In focus: Building a safer space for event IT

    In focus | August 2017

    A growing dependence on information technology in the event cycle must come with an equal commitment to securing a safe cyberspace. Caroline Boey writes

    Information technology (IT) is a powerful and indispensable tool, but it is also a double-edged sword and businesses are paying more attention to the downside as cybercrimes affecting online platforms cost the global economy some US$450 billion in 2016, according to a recent report. The figure is forecast to escalate to US$3 trillion by 2020.

    Earlier this year some MNCs like the National Health Service in the UK, Spain’s Telefónica, FedEx and Deutsche Bahn were hit on May 12 by the WannaCry ransomware attack which encrypted data and affected more than 230,000 computers in 150 countries.

    Later that month, British Airways suffered a major IT system failure that crippled its operating systems, call centres, websites and mobile apps on May 26, forcing the carrier to cancel all flights out of Heathrow and Gatwick airports.

    Last year, ICCA members who attended the General Assembly (GA) in Kuching faced technical problems during the online voting exercise and the association had to move to a back-up paper voting system.

    ICCA said the situation was caused by factors such as the local WiFi network capacity, the congress app functionality and a hacking from malware that was discovered on a delegate’s smartphone.

    ICCA has now chosen to use a secure website and an extended voting window to guarantee all members are able to exercise their right to vote and to reduce future risks to the absolute minimum.

    These recent incidents are a wake-up call for the industry as show organisers and suppliers handle gigabytes of sensitive data such as company profiles, delegate names, addresses and credit card, mobile and passport numbers, etc. Adding to the risks are some delegates who do not think twice about logging on to free – and often unsecured – WiFi when available.

    ChiaAn organiser’s responsibility

    So, what can meeting planners and the industry do to enhance cybersecurity?

    The IT strategist of a leading international event management company opined: “We work with a few parties for any event IT and frankly nobody wants to be responsible. So it falls on us as the organiser and the app developer to do the testing and checking. On my wish list is for the venue to be the third tier.”

    He added that most show organisers do not have an in-house IT specialist or app developer who can keep in mind the comprehensive platforms needs, advise on cost, set up special firewalls and decide whether or not to rely on the venue’s WiFi.

    The IT strategist further said: “We always advise our clients to buy insurance if they require a high-level of service to ensure voting goes smoothly. Ultimately, the organiser has to block all members from using social media during any 30-minuted AGM poll, otherwise it will slow WiFi speed down.

    “The organiser has to look into such details and also set aside (an IT) budget to negotiate with the venue to be sure. Since the WannaCry ransomware attack, clients are more concerned about their app testing properly and are asking for extra checks to be carried out.”

    The IT strategist suggested that event organisers create a Standard Operating Procedure and not “base dealings on trust and be honest and upfront with the client about free WiFi and up to what level it will work”.

    Jack Chia, executive director of MP International, which organised the biennial INTERPOL World 2017 in Singapore in July, told TTGmice that besides taking a more proactive approach in safeguarding venues, event organisers today must also “have in place a continuity plan in case of an attack, especially for mission critical systems such as delegate registration”.

    Venues play a part

    MHershmanAmong delegates who attended INTERPOL World shortly after the malware NotPetya attack in late-June, was Michael Hershman, Group CEO, International Centre for Sport Security (ICSS).

    On venue safeguards for major sports events, he said ICSS encourages an integrated approach that it is included throughout all operational and planning areas and between public and private stakeholders at an early stage.

    “One piece of advice for venues around their cybersecurity planning…collaborate closely and share as much data as possible with local and national government, as well as law enforcement and private security firms to ensure they are aware of the cybersecurity challenges that your venue faces and can put in place the right resources to protect it from a possible hack,” Hershman said.

    To secure their IT and WiFi systems, Hershman said venues and events must introduce stronger encryption methods, offer secure applications to access WiFi, and pre-monitor and track potentially harmful websites.

    Suntec Singapore Convention & Exhibition Centre, one of the busiest business event venues in Singapore, moved to a Cloud Computing-based system in 2013 when its modernisation programme was completed and the centre works closely with partners when planning various aspects of events.

    CEO Arun Madhok said: “We conduct regular reviews of our safety and security protocols. Our team members ran extra checks to ensure all patches and updates were in place across our staff computers following the WannaCry ransomware attack.”

    But when asked if any clients had asked for stepped-up measures shortly after the WannaCry episode, Madhok remarked that “TTGmice is the first organisation to request for information on this specific issue”.


    Stephan Neumeier, managing director of Kaspersky Lab, a multinational cybersecurity and antivirus provider, shares these simple steps to protect a service provider’s wireless network and router and what event attendees need to be aware of


    • Avoid using the default password

    It is easy for a hacker to find out the manufacturer’s default password for your wireless router and then use that password to access your wireless network. Change the administrator password for your wireless router. When you are deciding on your new password, pick a complex series of numbers and letters

    • Don’t let your wireless device announce its presence

    Switch off SSID (Service Set Identifier) broadcasting to prevent your wireless device from announcing its presence to the world

    • Change your device’s SSID name

    Again, it is easy for a hacker to find out the manufacturer’s default SSID name for your device and then use that to locate your wireless network. Change the default SSID name of your device and try to avoid using a name that can be guessed easily

    • Encrypt your data

    In your connection settings, make sure you enable encryption. If your device supports WPA (WiFi protected access) encryption, use that. If not, use WEP (wired equivalent privacy) encryption

    • Protect against malware and Internet attacks

    Make sure you install a rigorous anti-malware product on all of your computers and other devices. In order to keep your anti-malware protection up to date, select the automatic update option within the product


    << Back To Search Results