Digital safety can save you, your attendees and your clients from Zoom bombing and worse
“Getting a password manager is my number one tip for meeting planners.”
Anyone that knows me knows I’ve had a burr in my saddle for quite some time when it comes to our industry. We all have them: for some, it’s promoting diversity and inclusion, for others, it’s accessibility, or maybe dietary awareness, and for still others, it’s pushing the bounds of normality to break us out of meeting and event ruts and create truly unique, and inspiring experiences for our attendees—all worthy causes.
For me, it’s digital security (I’m not a fan of the term “cybersecurity”, but hey, that’s what people call it, so might as well go with it). For literally years, I’ve been speaking to conferences and event teams about the responsibility we all have to keep our organizations’ and attendees’ data safe. In the early days of pandemic lockdown in 2020, I was therefore shocked and dismayed to discover that planners (as well as educators, and soooo many others) were posting their video chat links publicly, for anyone to find. I was also precisely zero percent shocked when “Zoom Bombing” became a thing. I was like, “Have you met the Internet?” Fortunately, Zoom and other platforms tweaked the defaults to make it easier to lock down meetings, requiring things like custom links and passwords. Word got out, and I honestly thought we were past it.
Until last week.
An industry colleague shared that she’d recently witnessed not one, but two instances of unauthorized guests joining an event and filling it with offensive language and pornographic video. And one of the events? It was an international meetings organization. The size of my exasperated face-palm could be seen from space. Tack on the fact that basically everybody is working from home, and therefore not within the corporate network, and it felt about time for a quick review of what planners and others in our industry can do to take personal responsibility for the digital security for our events.
You see, cybersecurity isn’t just the responsibility of some nerd down the hall in the IT department, nor is it about making sure that the event app we’re providing has “military-grade encryption” touted on their website. It’s all of our responsibilities. And there are simple things we can do to protect our meeting and event attendees, and their data.
How to Stop Zoom Bombing
First up, a quick reminder about “Zoom Bombing.” I haven’t heard of a single instance where a video chat was actually hacked. In every case I can find, either the meeting link and password were shared publicly, or an attendee shared their registration info with someone they shouldn’t have, or a person responsible for the meeting used poor password hygiene and the evildoer was able to guess their password. Period. And no amount of that military-grade encryption can prevent any of that from happening.
It’s an easy fix, though. Make sure you never post meeting links in public. Bad actors have bots trolling the web, just looking for these, and then they’re shared in online forums.
Additionally, be wary of “wrapper” websites that offer you free, attractive landing pages for your online events. These sites can often be fronts for those same bad actors because, in order for it to work properly, you’ll have to give them your meeting codes and passwords. Many legitimate sites are providing this service as well, but just be careful. Do a little digging, and remember the cardinal rule of internet commerce: if you’re not sure how they’re making their money, the product is you.
How to Protect Data Gold
Let’s talk about that data for a second. When Home Depot and Target were hacked, it wasn’t through their own network or servers. Home Depot was hacked through their point-of-sale credit card reader supplier, and Target was hacked through an HVAC (air conditioning and heating systems) vendor. Access was gained through a supplier. Not through the front door or back door, but rather through the “side door”. And guess what? We in the event industry are suppliers to some of the largest organizations, governments and most profitable companies in the world. We’re the side door and think about the data we’re responsible for: names, addresses, job titles, work emails, phone numbers and depending on your registration onboarding, even more personal information (thnk spouse names and home addresses). How else can we send them that really nice swag basket of wine before the event.
Our in-person events yield an even greater treasure-trove of data, including flight schedules, spouse and other family legal names, hotel reservations, transfer services and times, dietary preferences and so much more. That data is gold. It’s not hard to imagine a targeted email that appears to come from the limousine service with the correct dates and times listed, and a convenient “click here to confirm” button. So if you’ve used the same password you’ve used for years, or “monkey123” for the password on your registration site, all of that data is in danger of being exposed and used to create targeted attacks on the parent organizations.
Add Years to Your Life
Getting a password manager is my number one tip for meeting and event planners. First, it’ll change your life. Not having to remember, guess, or try multiple versions of each password every time you log into a site probably adds years to your life, and frees up room in your brain for more important things like learning Tik-Tok dance moves. They allow you to set completely randomized, long passwords that are nearly impossible to crack even with a supercomputer, and to do so on every site you visit. I have literally over a thousand passwords stored at this point, but I only have to remember the one for my password manager and a handful of others. Password managers are incredibly reasonably priced for the peace of mind they provide. Personally, I use LastPass, as it was vetted by security professionals I trust, but there are plenty of other options, like 1Password and Dashlane. Just remember to, once again, do a little research and be wary of free password managers (see above, “the product is you”).
Tunnel to Safety
The next best way to protect your data is the use of VPNs. This used to be one of my hot tips for the road-warrior class, but now it applies to just about anyone working from home. VPN stands for Virtual Private Network. Basically, it’s an encrypted “tunnel” between the computer or device you’re working on, and somewhere else. In the heydays of the late 20-teens, VPNs gained popularity as a way to get around geographic restrictions on websites. Can’t watch the latest anime shows? Use a VPN to make Netflix think you’re in Japan (by creating that tunnel between your tablet and… well… Japan). Originally, VPNs were for a much more work-oriented purpose: it allowed a remote worker on the road to establish a secure connection back to the office network. I recommended them for the travelers because even if your company didn’t offer a VPN to their servers, using one to a server even in the same city as you encrypts your web traffic, preventing prying eyes at the coffee shop or hotel wi-fi from seeing what you’re up to.
Now that basically everyone is a remote worker, the bad guys are focusing their efforts on consumer-level networks, routers and wi-fi points that are far away from the battle-hardened intrusion detection of corporate networks. Using a VPN at home at least gets your internet traffic encrypted and past your local internet devices to a location less likely to be snooped on. And, making it three for three, be wary of free VPNs because once again, if you can’t tell how they make their money, (say it with me!) the product is you. I use ExpressVPN, which has again been vetted and certified to keep no logs of your activity.
There’s plenty more we can be doing, especially when we start to return to in-person events. I mean, how many times have you handed over presentations with sensitive financial data to a random person in a black polo? But that’s for another time. For now, just remember that cybersecurity is all of our responsibilities, and even just the two simple steps of using VPNs and password managers can go a long way toward protecting your, and your attendees’ data.
Smart Meetings event tech correspondent Brandt Krueger is owner of Event Technology Consulting and an instructor with Event Leadership Institute, the engine behind Smart U.