You’ve had it with spreadsheets and emails, and you’re ready to start saving yourself a boatload of time by using an event tech solution. It's time to start shopping around. As you compare products, it’s crucial to ask questions about event tech data security. Data breaches and theft, or loss of data, are all risks of working with technology solutions that don’t take security seriously.
The consequences are dire and, surprisingly, a lot of organizations don't ask!
Here are two examples of situations where someone might wish they had asked about data security:
Imagine—dozens or even hundreds of people working together on a carefully choreographed product roll-out at your user conference...except everything leaked the week before. Oops.
Or—you're gathering your membership for your annual conference. This is your big moment where you prove your value and fulfill your organization's mission...except hackers just stole your attendee's personal information. Major oops.
Unfortunately, these types of mistakes can make the news, and not in a good way.
We spoke with Josh Vande Krol, Hubb's COO and head of product, about what event profs should keep in mind when it comes to event tech security.
According to Josh, here are the 5 security questions to ask any event technology solution you are considering.
1. Is your data hosted on a reputable platform? DEAL BREAKER
If you're not hearing the name of an established and reputable cloud provider, you could be entrusting your data to a small team using leased servers. The big players in this industry provide security as part of their normal services.
One clue to ensure the tech solution you are considering meets the minimum-security requirement is the web URL: Does the web address start with HTTPS? HTTP is the protocol that allows communication between systems, usually transferring data from a web server to a browser when you view web pages. With HTTP, that data can be intercepted by third parties, so sites need an SSL certificate to create a secure, encrypted connection between the web server and web browser. So, if the URL of your tech platform is still HTTP, steer clear.
HTTP is a clue, but truly is the bare minimum when it comes to security requirements. Make sure that the tech solution you are considering is hosted on a platform that not only owns the servers, but also offers security as part of its service.
2. Is my data encrypted at rest AND in transit? DEAL BREAKER.
The answer to both should be yes. If you get a no, this is a deal breaker so just walk away.
Normally, your data - stuff like attendee names, email addresses, etc. - sits on a server somewhere. When you log into your web-based event technology solution and access that data, it gets transferred from one network to another network. And whenever your data is moving, it's vulnerable.
Any tech solution you consider should be using industry-standard data-encryption methodologies so your event data is safe whether it's just sitting there, or someone is accessing it.
3. Does their software get audited by a third party and how often?
Any event technology vendor should be able to answer this question with a "yes," and also be able to tell you which vendor they use for these audits, and how frequently they occur. Third-party audits bring to light potentially damaging security issues and should be conducted at least quarterly by any event technology solution you are considering.
4. How is your data backed up?
Circling back to question 1, reputable platforms offer data backup as a standard part of their service, so if the event technology solution meets the requirements of question 1, they should pass here. Companies that aren't using a reputable host may be relying on a team of developers to back up that data, and those backups can easily fail.
5. Does your API have role-based permissions?
You can do a ton with APIs, including giving people access to data they shouldn't be able to get if you're not careful. Think of an API as a door to your data; without the proper security, anybody can just waltz in and grab what they want. Instead, have role-based permissions for your API that dictate what types of users can get access to different types of data.
The first and most important step toward event tech security is awareness; keep data security in mind and you'll be ahead of many organizations. Ask these questions when evaluating an event technology solution, and you'll be on the right path.
TL;DR? Download our handy Event Tech Data Security Checklist!
The Hubb Data Security Checklist
The 5 questions to ask in one easily accessible format for use when screening event tech solutions.
We at Hubb take your data security seriously. In addition to providing the best event content management solution out there, we can answer “yes” to all of the questions above.