Safety should be a priority throughout any event. In the case of a government event, it should be a top priority. If it’s a government event of global importance like the Trump–Kim meeting, well, you will have to take it to the next level.
There are many aspects to government event security, including data protection, staff training, venue safety, etc. Over the past few years, there have been many updates made to event security policies both at the local and national levels. This, in part, is due to the growing number of terrorist incidents, such as the massive attack that took place at the concert in Manchester. This means that choosing the proper security mechanisms for an event is literally a matter of life and death.
Government event organisation: A security checklist
So where do you start? Based on the experience of GlobalSign.in, the official tech partner at the North Korea–U.S. Summit, we compiled a list of important measures one should take to ensure event security.
1) Polish your cyber protection strategy.
Depending on your environment and the tools being used, ensure that no cyber threats can cause your event management software to go down. After making a detailed analysis of potential threats, you should establish a protection mechanism that will work in your particular case. For instance, if you’re using a platform for online registrations, you will need to set up the related firewalls and ensure that servers are properly protected against malware and DDoS attacks.
2) Cooperate with certified tech vendors.
Compliance with valid security standards is another aspect to it. If you haven’t made the choice of your event tech provider yet, we recommend focusing on companies that possess locally or internationally recognised certifications. Usually, such certifications prove that a company is compliant with a range of security standards. For instance, the main reason why the GEVME team managed to handle security issues so quickly during the DPRK–USA Summit is because the company is ISO 27001 certified. This means the product was compliant with many security standards from the start. Because of that, the only task the team had was to showcase the compliance through testing.
3) Study data protection laws.
Unless you don’t deal with the Internet in your daily life, you definitely know what all the buzz around GDPR enforcement means. Just like the EU, each country has its own laws related to the storage, use, and purging of personal information. The knowledge of these regulations will help you ensure that the event tech vendor you are cooperating with doesn’t break the law. In Singapore, the core data protection standards are based on PDPA—the set of laws that the government enforces with local companies. If you want to save time on data protection compliance (which we know you do), check whether a provider abides by the principles of the local data protection law.
4) Ensure no one steals your data.
When preparing for the DPRK–USA Summit, the onsite team was concerned about one important issue: the threat of equipment theft. Indeed, what happens if someone just walks in and steals a laptop from the venue? If you’re using a thin-client approach, the short answer is nothing. Nothing happens to the data of your guests or stakeholders, because in accordance with this approach, all the data is stored on the cloud rather than on computers. Check out the possibilities for using cloud storage at your particular event to ensure no private data can be stolen.
5) Regulate data access.
When it comes to government events, there’s barely a distinction between sensitive and non-sensitive data. All the personal information requires foolproof protection. Accordingly, a powerful mechanism for data access control is a must-have tool. In terms of granting access to the event data, we recommend taking a maximally restrictive approach. When looking at the experience of GEVME at the North Korea–U.S. Summit, you’ll see that the data wasn’t accessible to anyone except those who were explicitly invited to the GEVME project. Additionally, there was a multi-factor authentication put in place for whoever had access to the back end.
6) Conduct security testing.
Also known as vulnerability tests, such practices help event organisers identify the weaknesses of a system in terms of data breaches or any other external attacks. At GEVME, security testing is usually conducted by an independent party, an end user.
7) Not by data protection alone
Apart from ensuring data protection, an organiser should also cooperate with the range of contractors responsible for the security of premises, physical hardware, equipment, and the venue itself. The best way to maintain safety at events is to build a network of security teams that work closely together. At the very least, such teams should use a centralised communication channel, such as instant messaging, and conduct regular collaborative checkups. This is important because, for instance, the secure functioning of software depends on the security practices used by a network provider.
Each event is different in terms of size, venue capabilities, and basic nature. Security practices, however, lay at the core of each event planning strategy. We hope that the tactics employed by the GEVME team throughout its partnership with the DPRK–USA Summit organisers will help to enhance your current security standards so that you can reach new heights in government event planning.