The issue of cybersecurity came back to the fore in November 2018 with the revelation of a massive data breach of Marriott’s Starwood-branded hotels. The information of up to 500 million guests was compromised in the data breach.
Meetings Today covered the issue in a variety of articles:
- Marriott to Pay for Passports Affected by Data Breach
- Marriott Data Breach: Protect Your Meeting Attendees
- Cybersecurity Musts for Meeting Planners
Meetings Today asked Michael Owen, managing partner of EventGenuity, who speaks regularly on the subject of cybersecurity at meetings and events, to provide his input:
Meetings Today (MT): Why was the issue of cybersecurity such a big news item in 2018?
Michael Owen (MO): It seems that every day we see headlines about data breaches from social media platforms, retail outlets and hotel chains that we typically trust to keep our information secure.
Since the business events industry collects all sorts of data, from personally identifying and company confidential Information to payment card information and other client, attendee or member information, it is a matter of when—not if—a meeting, exhibition or event is attacked.
More than ever, we are compelled to understand what data we hold, where it is held, who is authorized to use it and how it is used.
MT: How do you think this will affect the meetings industry moving forward?
MO: As meeting and event owners and partners become more dependent on web-based technology, there is an urgent need for our industry to become more cyber aware by understanding known threats, staying vigilant about evolving attack tactics and keeping up-to-date on the latest strategies for prevention and recovery.
If this alone is not enough, the implementation of the EU General Data Privacy Regulation (GDPR), the California Consumer Privacy Act and similar data privacy regulations in 48 other states and throughout the world adds a significant regulatory environment to the equation.
MT: What tips do you have for meeting planners to guard against this, and what should they do if they’re affected by a data breach or other cyber-attack?
MO: To protect your precious data, you first need to understand and address cybersecurity weaknesses. Human Error is where attackers exploit unsuspecting users to access your systems.
Ransomware is disruptive to systems and operations and can freeze entire digital eco-systems. By necessity, information is shared with Vendors and Event Partners such as hotels, DMC, event management agencies, production companies, ground transportation providers and more.
So, what do you do? The Events Industry Council’s Industry Insights Committee recently conducted an industry-wide cybersecurity survey and is in final review of a comprehensive white paper scheduled for release in the new year that will offer insight and advice.
Here’s a paraphrased snippet of some of the tips and guidelines that will be included:
- Understand what types of information you hold.
- Ask questions and remain vigilant.
- Employ the right resources, such as updated security software, password management, 2-factor authentication, virtual private networks and more.
- Use the right behavior. Convenience is the enemy of security. Think before you click, insert that questionable USB drive or send that attendee list or bank transfer.
- Modify agreements to address cybersecurity.
- Backup, backup, backup.
MT: Who is responsible for ensuring cybersecurity?
MO: The path to cyber safety is not just an IT responsibility—it requires all of us to be more aware, careful and active participants in keeping our own data safe and protecting clients, members and attendees from theft.
MT: What do you think the future will bring regarding this issue?
MO: The problem is not going away any time soon. As we depend more and more on technology and as it evolves and presents new ways of engaging, connecting and automating everything from registration to content delivery, there will be those who seek to exploit weaknesses in cloud-based systems.
These are bad actors, but they are not stupid.
As we become better prepared to plug existing security holes, they are busy inventing insidious new ways of going after your precious information.
What we can do is share approaches and processes to address vulnerabilities we know, and work together to quickly discover and address new and evolving threats as they are presented.
Michael Owen is the managing partner of EventGenuity, past chair of the Events Industry Council’s APEX Standards Committee and an educator on the subject of cybersecurity in the meetings industry.
