Hackers are hitting major corporations by the handful: 50 million credit cards stolen from Home Depot, Sony humiliated by confidential communications plastered across the Internet, and ATMs spewing out millions of dollars to crafty hackers worldwide.
If you’re involved in planning a conference, you know your attendees trust the food won’t make them sick, their bags won’t be stolen, and their meetings won’t be disrupted. So what about stealing their data?
Fortunately, a typical meeting planner can safely separate cyber-threats into two basic categories:
- Easy tactics you should take that will provide good protection against typical attacks.
- Deeply technical strategies that you don’t need to worry about (unless you’re planning the World Economic Forum at Davos).
Think of it this way. For the typical homeowner, good door and window locks and a burglar alarm system are sufficient protection because they make it hard enough to break in given the value of what’s inside. You only need extra levels of protection if you can reasonably expect to attract the attention of more sophisticated criminals.
The attacks on Home Depot, Premera Blue Cross, and Sony were sophisticated assaults that took advantage of weaknesses in router firmware or employed time intensive social engineering techniques. For a typical conference, your best protection against this type of attack is to be not important enough.
So what do you need to worry about? At the conference itself, the biggest threat (or “attack vector” in security lingo) is your shared WI-FI network. Anyone with access can eavesdrop on your network traffic, and setting a password on the WI-FI won’t help. It makes it harder for people to use your bandwidth without permission, but anyone with the password can see all the traffic.
So how do you protect yourself? All the services you use—registration, ecommerce, lead retrieval, private messaging, etc.—should use SSL. This both encrypts your traffic so prying eyes can’t read it and guarantees that the server you’re sending your data to is not an imposter. If you see a green lock in your browser’s address bar when viewing a page, or you see the address beginning with the https prefix (as opposed to just http), you’re safe from the typical eavesdropper.
That doesn’t mean that’s all anyone should worry about. At Pathable, we provide white label mobile event apps and online communities for a range of clients, including financial conferences, healthcare tradeshows, and association conventions. Pathable employs industry-leading security protocols and techniques, including traffic and data encryption, least privilege principle, and staff social engineering training. That’s how we keep your attendee data safe. We sweat the hard stuff so you don’t have to.
But the best way that a meeting planner can protect their attendees is to protect themselves: you hold the keys to the registration database.
Here are some simple tips to ensure you are abiding by best practices online:
- Use a password manager such as Dashlane or LastPass. By helping you create and manage different, strong passwords across your various accounts, these applications ensure that if one service you use is compromised, your accounts on other services won’t fall as well. As a bonus, password managers can protect you against keystroke logger software at public terminals.

- Be vigilant against suspicious attachments. This is probably the most common form of attack against large institutions such as financial, healthcare, and media companies. An attacker will create an email appearing to be from someone you trust, or from a trusted institution, and send a piece of malware disguised as a legitimate attachment: an invoice, tracking notice, etc. Your best protection is your intuition. You should never have to install a piece of software to read a document someone emails you. Period. Just say no.
- Update your operative system whenever prompted. There are new flaws in Windows and Mac OS being discovered every day, and Microsoft, Apple, and other software vendors are constantly updating to address them. If you fall behind their updates, you leave yourself exposed. 

- Spot the Fakes: A new tactic of malignant websites is to lock up your browser with fake “security warnings” and try to scare you into installing software or signing up for a service. The tip off is usually the fearmongering language and exclamation points. Shut down your computer if you have to and don’t reopen the site.
Is that everything you need to do and everything you need to worry about? Of course not. But setting all the hype aside, if you pay attention to those steps, you’re going to make it hard for a hacker to get at your data.
Jordan Schwartz is president and co-founder of Pathable, which has been providing mobile event apps and conference communities for eight years. He managed a hacking BBS in the mid-1980s before turning to the good side. He was recruited by Microsoft in 1996 to manage core operating system, communications, and security projects, which he did for more than a decade.