The cyber threat: How secure is your event network?
23-Oct-14by Annie Byrne
Being able to communicate anytime anywhere has allowed us to move from working on the static desktop PC to a world where devices are in a pocket, in our bags and even on our wrists. Whilst all this communication has meant we can be flexible about our working space, how many people have considered the security of the networks they are communicating across?
Sometimes we feel there is too much of the “it won’t happen to us” mentality within the industry and it can be a risky attitude to take. More information than ever is transmitted across an event’s network(s) and much of it is of a sensitive nature. Secondary mechanisms (such as VPN and SSL) are used to protect some data but you don’t have to look too far to find file shares, websites and other data all unencrypted and open to see on the network.
Corporate IT teams spend millions protecting employees whilst they are in the office or even at home; but how many consider an event? We support a lot of VIP corporate events for top tier managers when the security requested is a secondary thought.
In a world where cyber security breaches have become an everyday norm, not a day goes by without news sources reporting another hacker success or a commitment to strengthen current fail safes and precautions, meaning network hijacking is a very realistic threat. Event organisers need to be equipped with the right precautions to meet this challenge and ensure that sensitive data remains confidential.
There are two main types of wireless security and, for the sake of clarity, it is important to identify both:
Open: Similar to a network that you would find in a coffee shop. It does have a password, acting in a similar way to the bouncer on a nightclub door. Once people are past the password information is visible, just like you can see other revellers in the club.
Encrypted: This is when all information sent across your part of the network is more secure. This will ensure that it is protected from ‘eavesdropping’ and meets the data protection agreements that often accompany large scale events.
In light of the above definitions it’s a no brainer! Exhibitions should all be pushing for encrypted networks which, if possible, should not be broadcast to all-and-sundry. Our advice is to be clear with those joining the network about the security level in place, and whether it requires work with an expert to increase it. Another easy, but often overlooked step to improve network anonymity is not to brand it with the same name as the exhibition; this stops those in the vicinity becoming immediately aware of its existence and exactly what it is being used for.
Guaranteeing secure networks is nothing new but it does seem that some are slower on the uptake than others. You only have to look at the language used by security/defence companies, like Thales and QinetiQ, to see that the threat is all too real. The good news is that it has now never been easier to source expertise to make sure your network is as secure as possible and that private data remains exactly that.
This article was first published in the October issue of EN. Any comments? Email Jamie Wallis