¿IS YOUR EVENT APP SAFE?
Discard any vulnerabilities and avoid unexpected surprises.
Mobile applications for meetings and events have become more sophisticated and complete systems when debuted several years ago. The first iterations were simply a digital version of the guide of an event, offering location maps, schedules and general information. As the use of mobile devices has continued to grow, event planners now aim to make your event applications converge on a solution 360, so you get to offer all kinds of features full interaction, from profiles the detailed assistants, networking, conversational chats and private messages between attendees. These new features, make these applications much more complex, and organizers should consider taking into account the security and privacy of data are being collected and stored.
Having identified the most sensitive points on this issue, we want to make some recommendations for the organizers of the event that should take into account to minimize the risks for security of your data.
Your supplier´s background
The first thing to do is find out if your app provider for events has experience in creating mobile applications for other companies and brands that value security. Ask yourself or have worked with multinational companies in the financial sector, medical institutions, pharmaceutical industry or government agencies? If you notice that the supplier shows the logos of these large multinationals, very strict about levels of security and data protection, then you should know that your provider has passed safety checks or audits imposed by any of them.
Access to the app
While it is certainly easier to make a completely open and public application without a user logs in, this means that all information in it is visible to anyone, anywhere. A basic level of security is to provide a universal password to all attendees, but it also carries some risks. When a universal password is used, it relies on good practice and user behavior, but it can lead to unwanted users that have easily known password access. For this reason, the safest option is to provide access to each user with a password itself and fully customized.
Profiles of attendees
Event app users must have control over whether they appear in a list of attendees and the type of personal information that will be visible to others. Some may want to display full contact information, their social networks, and other information, while others prefer to remain anonymous. This option is of special interest to those attending industry events such as pharmaceutical, medical or financial, with very strict guidelines on the privacy of the data of the attendees. At evenTwo we provide event organizers an easy choice of whether to get an opt-in or an opt-out from your community. As long as the attendees have the option to decide, the concern regarding the privacy of their data will be resolved.
Access and use of your provider to the data
Request your apps provider hispolicies and clauses around the use of event data. Ask: Will all employees of the company have access to the data in the backend? That could create unnecessary vulnerability. You should also ask your provider how he plans to use the data. It is not enough for a vendor to tell you, “We will not sell your attendee data, or use it for other purposes.” He must also agree not to offer his product or service to attendees or exhibitors who are in the application. ” The safest answer your supplier should give you, beyond the exclusive use for the event itself, will be: “We will use the analytic of the event in order to improve the product”
Data Encryption
Find out if your apps provider encrypts the data at each stage of the process. This implies when data is stored on his servers, distributed over the internet, and used in the devices of the attendees.
Verification by third parties
Ask what security tests are performed by third parties and whether they are willing to share test results with you. You want to know what kind of tests are carried out on his servers, and if his network and infrastructure is actually protected.
At evenTwo we offer the commitment of SLA (Service Level Agreement), covering absolutely all aspects of security. We have worked with Santander, BBVA, Telefónica, Sage, SAP, Amazon, HP, PWC … .. institutions to which security is a fundamental requirement, and we have very strict clauses of confidentiality and data protection.
All of our apps have been reviewed and monitored by Chema Alonso‘s Big Data group, Advertising and Fourth Platform at Telefónica. They call it “ethical hacking”, this was a requirement of Banco Santander.
In conclusion
You should discard with your application provider any problems around the privacy and security of your data before they happen, and avoid unpleasant surprises.