There are many benefits to virtual or hybrid events. A common concern for new virtual event managers, however, is regarding the risk of cyber-attacks. Unfortunately, now that virtual and hybrid events are on the rise in the events industry, some hackers have begun to turn their attention to virtual events. Fortunately, you don’t have to sit back and let these attacks happen. Event organizers have several options to make virtual event security a priority, so that attendees can take part safely.
Why Are Virtual Events Targeted?
Any type of virtual event can be targeted: virtual conferences, virtual retreats, virtual concerts, etc. For the most part, when cyber criminals target virtual events, it’s for one of two reasons: fun or profit.
The first category of people are trolls and harassers. They’re people who don’t have any specific goal in mind and who just enjoy causing trouble. An example of this phenomenon is so-called Zoom-bombing, where uninvited users disrupt public Zoom meetings to harass legitimate attendees. This group of trolls and harassers may enjoy a small event as much as a large event.
In the second category, cyber criminals target virtual events to perpetrate a phishing attack or gain information that can be used in a phishing attack. These perpetrators target virtual events to steal data, information, or something else of value, either from individuals or companies. This often involves phishing and other social engineering techniques designed to harvest personal or corporate information. Depending on the nature of the information they gain, it might be sold or used to engineer an even larger attack in the future. This second category of criminals may prefer larger events, such as a virtual conference, in order to gain data on as many attendees as possible.
The trouble is, it’s hard to tell whether a threat is minor or serious. Sometimes, they might even be part of the same attempt. Minor troublemakers like trolls may disrupt an event to create chaos and make attendees more vulnerable to phishers looking to harvest sensitive information from attendees.
6 Best Practices for Virtual Event Security
1. Control Event Access
Avoid All-Access Events
Keeping your virtual event secure starts with the audience. In general, it’s best to avoid public or all-access events, unless you have a specific reason to hold this kind of event. Instead, limit event access to authorized personnel only. This should include you and your event team, along with speakers and other guests, and the audience.
This will deter would-be trolls and harassers, who generally only “Zoom bomb” events that are easy to access. Limiting who can access the event lets you easily eliminate a significant source of potential trouble.
Registration and Login
The simplest way to limit access is make access to the event conditional on registration.
- All attendees must complete the registration process.
- Attendees only receive a link to the event once they complete registration.
- Every attendee receives a unique URL to log into the event. This security-booster also makes it easy to track attendee activity throughout the event.
- Enable two-factor authentication for the event login process. This requires attendees to use an additional form of ID when logging in. It greatly reduces the risk that their login information might be stolen and used maliciously.
2. Remind Attendees About Cyber Safety
Most data breaches are due to simple human error. While hackers do often exploit system vulnerabilities, it’s easier, and therefore much more common, to target people. Add some information on basic security measures to your final pre-event email to help attendees enjoy the event safely.
Before the Event
- Connect to the event on a private Wi-Fi network only. This means avoiding public networks such as at a public library or hotel.
- Make sure the user’s operating system, antivirus software, and firewall are all up-to-date.
- Apply password management best practices.
During the Event
- Avoid clicking on links or downloading attachments from people they don’t know, and beware of the possibility of spear phishing from seemingly familiar contacts.
- Be cautious about giving out personal or company-related information or data.
- Give attendees a way to report any suspicious behavior, links, or attachments.
3. Develop an Event Code of Conduct
Most of the people who attend a virtual event are ready and willing to behave professionally. After all, their behavior at the event reflects not only on them personally, but on the company they represent. But at any event, there may be a small number of people who, for whatever reason, don’t behave in a professional manner. Whether it’s becoming argumentative, harassing other attendees, or shouting or spamming in a chat channel, antisocial behavior can seriously impact the ability of people to participate in an event. One negative user can affect the user experience for everyone else.
Developing a code of conduct is useful because it sets the standard of acceptable behavior.
- Everyone knows what standard of behavior is expected of them.
- There are no gray areas for those unruly few to exploit.
- Everyone understands what the consequences are for behaving inappropriately.
This helps protect everyone—including guests and your own personnel—from harassment and other forms of antisocial behavior. Having a code of conduct also makes it easier on event management to decide when somebody’s behavior requires intervention or removal.
4. Choose a Virtual Events Platform with End-to-End Encryption
Any form of online communication has multiple points of vulnerability where data can be intercepted. This is especially the case when people connect to the internet on a public network, or on a private network that doesn’t have adequate security. There are significant information security risks for the users on these networks. The best way to protect the event and its attendees is to choose a virtual platform that protects communications via end-to-end encryption.
With end-to-end encryption, data is encrypted before being sent over the network and is decrypted only when it gets to its endpoint. This means that even if a hacker gains access to a network and eavesdrops or intercepts the data, it’s unreadable and unusable. End-to-end encryption helps protect people even if the machine or connection they’re using isn’t as safe as it should be.
5. Consider a Cloud-Based Virtual Events Platform
Even the safest in-house corporate network has multiple points of vulnerability. Every computer and tablet that connects to the network represents a point of vulnerability. So does every software program and individual user account that connects to the network.
The same principle applies to every attendee who connects to your virtual event. The devices that people use to connect use a wide range of different operating systems and versions, each with specific vulnerabilities. Installing an app to connect to a virtual event also represents a point of vulnerability for every person who attends.
One way to reduce this particular risk is with a cloud-based event management system. Cloud-based services allow attendees to login through their web browser on any device, eliminating the need for an event app. This improves event security because none of the devices people use to connect have to store any event-related data. All data remains safely in the cloud, so there’s none of the risk associated with data transmission between devices and networks.
A Safer, More Secure Event is Better for Everyone
Cyber attacks and other forms of harassment are relatively rare in the world of virtual and hybrid events—but they do happen occasionally. For any event of any size, it’s vital to make cyber security an important part of the planning process. Take the time to put the six security practices above into practice as part of your online event strategy. A virtual or hybrid event that’s secure and safe is one that everyone can feel comfortable about attending and enjoying.