7 steps to a secure event management system

The security of two-factor authentication and an HTTPS website are major considerations, says Simon Clayton of Reftech.

There are seven security questions to consider when looking at different event management systems, according to the chief ideas officer at RefTech.

"Events capture a lot of data and protecting the personal information of delegates should be of utmost priority for all event managers," says Simon Clayton of RefTech – a company specialising in registration and badging for conferences.

"You may be thinking ‘who on earth would want to hack the personal information of the delegates at an accounting conference’ but literally any online database can and probably will be attacked – even if it’s just out of curiosity on the part of the attacker."

"There are a plethora of event management systems available – but they are not all the same. While many have lots of bells and whistles, they may not have the robust and thorough security measures needed to protect your data."

Here are Simon’s seven security questions to consider when looking at different event management systems.  

1. Does your event management system have 2FA (two-factor authentication)?

"2FA is all over the place these days with a lot of the big websites using it to protect their user accounts," says Clayton.

"It’s a security process that requires a second level of security; as well as a username and password, 2FA will ask for another code that is time-based and can be generated by the mobile phone of the person logging in.

"Having 2FA dramatically reduces your chances of someone stealing credentials and logging in as you which is vital in protecting data."

2. Does your system provider have an HTTPS website?

"The data you input into your event management system will be sitting on a cloud somewhere – and every time you log in to review it, it is transferred to you across the internet," says Clayton.

"If your provider’s website is HTTPS (Hyper Text Transfer Protocol Secure) it means that all communications between your browser and their website - including your data - are encrypted and therefore more secure."

3. Does the system have log-in alerts?

"Many online accounts (Facebook included) will alert you if your details are being used to log in from a device that you haven’t used before," Clayton explains. "If your event management system has this it will mean that you will know if someone tries to use your log-in details. Some may even provide the option of kicking the user off that machine immediately."

4. Does the system show a record of your log-ins?

"The really robust systems will allow you to see a detailed record of the last times, dates and devices that you have logged on from," says Clayton. "You can review these to see if anything untoward has occurred and also use it to delete devices that are no longer in use or have been lost or stolen. Reviewing and tidying this list from time to time is another step to keeping your event data secure."

5. Can you restrict who has access to reports?

"Many data breaches are actually internal – either accidentally or on purpose," says Clayton. "Sharing information by mistake, or downloading information before moving to a competitor (it does happen)."

"Downloaded reports are valuable and should not be overlooked. You will probably have staff members who you are happy to access records and edit, but that have no legitimate requirement to download the information.

"A few systems will let you restrict report access only to those who need it, and only give access to the reports that a staff member will need to do their job. It’s another easy step to implement to help ensure that your data doesn’t fall into the wrong hands.

"Also, if you have 2FA enabled on your account then a great system will insist you enter a 2FA code before you can download the report as an extra layer of protection."

6. Does the system lock you out after several failed password attempts?

"If someone tries to use your password to log in unsuccessfully, any good system will only tolerate a set number of tries before flagging up this potential problem, and even locking the user out of the system for a while," Clayton explains.

"While this can be annoying if it’s actually you that’s got your password wrong, this is a very good deterrent for the would-be hacker using automated password cracking tools."

7. Can staff limit or turn off security?

"Despite all the good intentions you may have, there could be one person in the team that regards the 2FA process as a pain and so disables it," says Clayton.

"The most secure systems allow an event to be flagged as requiring 2FA and would block a user without 2FA from accessing those events. A good system puts you in control and lets you set the security parameters so that you can insist that your team is following the measures that you have, quite rightly, implemented.

"Event management systems can be amazing tools, and with the right questions you can make sure yours is not only good for organising events but is a helpful ally in the war we are all fighting for data protection."

For more features and breaking news sign up to C&IT Magazine's daily Newstracker here.

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Register now
Already registered?
Sign in
Cancellations and deferrals: How global agencies are reacting to coronavirus

Cancellations and deferrals: How global agencies are reacting to coronavirus

As IBTM APAC gets postponed, agencies tell C&IT what they are doing to meet the challenges posed by the outbreak.

IBTM APAC 2020 postponed over coronavirus

IBTM APAC 2020 postponed over coronavirus

Organisers have postponed the inaugural IBTM Asia Pacific due to the Coronavirus outbreak.

How are incentive budgets changing in 2020?

How are incentive budgets changing in 2020?

Budgets increases come despite fears over economic uncertainty, according to the State of the Industry 2020: Incentives report.

MGM Resorts takes action over massive data hack

MGM Resorts takes action over massive data hack

More than 10.6million guests have had their data leaked after the cyber attack, according to reports.

APAC planners still 'use manual processes' for most of their tasks

APAC planners still 'use manual processes' for most of their tasks

Australian and New Zealander event planners need a more technology-driven approach, according to new research by Cvent.

DICE launched to improve diversity at conferences and events

DICE launched to improve diversity at conferences and events

New charter aims to eliminate 'manels' and offers guidelines for making events more diverse, on and off stage.

Are experiential food and drink incentives on the rise?

Are experiential food and drink incentives on the rise?

Planners reveal what food and drink experiences clients are increasingly requesting, in the C&IT State of the Industry: Incentives report.

World’s most popular destinations for business travel revealed

World’s most popular destinations for business travel revealed

New research draws on official government flight data to reveal locations most popular with UK business travellers going overseas in the last year.

Top agencies speak out amid warnings the coronavirus response came ‘too late’

Top agencies speak out amid warnings the coronavirus response came ‘too late’

With reports that another key congress may be cancelled, agencies explain how they have been taking stock.

Delta commits $1 billion to become first carbon-neutral airline

Delta commits $1 billion to become first carbon-neutral airline

The airline makes 10-year commitment to mitigate all emissions from March 2020.

LATEST JOBS