Data

All Systems Go

The organizers of Cyber Security Week have to practice what they preach. Here’s how they handle data protection at their own event.

Hackers at Cyber Security Week 2017.
Photo Credit Martijn Beekman

The Hague is known as the cybersecurity capital of Holland, and for good reason. The Dutch city is home to the Hague Security Delta (HSD), a cluster of business, government, and knowledge institutions that work together in areas such as cybersecurity, infrastructure protection, and more.

Recently, HSD presented Cyber Security Week (CSW) 2017, where 4,324 attendees — comprised of students and professionals from more than 70 countries — gathered to discuss the latest developments in cybersecurity, and also had opportunities to pitch their ideas for funding. Convene spoke with Kelly Heij, event manager at Fox-IT — one of the founding members of HSD — about CSW, which was held at several venues throughout the Hague on Sept. 25–29.

Top of mind for us: How does a premier cybersecurity event handle data protection? “Especially because the main topic [at CSW] is cybersecurity, you have people who want to test you,” Heij said. “We are very aware of that.”

Kelly Heij

MONITOR THE SITUATION The first in having securing your event’s data, according to Heij, is prevention. “If there is a  hacker in your network or if there is a data breach, we have prevention-detection monitoring, so that you keep your network and your processes tight and keep them safe,” Heij said. “Whenever something happens, you are really able to respond quickly and to minimize that damage that it can cause, because you can get major fines [under data-protection regulations], but also major image damage.”

SECURE THE PERIMETER Heij also stressed the importance of fundamental practices such as password protection and encryption. “All our emails can be encrypted when necessary,” she said. “It makes it safer, of course. Whenever there’s an attachment, I’ll make sure I encrypt it, and then I’ll have extra security as well. We also when possible use two-factor identification, which of course makes things more secure.”

Another basic but often-overlooked step is physically securing an event. “We pay a lot of attention to lists that we print for the day itself, like the list of the attendees,” Heij said. “Most of the time only I have it, or someone at the registration desk. All of that data also gets shredded afterwards, so we’ll destroy it. Of course, physical security is also really important. We’ll check the location upfront, like where are the emergency exits, and also how to get people to them.

“We make sure that we do not have any intruders on that day itself,” Heij said. “I also always brief the Fox-IT employees — like, make sure that you don’t share customer data or talk about anything sensitive or private whenever you’re in a general room, in a public room. That kind of stuff is really important to keep your security at a high level.”

I make sure that I never use the word ‘client’ or ‘customers’ on my data lists.

ACCESS DENIED Heij has certain banned words for data lists, all of which relate to customers — including attendees at CSW. “When you organize an event, sometimes your event is a special event for customers, or sometimes you have leads and customers at the same event,” she said. “I always make sure that I never, ever use the word ‘client’ or ‘customers’ on my data lists. Whenever you send an email with data — with an Excel sheet or whatever, with data of your clients — never use that word, because when you get a data breach or someone maybe [accidentally] leaves a list on the train, they [won’t be able to tell] if that’s your client.”

HACKING CSW Heij was happy with the turnout at CSW, particularly for younger audiences, who turned up for sessions like “Student Hacking Contest, a Cyberlympics Event,” which required students to participate in web-application hacking, remote exploiting, and testing their knowledge against each other in encryption and decryption. “We invest in young people, because they are the future and cyber security is the future,” Heij said. “I think the Cyber Security Week in general was really good. [The attendance showed] how many people are interested in cybersecurity and interested in learning more about it.”

For more information about Cyber Security Week 2017, visit cybersecurityweek.nl

Jasmine Zhu