On September 17 of this year, 143 million U.S. consumers were given the unsettling news that Equifax had been hacked via a website application vulnerability, leaving their confidential information in the hands of criminals. These types of security attacks are not unheard of, with many large breaches occurring over the past decade, including an attack on Yahoo that affected an approximated 3 billion user accounts.
As a Trade Show Manager, making sure that your attendee data remains safe should be a top priority because of its utmost importance. Your attendees trust that due diligence will be done when it comes to protecting their personal information against hackers. It’s vital that you know how to safeguard your customer data not only for their protection but for yours as well.
Investing in proper safety protocols when it comes to online data is your best line of defense for protecting attendees from identity theft. Even seemingly insignificant oversights can compromise important information. Your credibility and reputation as a business are on the line, so it’s important to get this right. There are several important measures you can implement to protect yourself and the data you have been entrusted with.
- Secure Servers – All customer information should be stored in an encrypted database. Use SSL (Secure Sockets Layer), an internet security protocol that establishes a secure link between a web server and a browser. These certificates make it harder for a third party to hack because it encrypts user traffic information. All server software should be continually monitored to make sure that it is up-to-date and that security patches are applied, should any “holes” be discovered; this can be done with security monitoring tools (some are available for free) that will scan for vulnerabilities. Having other tools in place, such as firewalls, anti-virus software, and spam filters also add layers of protection.
- Social Engineering – It cannot be expressed enough how important it is that your employees are well trained when it comes to handling sensitive data. Customer service representatives can be easily manipulated into divulging personal information if they are not aware of the tactics that are used by people phishing for data. Employees should never use personal devices to handle business; a stolen phone or a laptop that got left behind can result in security breaches that could have been easily prevented.
- Strong Passwords – Passwords should always contain 3 out of the 4 of the following criteria: number, special character, capitalized letter(s), lower case letter(s). They should be a minimum of 14 characters, as this value provides an adequate defense for a brute force attack. Random passwords are best without any common patterns, such as one uppercase, five lowercase, and three digits (such as Blagio456). You should also have multi-levels of passwords for all databases and the passwords should be changed every few months.
- Backups – All data should be backed-up completely and consistently to separate off-site (such as cloud servers) and on-site secured servers. Make sure all data is encrypted when it’s en-route to your backup servers. You should always have a backup plan in place should you experience a network disaster.
- Data Retention Policy – You should have a policy in place that describes how your business manages confidential information and when it destroys it. All data needs to be retained for a certain amount of time for security and operational reasons. There should always be an established time limit on the duration of data storage.
- Proper Way to Destroy Information – Ways to eliminate data include:
- Overwriting hard drives or other media
- Utilize a software program that will permanently delete files from servers
- Shredding any paperwork that contains sensitive information
The frequency of cyber attacks is growing and many businesses don’t know how to prevent them and are ill-prepared to handle an attack when it occurs. The legislation was introduced in March of 2017 aimed at protecting businesses from what has been called a cybersecurity war on businesses. The threat has received heightened attention from lawmakers in D.C. and should be a wake-up call to anyone not taking it seriously. If you haven’t been proactively putting safeguards into practice, now is the time to do so.