Some of the most devastating attacks are not carried out with guns or cars crashing into buildings, but instead at the digital level. We are all more vulnerable to cyberattacks stealing our data than ever before, and the meetings industry has a heightened responsibility to keep information about its attendees safe. Event apps are now ubiquitous, but is yours secure? Gather Digital suggested asking these questions of your event app provider to help protect your data and attendees’ identities.
1. Do you conduct third-party auditing?
This is also known as SOC 2 reporting. It covers everything from security and privacy to availability, and needs to be kept updated. It should show who has access to data and how. Your data should be accessible only to vendor employees working directly on your account.
2. Do you commission vulnerability testing for your native apps?
A third-party security firm test of the content management system, network and server infrastructure will test for penetration vulnerabilities, and the company should be able to share high-level results of the findings.
3. Is data encrypted end to end?
Presentations and attachments stored on the server should be accessible only through expiring URLs that cannot be shared outside the app. Data should not be bundled with the app when on the app stores, where hackers could download it.
4. What tools can attendees use to control their privacy in the app?
Attendees should be able to proactively display or hide their profile information and decide whether or not to allow messages from other attendees.
5. How can we control access?
The app should offer various levels of access and password protection—public, password protected, accessible with a code or visible only to registered attendees. Individual events inside your app can each have different settings.