Ant-Corruption Chpt 4.9 Privacy/data breaches

This section explores the new cyberfraud, privacy issues with databases of attendees and more. For example

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) with many other agencies has published a manual on how to reduce expose to cybercrime.

These are applicable to event organisations. More detail is found on their website and manual. In outline the recommendations include:

1) Keep software updated on user devices and IT infrastructure.

2) Implement phishing-resistant multifactor authentication (MFA).

3) Audit accounts and disable unused and unnecessary accounts.

4) Disable user accounts and access to organizational resources for departing staff.

5) Apply the Principle of Least Privilege..

6) Exercise due diligence when selecting vendors, including cloud service providers (CSP) and managed service provider (MSPs).

7) Review contractual relationships with all service providers, prioritizing providers of critical services first.

8) Manage architecture risks by  auditing and reviewing connections and using a dedicated VPN.

9) Implement basic cybersecurity training.

10) Develop and exercise incident response and recovery.

One thought on “Ant-Corruption Chpt 4.9 Privacy/data breaches

  1. Bill

    Let me know if you find any press reports or know of ones yourself about cybercrime and events. Forewarned is forearmed!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *