Cyber security is a major part of every exhibition or event. Malware, phishing and DDos attacks can shut a company down completely. Organising an event usually involves the use of a network, and it is crucial to be absolutely sure that network is secure to avoid placing your visitors and exhibitors at risk or registration and other applications being interrupted. It is therefore essential to work closely together with the event venue to achieve this certainty. What can organisers do to protect their event against cyber risks and what can they expect from the venue? Time to shine a light on cyber security…
Malware, phishing, DDoS
Let’s start with a summary of the terminology. Malware is software that infects your computer after visiting a website and then gains access to your personal data. It can even take control of your entire (computer) network. Phishing occurs on websites that pretend to be familiar, reliable websites but which were actually designed to intercept and then abuse login details. DDoS attacks are attempts to make a website or service unusable by overwhelming them with requests. So how can you prevent such problems?
Working securely on different networks
Any computer user who has ever visited a website may encounter these risks. Companies must therefore protect themselves, especially those which depend strongly on their internet connections like suppliers of online services. But what happens when you need to work at another location? Which network do you use and how secure is it?
Secure Wi-Fi isn’t enough
When an event is hosted by a venue, you connect to the internet via that venue. In most cases, the venue will establish a Wi-Fi network via which event exhibitors and visitors can access the internet. It is of the essence that the Wi-Fi network is properly secured so that others cannot easily break in or look over your shoulder. This is why we at the RAI always recommend that organisers use a password-protected Wi-Fi network.
But this alone is not enough. Although the Wi-Fi network is better protected behind a password, users can still visit websites infected with malware, or end up on a website via a phishing mail that intercepts login details. Luckily there are security methods you can take for this too. At RAI Amsterdam this is in the hands of our specialised RAI Eventnet team, IT experts who are fully focused on the management and security of the internet for all at RAI Amsterdam, whether they be employees, organisers or event visitors.
Screening all websites worldwide
First things first: as you can’t usually see if a website wants to do harm, how can you find out before the harm is done? There are various companies specialised in these matters. We work with Cisco Umbrella, which has a database of all website addresses worldwide that is continuously updated and earmarks websites that form a risk.
The network we set up checks every attempt to visit a website against this database. This occurs in just milliseconds and users won’t even notice it, unless something’s wrong. If a website is known to contain malware, for example, a visit to the site is blocked so the computer cannot be infected. The user then sees a pop-which explains what’s going on. We do this for all risks related to malware, phishing and DDoS attacks. Checks are made of both outgoing and incoming traffic, such as websites that try to connect to a user on our network from the outside. In doing so cyber security protects users, the companies behind them, and the networks to which they are connected. It is important to note that all of this is realised in accordance with the General Data Protection Regulation so we don’t see which individuals are involved.
High risks
Malware, phishing or DDoS attacks can completely shut down a company or network, cause data leaks and result in substantial damage. It’s therefore crucial that such damage is prevented. Some events are at extra risk because of the high level of internet use involved, such as tech exhibitions or gaming events. In these cases we often encounter a high number of (blocked) incidents. There are fewer incidents at less digitally-driven events, although our service prevents significant issues nonetheless. To illustrate: the Eventnet team identified that some 529,000 web visits were initiated in an hour, of which 42 were blocked – and this represents a relatively quiet day.
Levels of security
Mind you, all this requires you to be using our internet connection. Only then can we monitor incoming and outgoing internet traffic and check it against the Umbrella database.
Which settings are optimal varies per event and per target group, and we always determine the final choice together with organisers. It is also possible to exclude crypto mining, for instance (websites that use capacity to create cyber currencies). We’ll always discuss what level of security is best with the organisers.
Check your digital smoke alarms
Only few people are aware of the significant risks they face simply by surfing the internet. And it’s not just about their own behaviour alone: the actions of colleagues and people nearby at the exhibition also count. This means that, although we have things in order here, we have to stay alert and constantly monitor and improve the security of our internet connection, and we recommend all organisers be equally attentive.
So, wherever your event takes place, remember not just only to check the emergency exits, fire extinguishers and smoke alarms, but also whether the venue has proper ‘digital smoke alarms’ in house to keep your systems and those of your exhibitors from being shut down by hackers.
PAUL HASSINK (R)
Paul Hassink | LinkedIn | Product Manager ICT | Sports | Travel | Coffee | Foodie