As illegal hacking becomes more lucrative, your company is put more at risk. Computers and networking are the way of the future- we live in an era where people don’t necessarily fly across the country to have a sales meeting, they are video chatting, texting, emailing, and calling each other to close their sales. If your team sends any important information via digital communications, you need to read this.

Meetings are — simply put — a cesspool of important personal and corporate data, which is why they have become the targets of hacking. Not only is it easy for hackers to get valuable information, but it has become very profitable for them.

The Problem

Michael Robinson is a Cyber Threat Analyst and an Adjunct Professor for Stevenson University whom, prior to a presentation for “Hosts Global Alliance” (HGA), set up a fake website- mimicking the hotels- that allowed users to connect to his own personal router.

The hacker will set up a router with a name similar to the legitimate, attendees will typically access whichever signal is strongest (which is typically the signal that is closest to them), and it will require the user to enter in personal information. Additionally, the hacker can access the devices of those connected to the access point.

Of course, Michael didn’t setup the router and make it functional- if Michael were a hacker, he could have easily accessed a great deal of personal data from the attendees of the presentation.

The Profit

As I have mentioned, hacking is becoming more and more lucrative. Hackers aren’t stealing your email addresses anymore in order to sell them to “Nigerian Princes”. They might be taking your address book and then sending out a memo that is actually a phishing email and has a dangerous link in it. That link, when clicked on, could actually be a malicious software download that will send as much data as it can to its source- which could include credit card information saved on your online shopping sites.

The Solution

There are plenty of ways to prevent your meeting from falling under the attack of a skilled Hacker. Robinson gave some in his presentation:

1. Know the Venue’s Legitimate Networks – It is important to determine which networks are the true networks and making your attendees aware of them in a piece of literature that you are certain they will get their hands on. It might be wise to send out an email prior to the meeting that includes the network information, or display it in the presentation or on printed marketing materials- especially if you will be sharing valuable personal or corporate information.
2. Watch for Rogues – A weak antenna could easily be set up and become the strongest signal in the venue, and that is very enticing to attendees. Assign someone the responsibility of monitoring the event- someone should keep an eye on available networks and if one goes up, they can easily make the appropriate people aware of it, and keep your attendees from making themselves vulnerable.
3. Change the Password – If you change the password on your network at regular intervals (maybe once per day), it will prevent unauthorized people from accessing it.
4. Check Cell Signals – A hacker can also set up a boosting antenna that gives certain cell carriers a better signal. If a T-Mobile signal suddenly becomes a lot stronger, it is possible that someone is trying to intercept texts or calls.
5. Mobile Apps – If your meeting has an app associated with it, you need your developer to answer “Yes” to all the following questions…
   1. Is the attendee database encrypted?
   2. Does the app only receive updates from authorized sources?
   3. Are messages and push notifications encrypted?
6. Be aware of Registration Kiosks – Registration kiosks can be problematic. Be aware of the potential risks:
   1. Make sure the kiosk does not have any accessible USB ports for someone to plug in a thumb drive or external device.
   2. Disable the Windows Help feature; this is a key bypass for experienced hackers.
   3. If the kiosk does not need an internet connection, disconnect it.
   4. Make sure that the registration applications are not running “as Administrator”.
7. Talk to an Expert – There are plenty of professionals that are able to help you monitor your cybersecurity and keep your organization’s information safe. You might even find that it will be wise to hire them for your event.

Tim Dimoff is an expert in all things security-related

SACS Consulting & Investigative Services offers HR consulting services and can help you in cybersecurity training and development as well as policy and procedure development. If you have questions or you want to make sure that your company knows how to handle potential cybersecurity threats and other safety topics call SACS at  (330)255-1101.