When planning an in person event it’s easy to monitor security. Two burly men flanking the entrance (check), event staff ensuring people don’t take a quick snap of the presentation slides (check), delegate badges to ensure everyone in the room is supposed to be there (check and check). It is easy to know you are A-okay! BUT when it comes to Online events, making sure the high level information you are sharing is secure can become a bit harder. Managing virtual event security needn’t be overwhelming though. Here we share our top 8 tips to ensure your online events are secure.
Virtual Event Security blunders of 2020
As the popularity of virtual meetings and events rose in 2020, hackers started to have some fun! Zoom’s ease of use made it easy for your Gran to use but that also means it was easy for troublemakers to “bomb” public Zoom meetings.
As highlighted by several security experts – Zoom’s security has a lot of holes, although some have been fixed over the past few months. There’s also been scrutiny of Zoom’s privacy policies, which until recently seemed to give Zoom the right to do whatever it wanted with users’ personal data, and its encryption policies, which have been more than a little misleading.
It’s easy to see why such things would put you off holding a virtual event BUT if you ensure you are prepared there is really nothing to fear!
When procuring or using any software it is important to understand how the economics of applications work. And that in some cases vendors monetize your, or your users, personal data. There is no such thing as a free lunch, and the costs of hosting streams are staggering. As such vendors like Youtube and Facebook might be able cash in on the traffic by selling ads or data.
2. SSL Encryption (aka ‘the little padlock’) and what it is
Most of us know SSL encryption by the little padlock that is located in the browsers’ address (URL) bar.
It gives us comfort that the browser considers the website secure. This means that all traffic is encrypted between the server and the browser and that the traffic can’t be intercepted or modified on route to you.
Improve your Virtual Event Security – The encryption standard provided by the vendor should be no less than TLS version 1.2.
3. Password Strength… and why ‘123456’ is not recommended
Improve your Virtual Event Security – For any app you are using to manage your virtual event, ensure you have a password of at least 8 characters. Mixing; letters (upper and lower case), numbers and ideally special characters. This makes it astronomically harder for hackers to guess your password. For any admin password a password manager such as Chrome’s password generator should be used.
4. ‘Forgot your password’ and why we won’t alert you
Forgot your password? Annoyed that the platform you are trying to log in to did not alert you that you were actually using the wrong email address? This should be the type of security you actually look for in an event mangement platform.
Improve your Virtual Event Security – Like we proudly practise at Onlive.io, the forgot your password function should ask users to specify their email address and not give any error message if the email is wrong. Why? Those kind of hints are the ones hackers thrive off! It can allow them to get one step closer to deciphering your log in credentials and completely breaching your event security.
5. Two-factor Authentication (2FA) – a necessary evil
2FA is a secondary security measure for logging into many online accounts. It might seem annoying, but if implemented correctly by the vendor it is well worth the inconvenience.
Improve your Virtual Event Security – Look for vendors who will implement 2FA to kick in when detecting anomalies in account activity, or after timing out.
6. Login protected stream access
If you are selling tickets or simply don’t want “unknowns” to view your online event presentation, ensure your guests register for a place and are prompted to set a unique password when doing so.
Improve your Virtual Event Security – Ensure your vendor uses a system that protects your guests passwords so well that not even they, the vendor, has access to it. When it’s ‘go’ time, your user should have to login (with their unique password) to access the stream/content.
Go even further and look for a platform which also protects your speaker access. As we do at Onlive, your speaker access should be password protected to give you that additional peace of mind that the speaker platform cannot be infiltrated.
7. RTMP vs RTMPS
Many platforms offer Real-Time Messaging Protocol (RTMP) as the interface for you to connect professional streams from third-party software such as OBS, Vmix, and others to your stream. The difference between RTMP and RTMPS is that ‘RTMPS’ is the padlocked version. Here the stream is sent encrypted to the platform and thereafter distributed to your audience.
Improve your Virtual Event Security – Use RTMPS for extra protection!
8. Security Credentials
Like any audit it’s good to know that your vendor takes security seriously. Check that out before you lock the vendor in!
Improve your Virtual Event Security – At the very least, your vendor should be penetration tested by a CREST approved third-party security vendor. In addition any other certification such as SOC2 or ISO27001 just gives you even more assurance they are secure and take your virtual event security seriously.