Wednesday, June 13, 2018
Web Secret 523: Cybersecurity - part 5
Do you ever host or attend conferences or meetings? Rhetorical question.
There are cybersecurity best practices to consider, as I discovered after plowing through "The Cybersecurity Challenge", an article which I summarized for this post.
Registration puts financial information at risk. If you are storing any personally identifiable information and collecting credit card payments, you must comply with the PCI (Payment Card Industry) data security standard. There are companies that can help you with that.
Every assemblage of human beings includes a large mobile devices. It is not unusual for attendees to have a smartphone, a tablet and a laptop.
A large risk facing planners and attendees is the ill-advised use of free or “public” Wi-Fi networks in the destination. A large number of destinations have taken measures to prevent rogue Wi-Fi networks tricking attendees into connecting to them, however it’s still a common threat to take into consideration.
It is a relatively straightforward task for bad guys to generate a Wi-Fi signal that is going to look equal to or better than a real one. And they might even tailor it to your meeting and say, ‘Attention EAPA convention attendees — free Wi-Fi available to you.’ Such a hoax is called a “man in the middle” attack. It means the bad guys now have unfettered access to your computer.
Some experts advise clients to inform meeting attendees they should never use the free Wi-Fi networks in a Starbucks or any other public place.
We’ve gotten people to the point that when they are at a hotel or convention center, they expect free wireless internet. That is what has created the vulnerability that everybody now faces.
The typical meeting attendee, however, is not aware of the risk. And a big part of the problem, is that meeting attendees don’t read their program or background material. And the people running the meeting don’t make announcements telling attendees not to use unofficial free Wi-Fi networks.
Not even the safety of the Wi-Fi network at a hotel or convention center should be taken for granted. You must make sure that the provider is using secure equipment and that it has secure connection from its technology to the internet. You also need to make sure that the people involved in running it have been backgrounded and vetted.
The good news is that there is a simple recommendation to mitigate risk. Before attendees head out to your meeting, send them an email that is about just one thing, online security. It should say, "We are concerned about your cybersecurity, so we are informing you that the official Wi-Fi network for the meeting is named XYZ. That is the only network you should connect to. If you connect to anything else, we cannot promise that you are secure.”
Another option is to make a formal announcement at the meeting. For example, at the beginning of an opening general session.
A more elaborate step is to use a virtual private network, or VPN. A VPN is a computer program that creates encrypted connections. And because of that, it’s much harder for someone to intercept your signal. The technology is widely available and inexpensive today. It can be acquired for just a month to cover the meeting dates, then canceled.
Pay attention, people!