Thinking more about it, a high number of transient clientele like a trade show would be a lucrative target for a cyber criminal.
Applying some of the basic principles that make an environment secure here are some ideas.
I am going to talk about things that I have seen and heard of in the last 2 years.
Some will seem far-fetched!
An additional problem is the fact that your attendees will NOT have cyber hygiene as a priority.
The unpatched and outdated system will be part of the norm.
This will make compliance with the new GDPR rules a large part of your organizations focus.
Protecting your environment is now business critical.
1. Free WiFi.
You have to offer free WiFi in today's world.
To secure WiFi you have to know what the capabilities are for creating a cyber issue.
The target is threefold:
- Access to and theft of unencrypted information,
- a man in the middle attack and
- duplicate WiFi access point.
If you are thinking of running free WiFi with no encryption, don't! all unencrypted information over a free WiFi can be captured as plain text and used.
If you are thinking of having a free WiFi system that people use by going to a website and "signing up / signing in", don't! It is not hard for a dedicated cyber criminal to replicate the sign in page, make it look and feel like the original sign in. By doing this the cybercriminal can capture the login process and In the process download malware to the device.
If you are thinking of having a single passphrase for all users, Don't! Once again, I can replicate your system and deliver internet to the clients but through my system. There are a number of WiFi systems that use enterprise level support for wpa2. You can use these systems to personalize and manage all of your staff and visitors.
One of the hardest systems to counter is the man in the middle attack using a Raspberry Pi pumpkin or a “WiFi pineapple”. Either of these systems can be purchased and configured for under $200 and can cause monumental issues for any delivery of free wifi. They create issues by changing a fundamental process within the internet system.
The username and passwords (both randomly generated) can be delivered to the users with their badges. This will allow for single sign-on per account that is a managed and monitored connection.
Opportunities for marketing - putting individual usernames and passwords on the trade show passes.
2. Drive-by attacks of Near Field Communication (NFC)
This is stealing information from a fitbits, credit cards, smart devices, passport or drivers license using a scanner for pin and chip technologies.
NFC is designed to allow people to pay for items using their credit card, wave the card over a reader and it deducts money from your bank accounts.
Normal readers have a range of approximately 2 centimeters, but criminals can buy or make scanners that increase the range to 2 meters.
Opportunity for marketing peripherals - branded thin aluminum RFID protective credit card sleeves as part of the sign-up process.
3. Rapid response
In regards to all of the attacks that can happen over a WiFi network, you need to be able to shut it down in a minimal amount of time to reduce the risk to your organization as well as to your attendees.
Your WiFi system will need to have alerts and be monitored to allow your organisation to protect them.
In today's world anything can cause a disruption to an event and although most are thought about here are a couple more.
Print off a copy of all attendees and have it located at all entrances, just a basic power failure at the wrong time can be catastrophic.
5. Disaster recovery/business continuity
For any business in today's business world, a failure of the ICT can have a significant impact on the organization.
A risk analysis of everything that could go wrong and will have an impact on the organization needs to be put into perspective.
Each risk has to be mitigated, ignored, transferred or eliminated.
The organization would also have required functionality to allow it to manage the number of people who will be attending.
In addition to what expectations the attendees have there are certain expectations of the organization that has to be addressed.
These include the fundamentals:
- end-point protection
As you can see from above it is not just about protecting the actual event itself.
It is a slow build up to protect everything and everyone that comes in contact with your organization. In today's litigious and compliant world we have to be very aware of the impact of a single event.
Do it correctly and you can use the security of the event as a selling point. A marketing leverage point that puts your events well above anyone else.