19 Sep Locking down your assets
Unbelievably, it’s already more than three months since the General Data Protection Regulation (GDPR) came into force (where did that time go?) and the huge focus on data is showing no signs of abating any time soon as businesses continue to get to grips with ensuring compliance and avoiding those huge fines we’ve all heard so much about. But before you switch off and think… not another boring blog on GDPR, we got this… have you really? Are you 100% sure that your own and your clients’ data is secure, and that everyone in your business is aware of the risks?
So much of the focus on GDPR has been around consent and privacy, unsurprising given that is where some of the biggest changes in the law are, but we’ve not heard as much about the security side of things, especially from an event industry perspective.
Having recently been the target of an online fraud attempt, data and IT security is pretty high on our agenda right now! And it got us thinking – how many other companies in our sector have been subject to attacks by hackers and fraudsters. If the national statistics are anything to go by – it could be more than half of us. Really!
The Department for Digital, Culture, Media and Sport’s ‘Cyber Security Breaches Survey 2017‘ reported that 52% of small businesses and 66% of medium-sized businesses have identified at least one cyber security breach or attack in the last 12 months. Another survey carried out by YouGov on behalf of Barclays, revealed that almost one in four (23%) of SMEs have fallen victim to fraud.
Falling victim to cybercrime can be devastating for businesses and given that many event agencies fall into the SME category, it represents a real threat to our sector, one that perhaps we could all be more aware of and bring out in the open. Fraudsters are becoming increasingly sophisticated and brazen in their approach, in some cases impersonating banks, suppliers and staff, intercepting emails and sending fake invoices, and even the savviest among us could be tricked if we’re not careful.
It’s too easy to sit back and say, “we have IT and legal teams to sort out our data security and compliance issues”, or in the case of smaller businesses, “we partner with an expert to sort all that out”. But, everyone in the business needs to be aware of the risks, especially event planners who are often away from the office on-site or travelling abroad.
Recent research published by CWT revealed that two thirds (65%) of business travellers are not confident their company’s data is secure when they go abroad, with the main concerns being laptops or other mobile devices being lost or stolen (29%) and using public Wi-Fi (21%).
As an industry, we are so reliant on technology and connectivity, and I’m pretty sure most people reading this will admit to connecting to a public Wi-Fi hotspot in a venue or hotel in the last year for work. But many of these networks are unsecured, which means hackers can intercept your wireless connection and access everything on your laptop, or worse set up a network honeypot that looks like the venue’s free wireless hotspot and then steal your logins and passwords and trick you into giving up other information.
On top of that, there’s the relentless march towards digitising everything and adopting new event technologies – from apps to online registration and ticketing systems – many of which store and process personal information about delegates. While these systems are designed to make life easier for organisers and help improve the attendee experience, what safeguards are built into these programmes, particularly the generic ones that are bought off the shelf?
We’re not for a minute suggesting that any of these technologies are not adequately protected – just putting the question out there. With the possibility of increased fines from the Information Commissioner’s Office if you fail to meet your responsibilities to process personal data securely under GDPR, surely these are exactly the sort of questions we should be asking?
The CWT research also revealed that less than 20% of business travellers said that they received frequent and formal communication and guidance about data and internet security from their company, while 34% said they received some guidance on what not to do.
These results show there is still a lot to do around educating people on how to look after their company’s data. While there are plenty of general resources out there for small businesses, such as the Cyber Security: Small Business Guide, we’d love to raise more awareness about this issue in our industry specifically and help identify and educate about the risks most likely to affect event professionals.
So, if you’ve been targeted by an attack or have any advice, tips or resources, please do share with us here, and let’s make sure we’re all aware and prepared…