As soon as your event contains information that you do not want outsiders to access, it is necessary to consider security. Therefore, Twebcast, as an event security company, has recently carried out a major security work that has led to a SOC2 type II certification. All to ensure that users feel safe using the platform.
Security for events may not be the most fun, and definitely not the easiest, topic. But if you understand why it is important and how it works on a high level, it is actually not that difficult. Not everyone in the company needs to be familiar with the technology and law, especially not in a larger company where there should be experts who own and drive the issue. Sometimes, even the IT department and security officials can be perceived as an internal secret police with the task of making things as complicated as possible. But the world is changing rapidly.
Security experts warn in the media about cyber attacks, data thefts and intrusions - real problems that affect many. Events are given targets. Security is often neglected and many are involved. Several different platforms are used, email lists are sent back and forth, and many tools do not meet the standards for managing critical data for large companies during an event. In addition, important and critical topics such as a company's strategies and investments and other things that both competitors and foreign powers are interested in are often discussed. Today, event security is often confused with GDPR - that you do not have the right to store personal data. This is of course important, especially from a legal perspective (not following GDPR can be very expensive for a company), but having critical data leaked can be much worse.
To begin with, it is good to have the attitude that security for event is important and necessary and not an unnecessary evil. Remember that security layers protect a company and gain an overall understanding of why and how it actually works. Fortunately, there are platforms that are highly developed when it comes to security and experts who find security to be the most interesting thing there is. There are several different aspects to event security.
One is the structure of the event. It involves, for example, what type of registration you choose. Who can see what in the platform? Which people have access to the account where information is collected?
Another part is the purely technical part. Is encrypted data sent over the internet? Are video streams open? Is data encrypted in the databases on the server where it is stored? How can you keep track of all this? The short answer is that you cannot without being an expert in the field. That is why there are certifications that ensure that companies and platforms actually meet the requirements that should be set. The most common is SOC2 - an internationally recognized certification. The "type II" supplement means that an approved external company has conducted an audit for six months and guarantees that the company over time follows the regulations that SOC2 entails.
Work with a certified platform
Critical data requires a certified platform. It not only guarantees security but also that there are action plans if something still goes wrong and that all employees have the required knowledge.
Two-step verification of email
A basic security that ensures that the person trying to register or log in to an event actually owns the email address they claim to have.
A very good extra security layer, especially useful at physical events, although it also works for digital events. Check-in ensures that only participants who have been checked in are allowed to take part in what happens during the conference or event.
Another effective way to prevent unauthorized access to an event is to use different types of approved lists. Twebcast can whitelist a specific domain (or several) or have a list of allowed email addresses.
With the help of Bank ID, you can be completely sure that a person checking in is really who they claim to be.
Do all those who will handle personal data have the right contracts? The one producing an event needs to know what they can ask for and also has the responsibility to ensure that all participants approve the handling of their personal data.
Can the platform handle GDPR correctly? Personal data should be anonymized automatically after a reasonable time after the event, which should also be what the participants have approved.
Who has the right to the account on the platform? What different rights do involved individuals have? Even if the data is encrypted according to all the rules of the art, a person with rights should always be able to access the data.
Send in your contact and we will get you started with your first event