When you think of security at your meetings, you might imagine highly visible squads of blue-blazer-wearing, walkie-talkie-carrying guards who are on hand to enforce public safety. But what about security that’s less visible but just as important? When you’re on site, how secure is your organization’s and your attendees’ online data?
Michael Robinson is an expert in computer forensics and cyber security whose areas of specialization include assessing data vulnerability and safeguarding online systems at meetings and events. He’ll be speaking on that topic as part of a Convene Live Presents session at PCMA Convening Leaders 2015 next month. Recently, we got an advance preview from Robinson, who shared three of the most common vulnerabilities of event-based data:
Robinson identifies a major potential hazard when it comes to providing Wi-Fi for conference attendees: that someone will “stand up” a fake wireless-access point — using about $120 in innocuous-looking, easily hidden equipment — that attendees then will log onto assuming that it’s the official conference Wi-Fi.
From there, the “bad guys,” as Robinson calls ill-intentioned hacker types, could harvest whatever information attendees or staff entered or exchanged on their laptops or wireless devices while they were connected to the imposter Wi-Fi, including login passwords and credit-card numbers.
2. REGISTRATION KIOSKS
Do the computers at your on-site registration kiosks have USB ports that are open and running? Do they permit administrator access, or have their help menus enabled? “When I’m Bad Guy X and I go up to the kiosk and there’s pandemonium everywhere [at registration],” Robinson said, “I just hit the shift key about eight times in a row. I see if I can get an error message to pop up, something to give me special rights into the computer. And then I’m going to start processing and stealing [registrants].”
3. CELLULAR NETWORK
“I’m on the phone with you via my cellphone,” Robinson said, “and someone could be right around the corner standing up a fake cellphone tower and stealing all of my traffic, listening to my calls, and stealing all of my text messages and email.”
Scary, for sure. But is it a planner’s responsibility? And is it worth paying someone like Robinson to data-proof your meeting? “We have corporations that have to worry about economic and industrial espionage,” Robinson said. “We have to worry about hackers like Anonymous [an international network of activists and hacktivist entities] setting up jammers and just shutting down conferences where people come together. People spend a lot of money on travel, on registration fees, and they’re trying to do business. And our thought was, why aren’t we un-leveling the playing field? I think we should do that.”
Robinson added: “My thought is, an event manager never works alone. Ever. The event manager always takes the best resources to provide the best-quality event within budget constraints.”