What events can learn from the Sony hack

When asked if they have given any consideration to security many event organisers and attendees admit they haven’t given it much thought. Unfortunately, but like many things in IT, security is not sexy but it is growing in importance. Within large corporate companies security teams get some weight but for most small and medium sized businesses they are relying on good behaviour from their users to keep data secure.

The recent incident at Sony has become what is likely to be one of a growing number of attacks by those with looking to cause damage to brands and governments. Sony spent over 13 million dollars dealing with the fallout of the issue. Although the risk to events by a security breach is lower, since systems are setup and then taken away in a relatively short period of time, it doesn’t mean that the data transferred could not be of value.

A further risk, which many do not realise, is that it’s not always obvious when a security breach has occurred, meaning that someone can take data for their own purposes and the user is none the wiser.

So faced with the risk of greater security related attacks what can organisers of events do?

Take a lead from your in house IT team.  Many organisations neglect to work with their in house IT teams when defining the specification for their event networks. This doesn’t mean that the IT team will have to provide resource or expertise regularly but what they can do is document a minimum specification of what is required. Providers can then use this to understand what they should be delivering.

Use segmented networks.  An effective method for ensuring communications are private whilst on site is to operate a number of logical and segmented networks ensuring that any file shares are not visible to non-trusted users.

Use common sense. Simple things can be done for example, not calling your event your company name. It may also be useful (for internal corporate events, or production teams) to have a wireless network profile already setup by the IT team on client devices, that way most people will never need to know the password since the profile is already in place.

Use software VPN.  When using networks which are not encrypted, one method of increasing security is to load a software VPN client prior to transmitting like having a private tunnel over the network.

Even though many events do not think network security is a cause for concern, but with more and more high profile cases some basic precautions can ensure the risk is limited.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: