Since 9/11, the general notion of meeting and event security has evolved from acute concerns about a terrorist attack to much more practical and likely threats, such as hackers stealing sensitive company information or an employee dying during the meeting.

However, even though the focus has shifted to more likely eventualities, the underlying concern remains the same — legal liability of some sort and a hefty related expense if anything goes wrong.

The bottom line on meeting and event security: “Having meetings that are secure, both physically and electronically, is a topic that is the most important one there is today for many companies,” says Gregorio Palomino, CDMP, CEP, CWP, CRE8IVE executive officer of San Antonio, TX-based CRE8AD8 Event & Travel Management, which operates 19 offices around the world.

That said, however, Alan Brill, senior managing director at global security consulting firm Kroll in Secaucus, NJ, notes that in the meeting industry, not enough attention is paid to event security.

“The most significant risk is really a planner or executive at the company who simply doesn’t realize there is a risk,” he says. “For example, on the airplane on the way to the meeting, they can be reading about a hacking attack or a malware attack on a company. But when they get to the meeting destination, that awareness seems to leave their mind because they’re focused on the meeting itself. So they do things that if they thought about them, they’d realize they’re not such a hot idea.”

And that inattention to risk applies to both meeting planners and attendees, Brill says.

He says, for example, both planners and attendees often use an unsecured wireless Internet connection in the hotel or venue. “And they don’t see the sign or the message that says, ‘This is not a secure network,’ ” Brill says. “And that means someone can eavesdrop on what you’re doing. But that seems to not register with an awful lot of people.”

A related reality is that meeting planners and attendees do not often think of themselves as a potential target. “They say, ‘Who would target me? What do I have that’s worth targeting?’ ” Brill says. “And those people are forgetting how valuable and in demand intellectual property is these days. They also tend to forget that their financial information or information about their customers is online — and vulnerable to the kinds of malware attacks we’ve seen recently.”

The Big Threat — Onsite Activity

Despite obvious concerns in some quarters about external threats, the real threat, in a day-to-day practical sense, comes from what could happen onsite during the meeting, says Eric Clay, complex director of security at Walt Disney World Swan & Dolphin Resort in Orlando.

“That is definitely a major concern now for every group that comes in,” Clay says. “And because of that, they want to know exactly how things are going to be handled in the case of any kind of emergency.”

Therefore, advance preparation is now a key consideration. “For large groups, we now have meetings months in advance to go over details of the meeting,” Clay says. “And we work very closely with the meeting planners and our security team to try to go over a very comprehensive plan of exactly how we would respond to each individual kind of situation. We work hard to make sure everyone is on the same page and in agreement about how things will be handled.”

A key current area of concern for meeting planners and company executives is a hotel’s local emergency response capabilities. “For example,” Clay says, “they want to know what sort of medical facilities are in the area and what sort of medical care we can provide for our guests.”

The reason: that kind of emergency is the one most likely to happen during a meeting or event.

For example, an attendee has a heart attack or suffers a fall or some other kind of injury or infirmity onsite.

“And recently, we’ve seen that question asked so much that we’ve actually hired a couple of EMTs (emergency medical technicians) to work on-property,” Clay says. “That’s important now, because large groups generally want a dedicated EMT.”

Swan & Dolphin charges a fee to assign an EMT exclusively to a particular group.

“Additionally,” Clay says, “all of our security officers have received basic first aid training so that they can render aid until paramedics or an EMT is available.”

Another concern commonly cited by planners is the response time of the local fire department. “And that response time is very quick,” Clay says. “Generally, they can be on-property within about three minutes, because we’re very close to their facilities.”

Planners also ask about the proximity of local hospitals. “We now have a sheet that we provide to groups that shows the closest hospitals, trauma centers and pharmacies,” Clay says. “We also provide turn-by-turn directions on how to get there in an emergency and phone numbers so they can call ahead.”

Evacuation Plans

Another hot topic of current concern is emergency procedures in the event of an onsite disaster, such as a fire, Clay says. “A few years back, we didn’t get a lot of questions about that, but now people are really concerned about things like evacuation abilities and staging areas in case of some sort of disaster,” Clay says. “People now ask about our ability to respond to a range of emergencies that could happen on-property.”

Specifically, he says he gets a lot of requests for details of the resort’s emergency evacuation plan.

One major concern that is relatively recent, but understandable given blaring media headlines over the last few years, is the possibility of an onsite active shooter.

“The possibility of there being an active shooter on-property is a hot topic right now,” Clay says. “So we get asked how we would respond to that — what our exact procedures are.”

Swan & Dolphin has a specific plan in place that is drilled quarterly, Clay says, noting that many other major meeting properties have similar plans in place now.

“We also work very closely with our local emergency response personnel, from the sheriff’s office and the fire department, to regularly review the plan, including reviews of physical layouts of the property so that they are familiar with it,” Clay says. “And that includes walking the property to see where the places are where something could happen.”

Although concerns about things like a shooter or a fire prompt a lot of questions from planners these days, the more immediate concern — and the one that needs an equal amount of attention — is internal considerations within the meeting group.

Full Disclosure

“Trust is a big part of the process,” Clay says. “That means the planner has to be prepared to sit down and go over with us everything they think could possibly happen at the meeting that could require some kind of emergency response.”

For example, he says, “Does the group include attendees with a heart condition or someone who suffered a heart attack in the recent past? Do you have any disgruntled former employees who have made any kind of threat against the company? Has the company received any external threats and if so, from where and from whom?”

When those kinds of questions are addressed, Clay says, “there is sometimes something we learn that could occur, whether that’s a medical condition or some kind of threat. The point is that we need to know everything that the planner knows about the kinds of things they might encounter during the meeting.”

It’s only with such complete disclosure and knowledge, Clay says, that a full spectrum of protections can be properly put in place.

Meeting and Event Security Threats From Within

Palomino points out that in reality, the most likely threats to a group originate from within the attendee population, rather than from the outside.

Therefore, at a large meeting open to third-party attendees, every registrant must be fully vetted. “You have to make sure you know who everyone is at your meeting and that they belong there,” Palomino says. “You need to verify identities and also understand exactly why people are at the meeting.”

“You have to make sure you know who everyone is at your meeting and that they belong there. You need to verify identities and also understand exactly why people are at the meeting.” — Gregorio Palomino

A related threat is a disgruntled employee who is planning to leave the company after the meeting — and who is planning to take very valuable information with them to inflate their market value. “And it’s hard to know who those people are,” Palomino says.

Best practices for onsite security under such circumstances “start at the curb,” Palomino says. “You really need to make sure that the only people pulling up to the curb are people that belong at the meeting. And at that point, people who know who the attendees are must be checking badges to make sure everyone showing up is a legitimate attendee. And you have to have people identifying and challenging anyone suspicious before they ever get into the hotel or venue.”

And because of the importance of doing that properly — outside the meeting rather than inside — “it’s extremely important that you have the meeting or event planner out there as the first touch point,” Palomino says. “You don’t want to be using a personnel firm at $10 or $15 an hour to clear people into the meeting, because they don’t know your people, and they don’t know what to look for. You have to have people there that know each and every attendee and can identify them.”

Once an attendee is inside the venue, identities need to be checked and confirmed again when they check in. “And there are a lot of meetings these days where that is not done properly,” Palomino says. “They just pretty much have open doors and just about anyone can walk in if you’re not careful. And the bigger the meeting, the more true that is.”

Data Theft

The vulnerability of sensitive data or intellectual property to theft is a primary concern. And given all the headlines lately about data breaches at major U.S. companies, the concern is growing.

“If you’re using wireless Internet technology at your meeting in a hotel — and virtually all meetings do that now — it’s very important that the information you’re sharing does not leave the room,” Palomino says. “And maintaining optimal security today involves an expense. I wish I could say that meeting planners could just walk into a typical hotel and use their free Wi-Fi for their meeting. But it’s not that way anymore. These days, security breaches happen all the time. So as a meeting planner, you have to be extremely mindful of that and be prepared.”

And the most severe threat today is not from hackers, Palomino says. “It’s from well-organized corporate espionage — criminal organizations,” he says. “The reason is a hacker does not know what he’s looking for. A criminal organization that does corporate espionage knows exactly what it’s looking for, such as IP data on your new product or details of the business strategy you’re presenting at the meeting. That’s the kind of information that is really valuable.”

The more sensitive — and therefore more valuable — the information being disseminated at the meeting, the greater the threat, Palomino says. That’s because industrial espionage has become a very lucrative global enterprise. “So you have to be extremely careful today,” Palomino says.

And no vulnerability is greater than that of unprotected wireless Internet service, Brill says.

Unfortunately, he adds, he does not think the average meeting planner or attendee understands the vulnerability of a public Wi-Fi network. “The reason is they just don’t think in those terms,” Brill says. “They’re used to being connected at the office and at home and they’re used to having Internet access 24/7. So when they go into a different environment, they’re now vulnerable, but they never think about that.”

And now that more and more major flag hotels are introducing free Wi-Fi throughout the property as a selling tool, the threat is being further exacerbated.

The good news is that protection via the use of VPN (virtual private network) technology is also now readily available and inexpensive, Brill says. And all meeting planners should implement VPN security as a standard practice for all meetings and events, Brill adds.

He also advises that if valuable intellectual property or other sensitive data is being discussed at the meeting, it should never be stored on a laptop or smartphone.

“In fact, you shouldn’t store data on any kind of machine anymore. Keep it on some kind of external device, such as a thumb drive or other kind of secure memory chip.” — Alan Brill

“In fact, you shouldn’t store data on any kind of machine anymore,” Brill says. “Keep it on some kind of external device, such as a thumb drive or other kind of secure memory chip.”

State-of-the-art protection at the moment, Brill says, is a USB drive mini-computer that stores data and uses a laptop only as a monitor, without transferring the data or storing it on the laptop.

The International Situation

To the extent that genuine external physical threats exist today, they are largely limited to overseas destinations, particularly in places such as Ukraine and Venezuela, where violent political upheavals could have created severe problems for a meeting group that happened by coincidence to be there when the trouble started.

“That’s the issue that currently keeps me awake at night, because for an overseas meeting, when my attendees are landing, I’m sleeping,” Palomino says, adding that international arrivals and departures are now the greatest concern. “And the way the world is going, I think international security is going to become more and more of a concern.”

A specific and very real concern internationally is the kidnapping of executives for ransom, which companies have been known to pay and then keep the incident quiet.

Palomino cited the example of a CEO kidnapped overseas not long ago. And the company paid a ransom in the millions. “And nobody ever heard anything about it,” Palomino says.

“The company kept it quiet. And that is not that uncommon anymore.”

As a result of this type of threat, companies now often provide expensive around-the-clock bodyguard protection for top executives at international meetings, unless they want to roll the dice on an even more expensive problem, Palomino says.

In a broader sense, Clay says, companies today must address meeting security with end-to-end attention to the most specific details of the most realistic security concerns and ensure the ability to respond immediately to any eventuality.

“We call it concierge-level security, where we are prepared to deal with anything that could happen,” Clay says. “And as a venue, we have to be constantly in contact with planners to let them know that we are prepared and that everything will go smoothly during their event, no matter what happens.” C&IT