Fend Off a Hack Attack

How the meetings industry can shield itself from cyberattacks 

A meeting professional is expected to have a Mary Poppins bag full of tricks to remedy just about any situation. Unfortunately, a spoonful of sugar cannot cure a cyber attack. When registering for an event, attendees entrust loads of personal information with meeting professionals, who are held liable to keep it under lock and key. Sadly, some hackers try to compromise this data.

If you suspect your event has been breached, technology expert Corbin Ball stresses the importance of creating a preplanned communication policy. “Be transparent and notify those affected as soon as possible,” he says. “A rapid and honest response is crucial.”

Worst-Case Scenario

The pirates of 2018 are going after digital booty. In January 2017, Romantik Seehotel Jaegerwirt, an Austrian hotel, fell prey to an attack. According to The New York Times, hackers locked guests out of their rooms and prevented staff from logging in to the computer system. They demanded ransom be paid in Bitcoin.

“Ransomware is becoming a pandemic. With the internet, anything can be switched on and off, from computers to cameras to baby monitors,” Tony Neate, a former British police officer who investigated cyber crime for 15 years, told The New York Times. “Hacking a hotel and locking people out of their rooms is [merely] a new line of attack.”

Secure Payment

In an effort to keep guests’ credit card info safe, Treasure Island Las Vegas deployed the industry’s first online payment software, b4easypost, in late 2017, in partnership with Agilysys and b4checkin. This program provides meeting professionals and guests with an extra layer of security—a secure, online platform on which to make deposits and payments to the hotel that are automatically posted to the property’s Lodging Management System, says Careme Casanova-Dapra, executive director of resort services at Treasure Island Las Vegas.

Saar Fabrikant, president and CEO of b4checkin, predicts more hotels will use similar measures to defend themselves against vulnerability. “As guests now expect every form of payment to be available to them online, there is no reason why all properties shouldn’t do their best to uphold strict data security standards without manual work,” he says.

Security advances are covering the entire revenue and expense cycle. In November, Onyx CenterSource announced another industry first, GroupPay. This automated system was developed to keep hotels and meeting professionals on the same page with real-time data. It stores contracts and enables faster commission payments, billing reconciliation and tracking of occupancy and reservations.

“GroupPay provides real-time data to resolve and avoid payment disputes, which we believe will result in increased room fulfillment and enhanced trust between meeting planners and hotels,” says Bill Nicholson, chief product officer for Onyx CenterSource.

Payment Card Industry

The Payment Card Industry Security Standards Council (PCI SSC) was founded in September 2006 to make sure all companies that accept, process, store or transmit credit card data are compliant with guidelines set forth by the Payment Card Industry Data Security Standard (PCI DSS). These standards were initiated by the major credit card brands—Visa, MasterCard, Discover, American Express and JCB. If businesses are found to be noncompliant, they could face fines and other consequences.

General Data Protection Regulation

Cybersecurity is, of course, a global concern. The EU Parliament approved General Data Protection Regulation (GDPR) in April 2016 to protect European citizens’ personal information from being compromised. Enforcement will begin in May. This new legislation replaces the Data Protection Directive, which has been in effect since 1995. Among its many provisions is a requirement that businesses obtain consent to process personal data in some situations.

“This will have a big effect,” Ball says. Planners who collect attendee data from residents of the EU will be affected, regardless of where the planning organization is based. “There are very severe penalties for noncompliance,” he says.

What Planners Need to Know

1. Ensure that your registration and other tech providers handling data are PCI- compliant.
2. Keep software programs and operating systems up to date.
3. Keep antivirus programs up to date.
4. Use strong passwords.
5. Get educated on phishing and spear-phishing scams.
6. Use VPNs for secure emails and data transfers.
7. Have a web-based backup program.
8. Vet meeting facilities to make sure internet and Wi-Fi systems are secure.