The high-profile hacking of the Democratic National Committee in July, and last month’s Dropbox breach — which resulted in more than 68 million users’ login data being compromised — show just how pervasive cyber attacks have become. John Sileo, a cybersecurity expert and frequent keynote speaker at conferences in a variety of sectors, sees the meetings industry as particularly at-risk for data breaches. Why?
“Number one, you’re collecting a bunch of important people together,” Sileo said in an interview with Convene. “For example, this afternoon I’m headed to a conference of 350 bankers, CEOs, and CFOs. Those are 350 particularly attractive targets, and they’re all in one place at one time. It’s like gathering all the gold together and putting it in one room. They bring laptops, tablets, and phones, and they leave them on the table when they go get a coffee, or they leave them in the room unattended, or they leave them in a cab.”
Sileo calls data “the lifeblood of our business now,” and stresses that it deserves the same type of security protections as any other aspect of a meeting. So why is cybersecurity getting short shrift? “Corporations only present data-security measures in a corporate way,” he said, “rather than saying, ‘Hey, you know that smartphone of yours? Yes, it connects to the internet, but guess what? It’s also got your personal information, and it’s being sniffed for your banking information.’ When you build a bridge from the personal to the professional, people start to change. The meetings industry really hasn’t gotten there yet, where they understand, ‘Oh God, we’ve got to start with the individuals, and then build up to the events.’”
SEEING IS BELIEVING
Sileo heads to the registration area at a meeting where he’s scheduled to speak — not only to pick up his badge, but to demonstrate just how easy it is for would-be hackers and thieves to access sensitive data by swiping a laptop, tablet, or smartphone from a seemingly secure area. He writes his name and phone number on a piece of paper and leaves it near the unmonitored equipment for on-site staff to find later. “The other thing I do,” he said, “is go in and take pictures while I have somebody recording video of me doing it, and then I show it on the screen during my talk.”
Sileo’s subterfuge opens the gates for a more nuanced conversation about the ins and outs of data security — and the importance of communicating security policies and procedures to attendees, exhibitors, and on-site staff. “You have to be tactful, because you don’t want to give people a sense of paranoia about getting their badge when they check in to the hotel,” he said. “Just like with the security of the overall conference, it doesn’t take that much if you plan it well.”
BEFORE AND AFTER
Sileo stresses that the privacy and security measures taken before and after events are just as important as what happens during the meeting. In the months leading up to a program, planners should make sure their online-registration system is completely secure, minimize data collection to minimize risk to attendees, and create as few hard-copy files as possible ahead of the meeting. “All the way through the process,” Sileo said, “talk with vendors, hotel, caterers, and everyone else, to ask for technical help.”
Sileo also advises planning teams to conduct an on-site security audit leading up to a meeting. “Create a map of your event progression, so that you know not only your highest risks, but also what might be solveable for less money or less time investment,” he said. “Making decisions based on a security map is way better than just throwing darts in the dark.”
And after the show? Sileo recommends both shredding physical documents and purging sensitive digital files. He doesn’t mince words: “Destroy the evidence.”