In 2018, British Airways was fined £183 million (reduced to £20 million later) by the Information Commissioners Office (ICO) for poor security arrangements that jeopardized the personal data of its 4,00,000 customers. Yahoo in 2016, Marriott in 2018, Veeam in 2018 had similar occurrences with Target and other big brands and, along with these, in many instances both personal data (names, addresses, travel information, credit card details and other personal details) and sensitive data (persons ethnicity, religion, marital information and so on) of millions of people was breached, and the list just goes on. In most cases, data breach occurs due to poor decision making of organizations and functioning with a sort of unguarded approach that often make things worse in otherwise what would have been a preventable data cyber-attack.   

In Context of Events 

Over the years, the transition of the event industry from physical to virtual has certainly cushioned a few things in terms of reach and ease of connecting remotely. On the other hand, it has also invited exposure for possible cyber threats for the very reason that events in general involve social gatherings.  

Given the fact that in-person events involve large gatherings, and with virtual and hybrid events here to stay, it means a voluminous amount of personal information is being collected, which in actuality is an alarming situation for a potential breach.  

How Serious is the Threat?! 

According to Risk Based Security, a cyber security firm, over 38 billion records have been exposed due to data breaches since 2010. Adding to this, a survey by InformationWeek tells that about 40% of data breaches globally have occurred due to internal failure and mismanagement/mishandling of data. In context of the event industry, event planners need not take comfort by assuming that data breaches occur only at large corporations.  

In the Linux Australia Conference in 2015, personal data of delegates including their full names, email addresses, physical addresses, phone numbers (of those given) and user passwords were compromised in what was one of the largest data breaches that occurred in a conference/event. With regulations such as the GDPR of the European Union and the subsequent California Consumer Privacy Act (CCPA) in place, event planners need to comply with data regulations and be extra careful towards averting data loss, else they can be subject to hefty fines and penalties. So, event data security is real and needs to be assessed and addressed at war footing regularly. 

Why Would a Hacker Attack an Event? 

For hackers, events are in a way the culmination point where a diverse set of a large section of people assemble, which means a gargantuan amount of data, all at one place.  

Attendee Information - Hackers can have access to the most crucial attendee registration lists that include personal data, which can be exploited in unthinkable ways. Many a times a hacker might also sell those details for a ransom 

Access to Sensitive Data Hackers can have access to an attendees religion, ethnicity, political ideology (which are unwanted data) and much more, and loss of such data can impact their individual rights and personal freedom adversely.   

Access to Payment Data - As most of the registration are done online these days, hackers can find numerous ways to get access to the payment information, causing financial losses to many. 

How to Secure Your Event and Attendee Data? 

Below are a few tips to keep your event data secure 

1) Restrict Your Attendee Information Make sure you dont collect unwanted attendee information that may be needless for your event. Apart from names and contact information, you may not need to know everything about your attendees. Avoiding unnecessary data request also instils more confidence in your attendee base, making them comfortable that only the data relevant to the specific event is being collected.   

2) Access control and privileges of organization employees or event managers needs to be supervised to establish who has access to precious event data. Run background checks on employees, especially on people who would have access to large sums of money and sensitive information. 

3) Conduct regular auditing to see who performed what action and when. This will avert numerous breaches and will bolster your security system. 

4) Arm Your Event Team Instil that event discipline within your team by making them aware of all possible adversities of a data breach. Train your team on every aspect, right from screening attendees and guests to ensuring undivided attention on systems and identifying malicious emails and phishing attacks. Ensure you and your team are updated about applicable data regulations, and national and international security standards.  

5) Use Multi-Factor Authentication (MFA) MFA provides more security layers and is important especially when organizing events and large conferences where consumer data is at abundance. In case of breaches, hackers will have to re-authenticate themselves in various ways.  

 MFA is easy to implement and intuitive, and also meets all regulatory compliances that ensure the security of attendees. Because MFA comes with a Single Sign-On, it eliminates the need of storing and creating multiple passwords and the risk of data loss due to password misplacement will be gone.  

Note If you do not opt for an MFA, ensure that you change your event management system passwords frequently. According to a survey, 80% of event organizers change their EMS passwords only once a year, accounting for an increased risk of breach.   

 6) Make Your Security Measures Apparent As an organizer you would want to avert the breach at first. So, by installing security checkpoints and employing security personnel at regular intervals, you ensure the effort to breach is restricted. Amid bolstering your security checkpoints with stellar sophistications, ensure that all your systems, registration lists, or laptops are guarded and not unattended.   

Above all, it is about winning the trust of your attendees. Event planners need to show organizational integrity by securing attendee and stakeholders data. If not done, event attendees will have a lot more reasons for distrust which may end up in non-participation and withdrawals from signing up for the event. Therefore, it is imperative that event planners recognize the growing importance of data security at events and shoulder the responsibility of protecting personal and sensitive attendee data.