SAFE MEETINGS Good to Know Hack-Proof Your Event The five biggest cyber threats facing meetings today— and how planners can protect against them by Vawn Himmelsbach As meetings and events become increasingly digital—from cloud-based event platforms to online registration to hybrid sessions—they’re also becoming more attractive targets for cybercriminals. High-traffic, time-sensitive environments with multiple vendors, devices and unsecured networks create ideal conditions for today’s biggest digital threats. “The cyber-threat landscape has expanded considerably over the years and the tools available to cybercriminals have become more sophisticated,” says Janny Bender Asselin, spokesperson for the Canadian Centre for Cyber Security. For example, phishing emails were once easier to identify due to obvious grammar mistakes and poor-quality images. “Today, widely available technologies, including generative AI, allow malicious actors to create very believable and well-crafted emails.” Here are some of the most common cyber vulnerabilities facing planners today—and what can be done to reduce risk and protect attendee data. 1. PHISHING AND SOCIAL ENGINEERING Long before an event takes place, planners need to start thinking about security. From fake registration sites to fraudulent ticketing emails, cybercriminals use phishing and social engineering tactics to trick planners, staff and attendees into clicking on malicious links or giving away valuable data. For example, cybercriminals might impersonate a venue or vendor, requesting login access or payment to a new bank account. Or, they might target attendees by embedding fake QR codes in phishing emails, linking to fake websites that steal credentials. Even fake .ics files can be automatically added to an attendee’s calendar, so malicious links bypass email security filters. Prevention: Training is key. “Although using strong security measures can reduce cybersecurity risks, clicking on a malicious link can compromise a device,” says Asselin. “Employees should know how to recognize social engineering attempts.” 2. DATA BREACHES AND RANSOMWARE Planners collect sensitive data through ticket purchases, app logins and access scans, making events an attractive target for cybercriminals. In some cases, they might launch stealth attacks, stealing data while remaining undetected. Or, they might launch a ransomware attack timed to cause chaos, like on opening day, so organizers are more likely to pay up. Prevention: “Organizations should run simulated cyber incidents and practice recovery procedures,” says Asselin. “These exercises can show you what to focus on to improve your recovery procedures.” Also make sure to perform frequent backups and store those backups offline. 3. UNPATCHED DEVICES AND SYSTEM MISCONFIGURATIONS Events are dependent on a multitude of devices, from laptops to scanners, drones, CCTV cameras and more. Since these devices are connected to a network, they’re a potential entry point for hackers. Unpatched or unsupported operating systems and applications, as well as device misconfigurations, are common vulnerabilities that can be exploited. Prevention: Make sure devices are updated with the latest software patches and firmware fixes, and consider using Mobile Device Management (MDM) tools to enforce strong passwords on staff devices. 4. THIRD-PARTY RISK AND INSIDER THREATS Cybercriminals can exploit supply chain weaknesses, which means “every link in a global supply chain can pose a threat to cybersecurity,” says Asselin. For example, if one of your vendors is breached, it could mean your event is breached, too. Insider threats are another risk, whether intentional (such as stealing trade secrets or attendee lists for financial gain) or unintentional, through negligence. Prevention: It’s important to vet vendors and suppliers to ensure they have enterprise-grade protections in place. With staff, only provide admin privileges to those who need it. 5. ON-SITE RISKS Other risks can happen during the event itself, such as juice jacking. This is a type of attack where cybercriminals modify USB charging ports to siphon off personal data from your device. Or, they install malware, allowing them to gain unauthorized access to your device and track online activities. Prevention: Planners should make sure they’re protecting attendees at every touchpoint, from RFID wristbands to venue Wi-Fi to charging ports. For example, they can provide ‘charge-only’ cables, use USB data blockers and segregate public Wi-Fi from operational networks. After every event, conduct a security debrief to understand what worked, what didn’t, and what could be done better next time. Since cyber threats are always evolving, it’s important to make debriefs part of the overall event planning process. Summer 2026 | Ignitemag.ca | 13
