Tag: PCO

Top 8 Security Questions to Ask Your Event Technology Provider

Data Security

 

 

 

 

 

 

 

 

 

 

 

Many of you have read the scandalous stories we saw in the headlines last year regarding major security breaches at companies like Talk Talk and the Ashley Madison dating site.  Cyber hackers raised their game with millions of people having had their private data stolen and national governments scrambling to combat the growing threat of cyber-attacks. Now imagine your organisation’s systems got hacked and exposed the personal details of the hundreds (or thousands) of delegates attending your events each year.  Doesn’t really bear thinking about, does it?

Events deal with highly sensitive customer information, including names, emails, telephone numbers, employment information, disabilities and other confidential details. The wealth of information we collect from our delegates is a gold mine for hackers.  Safeguarding this data is critical and more and more organisations are starting to see the importance of this issue. Our new data security survey found that 80% of event planners marked data security as a top priority for 2016.  Surprisingly, however, only 40% of them felt they had the adequate security policies in place across their organisations.   In fact, according to MPI members at last month’s MPI European Meetings & Events Conference, event planners were said to be lacking awareness on the topic of cyber security despite the global terrorism threat1.

So how do we address this issue of event technology security?

Most event planners these days deal with some form of event registration technology that helps them manage all their event and delegate data.  The software captures, manages and stores a lot of the sensitive data we mentioned earlier – so it makes sense to start there. Have a look at the data security policies of your event tech provider.  Are you confident they have the right processes in place to safeguard your data? Are they doing everything they can to minimise the risk of breach?

Here are the top 8 data security questions you should be asking your event tech provider today:

How is My Event Data Protected?

Maximum protection of your event data should probably be your event technology provider’s top priority.   You want to ensure that your event data is fully secure and protected by a comprehensive recovery system.  The first step in achieving this is the use of strong industry-standard encryption, like HTTPS and AES, which helps protect your data from prying eyes and can provide you with assurance that it hasn’t been modified in any way. Find out how your data is encrypted both at rest (when stored in servers) and in transit (when accessing data from your event management system over an Internet network). ID-100354956

What Data Security and Safeguarding Policies Do You Have in Place?

Find out where your database is stored, how it is stored and how often they back it up – the more often, the better so that no changes can be lost from your database if restoration is required. In the case of a breach to their own servers, find out what response plans they have in place to protect your data.  Find out what security policies they have in place within their organisation – how do they protect their own data and how do they meet regulatory and legislative requirements?  Who has access to client data, how do they handle authorisation and what happens when someone leaves? How do they share client information (email/phone) and where they do they store this information?

 How Can I Ensure Secure Access to my Event Management System?

All major event management systems manage access via username and password authentication.  However, you can also manage access using an external authentication service, which can restrict access for certain individuals to particular functions (e.g. abstract reviews) or particular events. Find out if your event tech provider can integrate your event management solution with a Single Sign-On (SSO) system. This will allow you to sign in using your company’s existing corporate authentication infrastructure – so passwords are never submitted to your event system and access can be controlled centrally by your organisation. If someone from your team leaves their job, then their access to all systems can be cut off from one place.

SSO improves security by giving you the choice to restrict event websites and registration to internal personnel or selected individuals or groups, effectively making them private. Only people chosen to view the event website or register for the event will be able to do so and invitations cannot be shared – useful if you have an internal awards event going on involving confidential company information.

Where is my Event Data Stored?

As mentioned above, this is something that should be outlined in the security policy of your event technology provider. It is worth noting, however, that if your event management software provider is storing your data in US-based datacentres and you deal with delegates from the EU, then you need to ensure that they comply with the newly announced Privacy Shield agreement. This replaces the old Safe Harbor agreement, which allowed US companies to legally transfer European citizens’ data to America, provided the location it was being sent to had the security and privacy conditions that met EU standards.

Read more: New EU/US Data Sharing Deal: What Event Planners Need to Know

If you are using a web-based system, find out the physical location of their cloud servers and whether or not they adhere to EU Data Protection regulations. Find out who has access to these servers and what kind of security procedures they have in place.

Do You Own My Data?

This is an important question as some event management technology companies have a legal right to use your data for their own marketing purposes, which means it’s highly likely that they store this data somewhere other than your company’s database on their client servers.  This increases the chance of breach so again, you need to find out what data protection policies they have within their own organisation, how they manage access to this data, what do they use it for and how long they keep it.

Are You PCI-DSS Compliant?

Our survey revealed that almost 50% of event planners who took payment from their delegates didn’t know if they were PCI-DSS compliant and a further 73% were unaware of the fines for non-compliance (ranging anywhere from $5,000 to $100,000).  If your events are set up to accept payments from delegates via credit or debit cards, then your organisation is obligated to achieving and maintaining compliance with the PCI Data Security Standard (more info here).  One way of simplifying compliance is to outsource the process to one of the many PCI-DSS-certified payment gateways that meet the required standards, such as Stripe, PayPal, Sage Pay and Worldpay, among others. However, make sure you understand from your event tech provider how these payment gateways interface with your event management/registration system. If your event website integrates with these gateways via an API, then you are still liable for PCI compliance since your servers capture and transmit the credit/debit card data first. Equally, if your event management system uses its own payment gateway or processes payments on your behalf, make sure that their systems have the correct level of compliance and that they are not permanently storing your delegate payment card data on their servers.

Read more: Top 5 Things to Think Abut When Dealing with APIs

What Security Precautions Do I Need to Take?

If your event management system is integrated with other third party systems (CRM, event apps, finance packages), your event management software provider may have issued you with an API key for any integrations.  Often used instead of usernames and passwords, the key allows your event app and other third party applications access to your event data, and vice-versa. Remember that anyone who has access to this key has access to your data – so you need to make sure it doesn’t get into the wrong hands.  You can minimise the risk of breach by asking your event tech provider to issue different API keys for different functions – for example, use one key to connect your system to the delegate section of your event app and another to connect it to the exhibitor section of your event app. Also, if you’re integrating with more than one system, ask for separate API keys for each integration (event app, CRM etc).  This way, if one of your API keys gets lost or exposed, you can revoke the key (which disables the integration) and set up a new one.  If you have one API key for all your integrations, then a data breach would lead to far more serious consequences for you and your organisation.

How Long Do You Keep My Data For?

In our survey, 54% of event planners said they use their event management systems as a permanent storage space for all their event data.  If you’re happy with your event tech provider’s data security policies, then keeping your data in the system after your event is complete is a good idea – especially if you don’t have adequate procedures to safeguard this data within your own organisation. Find out how long they keep this data on their servers, whether it is moved to other locations or servers and whether or not they delete it after a defined period of time.

Conclusion

Click to get in touchThere is no such thing as 100% security when it comes to safeguarding your data.  However, following best practices and taking the precautions outlined above can help you understand the risks involved and minimise the chances of a data breach.

To learn more about event technology security and how Eventsforce’s systems keep your data safe, read the related posts below or get in contact.

Written by Steve Baxter, CTO of Eventsforce

1 C&IT: Event Planners Don’t Understand Real Threat of Cyber Hacking

 

Delegate Card Payments & Security Compliance: Questions Answered

PCI COmplianceEnter registration details, make your payment and click submit.  It’s the kind of information most event websites ask for. But when your delegate makes a payment, how do we make sure their card details are kept safe? If your organisation is involved in storing, processing or transmitting any delegate cardholder data – manually or electronically – you need to comply with the Payment Card Industry Data Security Standard (PCI DSS).  And that means meeting tough standards that maximise your delegate’s payment card security – or face the prospect of fines.

Unfortunately, many organisations don’t bother thinking about PCI compliance until they are due to be audited, which at best, leaves them playing catch-up or at worst, means they fail because they haven’t met the requirements. A recent report by Verizon – which assessed more than 5,000 organisations across 30 countries – found that nearly 80% of all businesses failed their interim PCI compliance assessment. More importantly, lack of compliance was linked to data breaches: Of all the data breaches studied, not a single company was found to be fully PCI DSS-compliant at the time of breach. The study also found 69% of all consumers were less inclined to do business with a breached organisation1. So the stakes of non-compliance are pretty high.

Last month, Eventsforce conducted its own survey with senior event planners in the UK and the US to assess their understanding of delegate payments and PCI-DSS requirements. The results were quite surprising.  Nearly half of those surveyed didn’t know if they were PCI DSS compliant, with 84% not being able to identify compliance requirements and a further 73% unaware of the fines for non-compliance.

So what exactly is PCI-DSS and what do event planners need to know about it? Below are six of the most common questions we come across when discussing issues around delegate payments and data security.

What is PCI-DSS compliance?

If your events are set up to accept payments from delegates via credit or debit cards, then your organisation is obligated to achieving and maintaining compliance with the PCI Data Security Standard.  PCI DSS is an information security standard for any organisation handling credit card transactions from the major card schemes, including Visa, MasterCard, American Express, Discover and JCB.  The standard was created to increase controls around cardholder data to reduce credit card fraud. It has three basic components which include analysing IT systems for vulnerabilities; patching weaknesses and deleting unnecessarily stored data; and submitting compliance records to banks and card companies (a detailed description of all 12 requirements can be found here).

In the case of events, compliance would mean ensuring that no delegate payment card data is stored unless it is necessary to meet the needs of your event or business. This applies to all types of transactions – electronic (card payments through event website) or manual (card payments over the phone or on-site). If it is absolutely necessary for you to store this information, then you need to know what you can and can’t do. Sensitive data from the magnetic strip or chip, for example, may never be stored but other information such as card numbers (PAN), expiration dates, service codes or cardholder names may be stored if the correct encryption procedures have taken place to ensure data safety (more on this further down).

Isn’t This the Responsibility for My IT/Legal/Finance Department?

 Setting policies and procedures around compliance usually is the responsibility of these departments but adherence to these policies is a shared responsibility across any department dealing with delegate card payments – including the events team. In the case of any fraudulent activity involving the payment card of one of your delegates, a bank can easily trace it back to a PCI-related breach to your organisation and hold you responsible. There are considerable fines associated with non-compliance following a data compromise; these can range from ten to hundreds of thousands of pounds. Many non-compliant organisations have stopped trading because the fines could not be accommodated.

Do I Have to be PCI-DSS Compliant?

PCI-DSS compliance does not just apply to the storage of payment card data but also to the handling of data while it is processed or transmitted over networks or phone lines. While not storing credit card data does eliminate some compliance requirements, the majority of the controls dictated by the DSS remain in effect.

ID-100354956One way of simplifying compliance is to outsource the process to one of the many PCI-DSS-certified payment gateways that meet the required standards, such as Stripe, PayPal, Sage Pay and Worldpay, among others. This makes it possible for delegates to interact with the gateway software directly so that card information never hits your own servers. However, make sure you understand how these payment gateways interface with your event management/registration systems. If your event website integrates with these gateways via an API, then you are still liable for PCI compliance since your servers capture and transmit the credit/debit card data first.

Read more: Top 5 Things to Think About When Dealing with APIs

Do I Still Need to Consider it if my Payment Gateway is Compliant?

Yes, if you take delegate/attendee payments offline or over the phone. In our event data security survey, 49% of event planners said they take credit/debit card details from their attendees over the phone. This doesn’t help with PCI compliance unless the information is directly entered into the payment gateway system. Even then, are the card details written down somewhere first?  If so, do you dispose of the paper?  How is the paper disposed and when?  Do you email these details to anyone? These are all very important questions you and everyone else on your team need to be very aware of at all times. So make sure you have the correct policies in place and that your staff are trained to follow all necessary procedures that ensure compliance.

What if I do Need to Store Card Details for Some of my Events?

Our survey found that 11% of event planners ask their attendees to fill in card details within registration forms as a form of deposit on possible extras like transport, hotel rooms, dinners, and so on. Some payment gateways like Stripe have a good way of managing this without making your organisation subject to PCI-DSS regulations.  At a minimum, PCI DSS requires card numbers (PAN) to be unreadable anywhere they are stored (the first six and last four digits are the maximum number of digits that may be displayed).  However, as a general rule, it is not advisable to use registration forms to capture credit card details as it does increase the risk of breach.

What Are the Main Data Security Guidelines for PCI-DSS Compliance?

If you do have a legitimate business reason to store your delegate’s payment card data, it is important to understand what data elements PCI-DSS allows them to store and what measures they must take to protect that data. Below are some basic do’s and don’ts for data storage security:

Data Do’s:

  • DO understand where delegate card data flows for the entire payment transaction process – from initial registration until the completion of the event.
  • DO verify that your payment applications (including third-party applications like PayPal) are PCI-DSS compliant. Have clear access and password protection policies and remember, it is your responsibility that compliance is not just met but continuously maintained. Security exploits are non-stop and get stronger every day, which is why compliance efforts should be a continuous process.
  • DO retain cardholder data only if authorised and ensure it is protected
  • DO use strong cryptography to render unreadable cardholder data that you store, and use other security technologies to minimise the risk of exploits of criminals

Data Don’ts

  • DO NOT store cardholder data unless it’s absolutely necessary – delete all data as soon as you know that you no longer need it. Never print or email this information.
  • DO NOT store the 3-digit card validation code on the back of the payment card on paper or any digital format.
  • DO NOT store any payment card data in unprotected devices such as PCs, laptops or smart phones
  • DO NOT permit any unauthorised people to access stored cardholder data

Summary

Understanding and implementing all the requirements of PCI-DSS can seem daunting, especially for those without security or large IT departments.  However, PCI DSS mostly calls for good, basic security.  Even if you don’t have to be PCI-DSS compliant, the best practices we mentioned above are steps that any organisation running events would want to take anyway to protect sensitive delegate data.

Click to get in touch

For further advice and guidance on event card payment security, please contact our friendly team on 0207 785 6997 or fill in our enquiry form here.

1 80 Percent of Businesses Fail Interim PCI Compliance Assessment

INFOGRAPHIC: How Safe Is Your Event Data?

There have been a number of high-profile data breaches over the last year and though there have been no major incidents involving the events industry, it is definitely something we need to prepare ourselves for.  Events deal with highly sensitive customer information, including names, emails, telephone numbers, employment information, disabilities and so on.  Ensuring this data is kept in a safe place is critical not just for delegates, but for any organisation storing this information.

Last month, we conducted a survey with event planners in the UK and the US to highlight some important trends around this issue.  The results have been very insightful.

The study, which was conducted across 50 organisations in the UK and the US, revealed that 80% of event planners marked data security as a top priority for 2016 yet only 40% felt they had the adequate security policies in place across their organisations.

The survey exposes key areas – like password hygiene, delegate payments and regulatory compliance – where event planners need to put greater attention to in order to prevent data from getting into the wrong hands. For example: The survey found that 81% of event planners do not change the passwords to their event management systems as often as they should (less than once a year) and a further 33% claim to have shared their passwords with other people.  This increases the risk of a breach and makes it difficult to accurately identify who has access to the system at any given point in time.

For a more comprehensive look at these insights and some of the other findings from the Eventsforce ‘How Safe Is Your Event Data’ survey, please download the infographic below:

Infographic_How safe is your event data JPG FINAL

 

Infographic: The ROI of Event Data Integration

We have talked a lot about data integration (Why is Data Integration So Important for Your Events) and APIs (Top 5 Things to Think About When Dealing with APIs) over the last few weeks.  It is a topic that is hotly debated across the events industry as more and more organisations try to find new ways of increasing the ROI of their event technology investments.

Integrating your event management software with other business systems within your organisation can bring a host of benefits. It can save you time by reducing manual data entry. It can eliminate errors and inconsistencies that commonly cause problems in communications.  It can cut costs and make your team more productive – and more importantly, it can unlock the true value of your event data by putting it in the hands of the people who need it.

So how does it work and what does an integrated system look like?  For a quick overview on some of the key integrations that make sense for your events, have a look at the infographic below (or click here to download):

New EU/US Data Sharing Deal: What Event Planners Need to Know

Untitled design (5)Last week, the EU and the US finally struck a new deal on data sharing designed to protect EU citizens’ data when transferred across the Atlantic. The so-called ‘Privacy Shield’ deal replaces the ‘Safe Harbor’ agreement that stood for more than 15 years before being struck down by a court last October. The decision left thousands of businesses – especially those reliant on the cloud – scrambling to figure out how to legally operate data transfers, while US and EU regulators spent the last three months hammering out the terms of Privacy Shield. But there are already questions being raised about the new agreement.  The language used in the official announcement is woolly at best and there are fears that the deal has a number of flaws which can raise further legal challenges in the future[1].

So how is this relevant to the events industry?  Events deal with highly sensitive delegate information – from names, addresses and employment information to things like gender, disabilities and dietary preferences.  Up until last year, the pact made it relatively easy for any company hosting events to legally store EU delegate information in US data centres.  However, with the absence of Safe Harbor and a general lack of certainty around the new deal, there is still little to prevent European Data Protection Agencies from taking enforcement actions against companies suspecting of breaching European law.  Storing EU delegate data in the US can still put organisations at risk.

What Was Safe Harbor?

The Safe Harbor agreement allowed US companies to transfer European citizens’ data to America, provided the location it was being sent to had the privacy conditions that met EU standards. It was first put in place in 2000, because the US does not have one single federal law regulating data storage. Its constitution does offer some protection to US citizen data, but it provides no assurances for foreign citizens.  It is an important agreement for thousands of companies operating in Europe.

Why Was the Agreement Ruled ‘Invalid’?

When former National Security Agency (NSA) contractor, Edward Snowden, made revelations in 2013 about the US surveillance system, an Austrian student filed a complaint against Facebook to the Irish data protection authority. He claimed Snowden’s claims confirmed that Facebook wasn’t sufficiently protecting user data as the NSA was carrying out mass surveillance on technology companies. The case went all the way up to EU’s top court, which in October 2015 said that the Safe Harbor agreement was no longer valid because US public authorities were able to access EU citizen data and individuals had no means of getting any compensation for any misused data.  Since then, the US and EU have had to renegotiate a new data sharing agreement that allows data flows across the Atlantic to continue without breaking the law.

How is New Deal Different?

Under the terms of the new deal – which are still being negotiated – the US will give an annual written commitment that it won’t indulge in mass surveillance of EU citizens, and this will be audited by both sides once a year. US companies wishing to import EU citizens’ data must also give robust obligations on how personal data is processed, and comply to the same standards as European data protection laws. But there are already fears that the deal may be too broad for some to swallow. Ashley Winton, UK Head of data protection and privacy at lawyers, Paul Hasting LLP said: “The results of months’ worth of negotiation appears weak, and if adopted we are likely to see further legal challenge in the European courts” [2].

Why Is This Data-Sharing Deal So Important for Your Events?

If you are hosting events in Europe, find out where your delegate data is being stored – if you don’t already know. If it’s within the EU, then you shouldn’t have any concerns.  If it is in a US data centre, you need to make sure that you have the correct mechanisms and methods in place to legally transfer data to the US from Europe.   This not only applies to the data you store within your organisation but more importantly, the third-party IT systems that also have access to your event and delegate data. This includes vendors that supply you with registration systems and event apps to business systems like CRM and finance packages that may be integrated with your event management software.

Find out exactly how these organisations are safeguarding your delegate data and keeping it private. Find out where they are storing your data – especially from those US-based companies who are heavily reliant on the cloud.  There are many cloud providers which operate solely within the bounds of the European Union, but there are many out there who operate through their large data centres in the US – which would mean the new ‘Privacy Shield’ deal applies to them. Find out the physical location of their cloud servers. Find out if they contract their support services outside the EU.  Find out who has access to your delegate data, and what kind of security policies they have in place. Find out if your data is encrypted and whether or not they adhere to EU Data Protection regulations.  Solutions could involve drafting new contractual agreements with delegates, encrypting US servers and building EU-based servers and support centres.

The Road Ahead

The uncertainty around the new deal may still mean that the movement of data from the EU to the US can become a legal matter if EU delegates have grounds to believe their consent for data storage and usage has not been agreed. Companies may be able to transfer data if they have free and informed consent of users and this gives event planners another thing to think about before moving their data outside the EU.

Click to get in touchAs the terms of the new, safer ‘Safe Harbor’ get ratified by EU members, the current legal limbo may close up soon enough. Last month, the US passed the Judicial Redress Act – a necessary step to achieving the new deal – which provides a path for EU citizens to sue over privacy complaints in the US.  However, it also passed a last minute Republican amendment that provides for an exception on national security grounds – which undermines the entire point of the whole measure. So as it stands, there are still no guaranteed assurances for businesses wanting to export data from Europe to the US right now.  What we can be sure of is that the ending of Safe Harbor and the announcement of Privacy Shield should pave the way for a new era in transparency from companies on how they use customer information and how we define data ownership.

Written by Steve Baxter, CTO, Eventsforce

[1]The Register: Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal (includes comments from former Gartner Vice President, French Caldwell)

[2]The Register: Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal

Source: CNBC ‘US and EU in data privacy clash: what you need to know’

Event Technology: How to Increase Adoption Across Your Whole Organisation

shutterstock_79727680New technology solutions that provide better ways for people to collaborate are constantly emerging and you may want to invest in a new solution for your organisation. However, the adoption of new technology can be daunting, perhaps even overwhelming. Adoption is usually the hardest part in the implementation of new tech solutions. You may invest in a solution for better collaboration but that’s difficult to achieve if your organisation isn’t using it properly or at all – so how can you encourage your organisation to leverage the tech solutions you want to introduce to the workplace? We have some ideas for you.

 Establish goals and determine fit

Answer the question: why should they use it? Before you invest in a new solution or try to introduce a new solution, consider how it will fit in with your organisation’s day-to-day activities. Work with your team to establish objectives or goals that you hope to achieve through the implementation. As the solution is being integrated into the workplace, find a way to consistently measure the effectiveness of the solution in achieving the goals established. Adoption rates will go up as reluctant individuals in the organisation see that the new technology solution is worth the effort to adopt.

 Collaborate with the provider

You want a solution provider that is willing to continuously provide updates and support based on feedback. It is important that the provider of the tech solution is willing to work closely with you and your team to establish a good implementation program and ensure that the adoption rate is high.

 Schedule training

Once you’ve invested in the tech solution that best fits your organisation – be sure to provide training. Even if the new solution has an intuitive design, providing training can greatly increase individuals’ comfort levels with it. Training can be in the form of webinars, tutorial pages, or onsite training workshops.

 Lead by example

Click to get in touchIt may be difficult to increase technology adoption across the whole organisation all at once. Consider building a group of evangelists for your new technology solution within your team/organisation or begin by having team/group leaders adopt the technology first to encourage change amongst the team members.

There’s no one-size-fits-all technology solution – take into consideration the individuals in your organisation and help them see how the new technology will be beneficial in their work. Leveraging a new technology solution can increase the overall effectiveness of your workforce but adopting the solution should not have to be an excruciating process.

 

Sources:

 

Social Media: How Best to Use it Before, During and After an Event

calcIf you’re a conference or awards planner, then you’ll already know the nightmare…You have spent all year promoting the event’s brand, tirelessly drawing in new interest, consistently encouraging active participation, maintaining an engaged online community and now it’s finally over. You breathe a sigh of relief only to face that dreadful, jaw-dropping moment when you realise you have to do it all again next year.

Establishing a social media plan that starts on day one and continues until after the event is finished, one that has a jam-packed content plan of post-event resources, is critical to boosting ongoing delegate relationships and most importantly will make your life easier.

Why is Social Media Key to Delegate Relations?

Social media plays a key end-to-end role over the lifecycle of an event and is extremely helpful in engaging the audience’s attention on the day and in securing future interest immediately after.

Using Social Media to Engage Delegates Can Include:

  • Running a hashtag for the event
  • Including separate hashtags for topics and presentations
  • Running polls and instant votes on topics raised
  • Q&As
  • Sponsoring competitions

And lots more. Getting it right turns any fears over filling next year’s conference into excitement for new opportunities to engage with your delegates.

So, where do you start with social media for events?

Create a Community

Use Twitter and Facebook to turn your audience into an active and engaged online community. By using social media right through your event-planning process, including on the day and afterwards, you can generate lasting relationships that will keep people coming back and sharing content. For example, Twitter can be great for sharing sponsor’s slides on the day, and your sponsors will appreciate the extra publicity, helpful when it comes to renewing next year!

If you organise awards, then you will already consider social media to be your best friend. If you aren’t used to creating communities for corporate events however, you may want to consider delegate relations in terms of creating online communities.

It’s best to give one person responsibility for social media management and you may even already have a community manager on your team or someone to take charge for enhancing your event’s outreach.

 Promote an Interactive Audience

Fully interactive events are now the norm with around 70% of event planners using Twitter to promote events and just under 60% using social media right throughout the process.  Carefully chosen hashtags can hugely increase interaction making your event active, lively and memorable. Giving people their say also massively increases the authority of the event and the compelling debate to return next year.

Think Different, Be Different!

Being different and experimental offers something new every time someone attends one of your events and builds your reputation.

If you have never considered experiential marketing during your events, perhaps now is the time to put aside those traditional options and do something crazy. Experiential marketing is about bringing the brand and the audience closer through fun and memorable experiences. Typically, it’s employed in a strategy for grand openings but easily lends itself to events.

Maybe you don’t have the budget to send a man into space like Red Bull’s Stratos jump or like Heineken’s Departure Roulette, which offered free flights to random destinations around the globe and grabbed three million views on YouTube. But there are lessons to be learnt from the experts and big-budget marketing firms. It’s about being daring and letting others see you (or your client) being daring, different and theatrical.

Be Mobile Friendly

Smart event hosts work hard to create a mobile-friendly event, using Twitter hashtags and Facebook posts to drive interaction. It’s particularly great for raising Q&As when someone may not want to stand up and will only then be posting about it later anyway.

People love to cast their votes and have their say on topics so let them vote in live polls. It will be a great icebreaker and generate buzz on the day.

Continue the Debate

Once your event is over, consider taking the major topics or key points raised in the debates and turning them into a post-event debate. You could host a panel debate on Google+ Hangouts with the speakers or event organisers fielding additional questions or counterpoints to the raised themes and discussion points.

Click to get in touchBuilding delegate relationships during and after an event is about maintaining an amazing community of people and rewarding them for being active and engaged participants. It doesn’t have to be a nightmare if you can encourage active participants who share the value in what you are trying to create.

With the right approach and energy, you can keep communities alive and growing for future events.

For further guidance on how to do social media for events, take a look at the related content below, or why not check out our own social media channels?