The Fear of the Event App Data Breach

Image: DepositPhotos

Data breaches are real. Data breaches can happen to your event. Data breaches should be on your mind. Data breaches are a serious threat to event apps. The security of your event or conference app is mission critical.


Common sense is also mission critical to the success of your event and fear is the killer of common sense which is why I am not a real big fan of scare tactics in the event world.

Fear marketing (or scare marketing) is designed to play to the most primal part of our brain. Those little slivers in our neural pathways that tell us to run away from really bad things that want to kill us and eat us. Things like lions, tigers, bears, and zombies. It is also that part of the brain that can be manipulated to steer us toward a product or service so that we feel “safe” when we choose whatever they happen to be selling, shilling, or scalping.

We see this popular selling device employed by noble entities with “positive scare campaigns” against child abuse or texting while driving. We also see this tactic used by the not so noble snake oil salesmen like politicians that want us to “vote for them” or “frightening children will invade the border to give us Ebola and steal our jobs while we sleep”.

Fear, Uncertainty, Doubt

The technical term for this type of marketing is FUD (Fear, Uncertainty, Doubt)… here is the definition:

FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor’s product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

The term originated to describe disinformation tactics in the computer hardware industry but has since been used more broadly. FUD is a manifestation of the appeal to fear.

To be honest, we all do this everyday in our personal lives without even thinking about it. Yesterday I told a kid not to climb the backyard tree because he was gonna fall, break his arm, and have to go to the hospital… I painted a picture. That is fear marketing, FUD, whatever we want to call it…. it worked. The kid stopped climbing the tree and my homeowners policy and his arm remain unscathed.

Fear works. Fear is an amazing motivator. Fear sells. Fear makes us run to tell our friends to be afraid. Fear can be used to imply that if we don’t use a particular product we will be the victim of a data breach with our event mobile app.

The Statements

This type of marketing, whether planned or not, is exactly the vibe I get from some statements by Giles Welch, CEO of GenieConnect, in a recent article.

First. I don’t know Giles and I actually like GenieConnect’s product, it is a fine solution for many events. My problem stems from how he framed his statements because it is implied that other app providers are not as secure as GenieConnect and I feel that is not only misleading, it is unfair. Maybe I am wrong, maybe I am reading to much into it, but I asked 7 other meeting planners and they all got the same vibe that I did so I am not alone in how this made me feel.

Here is what the article said: 

Event apps are at risk from security breaches if steps aren’t taken to protect delegates’ data, says the head of an event technology provider.

“Many in the events industry are alarmed at the frequency with which mobile apps from technology vendors are suffering security breaches. By their very nature, native apps store potentially sensitive data on the handset and these are relatively easy to hack into if they are not encrypted and stored correctly,” said GenieConnect CEO Giles Welch.

In an industry first, the firm has earned the VerAfied security mark from Veracode for its native mobile apps.

“By enlisting the services of Veracode, the world’s most powerful application security platform, we can reassure clients that that our software complies with the highest security standards,” added Welch.

“Event technology is no longer a fledgling industry and, as it matures, it must be held accountable to an increasingly rigorous set of standards. Event apps are now very sophisticated, holding tens of thousands of personal records and serving as a conduit for information that is often mission-critical to the event host’s brand. I believe security verification is the very least event organisers should expect from their technology provider and that this will rapidly become the new norm in our industry.”

There is an undercurrent of fear in everything said here. Words like alarmed, steps, accountable, yada, yada, yada.

Let’s start with “Many in the events industry are alarmed at the frequency with which mobile apps from technology vendors are suffering security breaches.”

What?? OMG….I haven’t heard of any security breaches with event app providers, what am I missing…Should I be alarmed?! I thought I was one of the most informed in the industry… Oh wait… he is talking about security breaches with apps “in general”… not necessarily event apps. But it is implied that event app providers are the “ones” being breached….

I also talk to a lot of event planners every day, hundreds of them a month, and not once, during conversations about event apps, has security been a topic of conversation. First is cost, then comes social, then comes nine other things… including a bathroom break, and only when I mention security, does the topic come up… Security NEVER comes up in general conversation… Ever.

It should also be noted that even Gartner thinks that 75% of Mobile Security Breaches in the coming years will be because of user phone/app configuration, not because of any app itself. Hackers are looking for a doorway into a company to attack servers and computers… not into an app for whatever small amount of user date it may contain.

Next is “By enlisting the services of Veracode, the world’s most powerful application security platform, we can reassure clients that that our software complies with the highest security standards,

OK, that is great, awesome in fact, but the phrase “our software complies with the highest security standards” implies that no other app provider is “compliant” or doing anything about security and attendee data is at risk by using anyone else. Yes, Veracode may be the schnizzle with whipped cream on top but there are others in this space including VMWare, Applause, Sunera, Gotham Digital Science, Casaba Security, ControlScan, Rapid7, Trustwave, and Attack Research. Just Google “app security test”. Go ahead. I can wait.

Now we have “Event apps are now very sophisticated, holding tens of thousands of personal records and serving as a conduit for information that is often mission-critical to the event host’s brand. I believe security verification is the very least event organisers should expect from their technology provider

Huh? What? This confusing statement plays to the fact that most people don’t have the foggiest idea of what data is actually in an app and not knowing makes them afraid. There is not that much information in an app.

Let me be clear, I am not opposed to using security to sell. You can (and should) use the fact that your product is as secure as Fort Knox.. I am all for that. You can sell security in a positive light.

Others Do Care

I know all of the app providers and I know most of their leaders, their teams, and their products. They are all good people that care about their clients and care deeply about security. They will go on for hours about security….

I asked a few of them to comment about security for this article and here is what they had to say.

Brian Slawin of Busy Event, come on down, you are the first contestant on how secure is your app:

BusyEvent has taken a 3-tier approach to building our data security architecture, continuously evaluating and implementing methods to meet EU-level information privacy practices and data security standards. We approach this holistically from the database through the application, managing the traffic that flows between the app and the servers, securing the information being transmitted along the entire data trail.

Alon Alroy – Co-Founder | CMO & BizDev at Bizzabo, come on down. You are next up…

Security is a major part of what we do at Bizzabo. Privacy and data security are top priorities when designing our products. We understand that user data is sensitive and treat it that way. Our team actually includes ex-Checkpoint employees who have been at the edge of data security for years. We use strong, industry-standard encryption to make sure event organizers and participants feel secure to share and enjoy the event.

Michael Balyasny – CEO | Attendify, What say you my good man…

We take security very seriously at Attendify and I’m sure that many event app vendors share our values and do their utmost to deliver a secure experience for clients and end-users. Unfortunately because security is such a sensitive and complex topic it can easily be used to stoke uncertainty. It is impossible to assess all the security measures deployed by a given vendor without a detailed audit, and obviously competing vendors don’t have that kind of access to each-others systems. Blanket statements about the security practices of an entire industry certainly sound like a scare tactic and are unwarranted. Any up-tick in security centric statements or marketing is likely a sign of the shifting landscape which is seeing many event app vendors struggle to keep up with a new generation of solutions that are making event apps more accessible and dramatically simplifying fulfillment.

Jeff Epstein – Director, Product and Channel Marketing, QuickMobile, you get the last word…

Security is a nuanced topic in technology circles, encompassing software strength against intrusion and malware, database security (back end and app side), privacy for users, and in the SaaS world, also including strength and resilience of cloud architecture. At QuickMobile, we see all of this as the baseline requirement, even if it often reaches beyond the needs of the vast majority of our clients. As a business rule, we constantly measure ourselves against evolving industry standards in all these areas, and others such as login authentication and role management. That’s why we are currently updating our entire architecture and software layers to ensure that our solutions keep pace with the constantly evolving security landscape.

We recognize that every customer will have unique security requirements as determined by their own policies and those suggested or even mandated by relevant industry and regulatory agencies. As a core commitment, we will always ensure that every client’s unique security needs can be met.

Final Thoughts

While the folks at GenieConnect should be proud that their platform is secure and that they can reassure their clients about attendee data with the fact that they have passed a Veracode test, we also have to remember that GenieConnect might be the only event app provider that has tried or has even felt the need to take this particular test…Implying that our attendees data is going to be cracked open and shared with a bunch of Russian hackers, Nigerian money scammers, the Wolfman, Dracula, and your crazy cousin with the twitch that got arrested for identity theft is just not cool.

The truth about App Security is this.

  • Yes, it is important.
  • Yes, it is complicated.
  • Yes, you should ask your app provider about security.
  • Yes, you should do your homework on what they tell you.
  • Yes, you should have an insurance policy that covers a data breach.
  • Yes, All of the recognizable names in event apps take security seriously.
  • No, you shouldn’t panic.

Reality check people. Your attendee data is much more vulnerable from an idiot at the registration desk leaving spreadsheets carelessly tossed about or from some dufus leaving an unprotected laptop on a train, in a cab, or in a hotel lobby after they plow a few martinis drinking with the exhibitors.   

We as event planners cannot simply take the word of someone when they say that they are the best, they are the most secure, they are the top of the heap. Maybe they are, maybe they aren’t. If I am not mistaken, someone once said that the Titanic was unsinkable. We know how that turned out.

Do your homework. Protect yourself, protect your event, protect your attendees, and remember… Marketing speak is just that… Marketing.

We as an industry can do better than fear. 

Keith Johnston

Keith Johnston

Keith is the Managing Partner of i3 Events but is most widely known as the outspoken publisher of the event industry blog PlannerWire. In addition to co-hosting the Bullet List and Event Tech Pull Up Podcasts, he has been featured in Plan Your Meetings, Associations Now, Convene, Event Solutions, and has appeared on the cover of Midwest Meetings Magazine.

Yep. We use cookies. Just like everybody else. Cool? Click OK.