There are seven security questions to consider when looking at different event management systems, according to the chief ideas officer at RefTech.
"Events capture a lot of data and protecting the personal information of delegates should be of utmost priority for all event managers," says Simon Clayton of RefTech – a company specialising in registration and badging for conferences.
"You may be thinking ‘who on earth would want to hack the personal information of the delegates at an accounting conference’ but literally any online database can and probably will be attacked – even if it’s just out of curiosity on the part of the attacker."
"There are a plethora of event management systems available – but they are not all the same. While many have lots of bells and whistles, they may not have the robust and thorough security measures needed to protect your data."
Here are Simon’s seven security questions to consider when looking at different event management systems.
1. Does your event management system have 2FA (two-factor authentication)?
"2FA is all over the place these days with a lot of the big websites using it to protect their user accounts," says Clayton.
"It’s a security process that requires a second level of security; as well as a username and password, 2FA will ask for another code that is time-based and can be generated by the mobile phone of the person logging in.
"Having 2FA dramatically reduces your chances of someone stealing credentials and logging in as you which is vital in protecting data."
2. Does your system provider have an HTTPS website?
"The data you input into your event management system will be sitting on a cloud somewhere – and every time you log in to review it, it is transferred to you across the internet," says Clayton.
"If your provider’s website is HTTPS (Hyper Text Transfer Protocol Secure) it means that all communications between your browser and their website - including your data - are encrypted and therefore more secure."
3. Does the system have log-in alerts?
"Many online accounts (Facebook included) will alert you if your details are being used to log in from a device that you haven’t used before," Clayton explains. "If your event management system has this it will mean that you will know if someone tries to use your log-in details. Some may even provide the option of kicking the user off that machine immediately."
4. Does the system show a record of your log-ins?
"The really robust systems will allow you to see a detailed record of the last times, dates and devices that you have logged on from," says Clayton. "You can review these to see if anything untoward has occurred and also use it to delete devices that are no longer in use or have been lost or stolen. Reviewing and tidying this list from time to time is another step to keeping your event data secure."
5. Can you restrict who has access to reports?
"Many data breaches are actually internal – either accidentally or on purpose," says Clayton. "Sharing information by mistake, or downloading information before moving to a competitor (it does happen)."
"Downloaded reports are valuable and should not be overlooked. You will probably have staff members who you are happy to access records and edit, but that have no legitimate requirement to download the information.
"A few systems will let you restrict report access only to those who need it, and only give access to the reports that a staff member will need to do their job. It’s another easy step to implement to help ensure that your data doesn’t fall into the wrong hands.
"Also, if you have 2FA enabled on your account then a great system will insist you enter a 2FA code before you can download the report as an extra layer of protection."
6. Does the system lock you out after several failed password attempts?
"If someone tries to use your password to log in unsuccessfully, any good system will only tolerate a set number of tries before flagging up this potential problem, and even locking the user out of the system for a while," Clayton explains.
"While this can be annoying if it’s actually you that’s got your password wrong, this is a very good deterrent for the would-be hacker using automated password cracking tools."
7. Can staff limit or turn off security?
"Despite all the good intentions you may have, there could be one person in the team that regards the 2FA process as a pain and so disables it," says Clayton.
"The most secure systems allow an event to be flagged as requiring 2FA and would block a user without 2FA from accessing those events. A good system puts you in control and lets you set the security parameters so that you can insist that your team is following the measures that you have, quite rightly, implemented.
"Event management systems can be amazing tools, and with the right questions you can make sure yours is not only good for organising events but is a helpful ally in the war we are all fighting for data protection."
For more features and breaking news sign up to C&IT Magazine's daily Newstracker here.
Have you registered with us yet?
Register now to enjoy more articles
and free email bulletins.