5 tips for keeping your vital attendee information safe
Some 6.06 billion malware attacks hit globally in 2023, according to the data company Statista. That is a lot of phishing emails asking for gift cards and passwords. In total, online fraud cost Americans $12.5 billion in 2023, according to TechRadar. Security software company Varonis points out that personal information is the most valued type of data and the average total cost of a data breach is $4.88 million. In short, the stakes are high.
How can you protect your precious attendee data? We asked experts, including information security veterans at Maritz, for the measures that would play the role of an IndyCar HANS barrier device to protect vital systems and minimize damage.
1. Protect Your Wi-Fi Network
Work with the AV team at the venue to set up separate networks for attendees, registration staff, hotel guests and vendors. Use a strong, unique password for each event and do not publicize it. Stay off public networks, including free airport Wi-Fi for sensitive event operations, including addresses, medical information and credit card numbers.
Read More: Beware the Public Wi-Fi Network: 6 Ways to Practice Cybersecurity While Traveling
2. Work with Secure Partners
Security starts with the RFP. Choose partners who take security seriously. When choosing a registration system and web designer, ask about built-in encryption. Look for Payment Card Industry (PCI) compliance for processing payments and System and Organization Controls (SOC) 1 and 1 compliance.
Require multi-factor authentication (MFA) for access to all platforms. And grant cascading levels of access based on rose to limit sensitive data exposure. Not everyone needs to see all folders with full administration rights. Look at the entire ecosystem of providers and the integrations that happen between them and make sure the whole is secure, advises John Wahle, chief security officer at Maritz.
Read More: Ditch the Labels, and Other Tips from a Maritz Event Design Strategist
Once you have chosen a system and set up controls, task someone with ensuring all software and plug-ins are updated regularly to protect against bugs and attacks. Not all failures are from the outside or intentional.
3. Need to Know
Train your team on the dangers and safeguards you have set up so they know both why and how you are protecting your intellectual assets. Warn everyone involved, including the interns, about phishing attempts. Lay out what to look for and what to do when you see one and—critically—if they accidentally fall for one. These attacks get more sophisticated every day and can fool almost anyone not paying close attention. Everyone needs to be aware. An easily accessed shared crisis communication plan is essential for all sizes of events. One person should be the point of contact in case of an incident.
This is also the time to clearly communicate your privacy policy to attendees. First, only collect the information you will use to limit risk. Tell people what they are signing up for, how their data will be used and what you will do if a breach occurs.
4. Stress Human Intelligence
The addition of generative AI doesn’t fundamentally change best practices for defending systems, it just reinforces the importance of our current policies—access controls, data encryption and monitoring. “If we make mistakes, it makes it easier to exploit,” according to Eric Perino, vice president of information security with Maritz.
As we are managing significantly larger bodies of data a leak can have even bigger impacts.
5. Constant Vigilance
It’s easy to think that the odds of your event being hacked are low, but sadly in today’s world you just never know. A trust but verify approach includes using updated tools to detect and respond to potential threats by blocking any malicious intruders.
Just as a race team doesn’t let anyone in the pits without clearance, you need a virtual bouncer to protect what matters.
This article appears in the January/February 2025 issue. You can subscribe to the magazine here.
