allows you to control access to your event management software using your authentication servers (e.g. Microsoft Active Directory) – so passwords are never submitted to your event system and access can be controlled centrally by your organisation. If someone from your team leaves their job, then their access to all systems can be cut off from one place.

Share Only What is Necessary

The study also revealed that an overwhelming 89% of event planners downloaded the data in their event management systems to external spreadsheets, with a further 81% sharing it with colleagues and other departments by printing or email.  As well as following your organisation’s policies on how to securely share and dispose of data, you can also reduce security risks by integrating your event management system with some of your other back end systems like finance, CRM and marketing.  The integration will allow for automatic updates on both systems whenever you need to make any changes, eliminating the need to download, print or email event data to other departments within your organisation.

For example, integration with your company’s finance system will allow you to automatically update delegate payment details into your finance system and vice versa without the need for printing and emailing reports and manually transferring them from one system to another. Event invoices, credit notes and received payments can be all be generated and sent from either system. This saves time and more importantly, vastly reduces the security risks associated with email communications and having printed documents lying around.

Know Your Personal Vs. ‘Sensitive’ Personal Delegate Data

Our study found that there was some confusion differentiating personal and ‘sensitive’ delegate data.  Personal information can include things like names, addresses and phone numbers.  However, sensitive data is any information relating to the delegate’s racial origin, political opinion, religious beliefs or mental and physical well-being.   The survey found that 40% of event planners didn’t think race and religion was considered as sensitive and only 26% thought dietary requirements (which may indicate religious inclinations) as sensitive.

Why is this important? EU Data Protection regulations require extra security measures when dealing with ‘sensitive’ delegate data – as this information could be used in a discriminatory way and is likely to be of a private nature.  Most registration forms will have a question asking delegates if they have any additional requirements.  This may include things like dietary requirements or the need for wheelchair assistance. Storing this ‘sensitive’ data means you must comply with the Data Protection Act from the moment you obtain the data until the time when the data has been deleted, overwritten or securely destroyed (e.g. shredding, incineration or pulping).

Don’t Forget About ‘Offline’ Security

As a general rule, try not to store any of your event data in any physical form (print or external hard drives, USB drives etc.) as this greatly increases the chance of it getting into the wrong hands.  If you are, invest in secure cabinets, fit locking doors and ensure you have the proper mechanisms in place to dispose of this data if you need to.  At your events, don’t leave your registration lists, laptops and smart phones unattended and ensure that event data on your screens are not visible to unauthorised users.  Be cautious when discussing details over the phone and avoid discussing sensitive information in public areas where you can be overheard.

Lastly, make sure your employees understand how important your event data is and all the measures they can take to protect it. Encourage security awareness among your staff, training them not to leave sensitive material lying around and to operate a clear desk policy – both at the office and at your events.  The ultimate goal is for everyone, at every level, to believe that data security is critical, understand the policies and procedures for achieving a secure environment and ensuring these are followed every day.

Written by Steve Baxter, CTO of Eventsforce

1 Information Week: Insider Threats: 10 Ways to Protect Your Data

2 BBC News: Security snapshot reveals massive personal data loss