Safety and Security at Conventions and Exhibitions

A Comprehensive, Well-Communicated Risk-Assessment Plan Makes All the Difference

By Christine Loomis

Guangzhou Airport

Guangzhou Airport

Large conventions, whether in the United States or abroad, can complicate safety and security programs. These days, one of the biggest fears for attendees and organizers is that a convention, especially one on foreign soil, might attract terrorist activity. Yet the likelihood of that is negligible.

There are, however, a host of potential problems that do pose more realistic threats.

“While one might immediately think terrorism is the primary concern for large conventions, in reality the likelihood that a terrorist incident will take place is minimal,” says Joan Morgan, director, analytic personnel at Annapolis-based iJet International, which provides integrated risk-management solutions to help multinational organizations operate safely in global locations. “Other concerns that should be taken into consideration, depending on the location and theme of the convention, might be protests outside of the venue, a fire, power outage or petty crime at the venue or on the street.”

“It is worth considering the subject of the convention and those issues being addressed by keynote speakers. Is there anything on the program that is contentious, that may draw unwelcome attention?” 

— Saul Shanagher

Attendees also may face identity theft or cyber hacking, become ill or be involved in a car accident, all issues compounded in a foreign destination. There might be political instability in the area, or even a natural disaster.

While such risks may make attendees hesitant to take part in a large convention, the truth is that thousands of conventions take place every year across the globe without major incident. And there’s something even more important: Almost all potential problems can be mitigated, maybe even eliminated, in one critical step: developing a comprehensive security and safety plan. Thankfully, many convention centers already have one in place, and most organizations and industry leaders are well aware of what must be done.

Event & Traveler Safety

“We’re facing a new normal in the travel industry, and the challenges of this new normal carry over to conventions, conferences and business events,” says Deborah Sexton, president and CEO of the Professional Convention Management Association (PCMA). “Regardless of where a convention is being hosted, organizers are facing the reality that bringing people together in public spaces can elevate risks. As an industry, we must work together to address these concerns. Hoteliers, convention centers, shuttle bus companies, convention organizers and more — we all need to collaborate to make sure we are using appropriate onsite security measures to keep our attendees safe. When necessary, we should also consider enhanced measures such as metal detectors, K-9 patrol units, baggage limitations, additional personnel and more.

“In addition to the physical safety of attendees,” Sexton adds, “convention organizers must place an emphasis on cyber security to protect data. Large events with open Wi-Fi networks represent easy targets for hackers and online criminals, and all organizers must do everything possible to prevent confidential information from falling into malicious hands.”

Like others, Sexton notes that specific factors influence the protocols to put in place. “At PCMA, we recommend using a number of factors to evaluate an event to determine the level of risk including the number of attendees, the type of attendees, the host destination, the kind of material being discussed, the size of the venue and a range of other pieces of information. When it comes to our events, we are constantly in contact with the teams at our host venues and in our host cities to make sure that everyone understands our risk management procedures and make any updates necessary based on a comprehensive risk assessment.”

Communication is Key

Phelps R. Hope, CMP, senior vice president of meetings and expositions for Kellen Company, an association management company with offices and representation in the United States, Europe, China, the Middle East, India and Southeast Asia, says communication is key. In addition to providing pre-conference information and advice related to personal safety, travel, local foods and more, he says, “We provide basic information such as registering at the local U.S. Embassy, which then keeps attendees apprised of safety conditions while also providing a communications channel in case of emergency.” He adds, “We ensure that we have access to attendees while onsite at the convention in the event of an emergency.”

Also emphasizing communication, Morgan says, “Attendees should be advised to avoid crowds, heed all instructions from authorities and practice good situational awareness at all times.”

Details of the security plan should be clearly communicated to attendees as well. “A security lead for the convention should be appointed,” Morgan says. “All attendees should know who that individual is. The security lead should have a prearranged communication plan with attendees in the event of an emergency. Attendees should program an emergency contact number into their phone and understand in advance when and under what circumstances they should do a safety check-in with their company’s security lead for the convention. A buddy system could also be used to have attendees check on each other in the event of an emergency.”

While it’s hard to anticipate all potential security hazards at a large gathering, Morgan says, “Knowing in advance who to contact will ease apprehension and minimize panic should an incident occur.”

Saul Shanagher, former officer in the British Army and director at beTravelwise, a United Kingdom-based company that provides a range of training courses to aid professional organizations with their travel risk-management programs, says any approach to risk for conventions has two elements to address: event security and attendee/traveler safety.

In terms of the event, location is a factor. “Is the convention in a higher-risk destination? Normally conventions are held in locations that are international business centers and should be relatively safe,” Shanagher says. “Even in slightly higher risk locations, conventions are usually an important part of the local economy, and the security services will be keen to ensure that they go without a hitch and that their reputation remains intact.”

A bit trickier are conference and speaker themes, and changing situations. “Prior to November 2015, Western European cities were considered low risk,” Shanagher notes. “While this risk has not significantly changed, there is a perception that an attack may be more likely. It is worth considering the subject of the convention and those issues being addressed by keynote speakers. Is there anything on the program that is contentious, that may draw unwelcome attention? Normally in developed countries, security will be increased to counter this likelihood, and if an at-risk person is speaking, their security detail will be enhanced for the event.”

Then there’s the convention center itself. “Most modern convention centers have excellent security,” Shanagher says. “CCTV, guards, access control (badging and checks) all keep the center, stands (many stands costs huge sums of money and are well secured) and people safe. Generally, conventions will have a good level of security.”

Organizers, he adds, should conduct their own risk assessment and put measures in place for any perceived weaknesses in the plan. “If you are concerned,” he adds, “speak to (the security team) and ask them to put your mind at ease over any issues or worries you have.”

Attendee and employee safety are equally important, and communication plays a major role in this arena.

“As for any international business trip,” Shanagher says, “travel risk-management policies and processes should ensure that all delegates and employees are kept safe.” He recommends that association managers do the following:

Brief or train attendees about the location and risks they might face. If there is a threat to the convention, they should be aware of this, and budget should be set aside to increase the support they receive on the ground — if it is essential they attend.

Educate attendees to keep a low profile. Because petty crime is often the greatest risk attendees face, not associating themselves with the convention outside of the convention center can help reduce that risk. Attendees should remove badges outside the convention center and avoid displaying convention bags or materials so they don’t draw unnecessary attention to themselves. They should also use taxis where appropriate to reduce time spent in public.

Advise attendees to modify personal behavior as necessary. This may include spending less time with large convention groups as well as controlling alcohol consumption. “There are often many drinks at receptions, and alcohol should be taken in moderation,” Shanagher says. “It is preferable that one member of the group remain sober so he or she can make sensible and safe decisions for the group.”

Ultimately, he adds, the background risks at the destination are more likely to affect attendees than risks associated with the convention itself. “Health, security and travel risks should all be identified, and the travel risk-management program should put measures in place to address these. Attendees will therefore be better prepared and protected, minimizing any risk associated with the convention through greater awareness and confidence.”

Cyber Security & Identity Theft Protection

According to Javelin, a research-based consulting firm with offices in the United States and abroad, 13.1 million people were victims of identity fraud in 2015, and fraudster criminals got away with approximately $15 billion. That means that in about three minutes, identity thieves can steal enough to pay for the average mortgage for two years, groceries for the average family for eight years and college fees for one year.

Here and abroad, cyber security and protection against identity theft are major concerns. Unfortunately, large conventions provide an opportunistic setting for hackers and thieves.

Paige Schaffer, president and COO of the identity and digital protection services global unit at NYC-based Generali Global Assistance (GGA), which provides comprehensive identity theft services including a $1 million policy for reimbursement of expenses through global insurance giant Generali Group, says there are many reasons convention delegates are particularly at risk.

“Most convention attendees are out-of-towners and, as such, their risk of becoming a victim of identity theft rises along with their chance of having personally identifiable information (PII) compromised,” Schaffer says. “Not only is one in 10 travelers affected by identity theft, but twice that number of people — one in five — have had sensitive information lost or stolen while traveling, according to the 2015 Experian Summer Travel and Budgeting Survey Report.”

Schaffer says the latter statistic is one that should be especially concerning to association managers organizing conventions and conferences because of the increased sharing of information that occurs at them.

“Throughout the event, attendees are constantly exchanging information with each other via business cards and scanner devices, as well as with convention and facility organizers,” she says. “The data shared typically includes details we consider less sensitive, such as phone numbers, email addresses, names, dietary preferences and other information that may not be sufficient enough to be used to steal one’s identity, but could be used in personalized, very-convincing phishing attacks aimed at extracting more sensitive data from individuals — also known as spearphishing.”

All that information is being grouped together by attendees and/or convention organizers, making the convention an attractive place for identity thieves and cyber hackers. “They may set up a predatory Wi-Fi network, attempt to steal data from Bluetooth-enabled devices such as Fitbits, pose as attendees and collect business cards or even pickpocket convention-goers to get information,” Schaffer says.

And conventions attract large enough groups to give thieves a statistically high chance of being successful at committing a spearphishing scam. “With spearphishing accounting for 91 percent of hacker attacks,” Schaffer points out, “attendees and convention organizers alike should be concerned about this risk.”

A big problem, of course, is that networking and sharing information is a primary reason for attending conventions in the first place. The challenge for both attendees and organizers, Schaffer says, “is being able to exchange information with other industry professionals and focus on the quality content of the show without worrying about having their PII or identity compromised.”

To that end, she encourages convention and association managers to:

  • Offer free, secure Wi-Fi to ensure attendees don’t try to connect to alternative free networks that may not be secure. Make clear which network is the secure one offered by the hosting organization, as criminals have been known to use convincing network names.
  • Recommend attendees isolate IoT (Internet of Things) devices to protected, known networks.
  • Encourage attendees to share their information only with those they want as a business connection and share only as much information as they have to.
  • Inform attendees about the increased risk of identity theft while traveling and share the following tips with them on how to mitigate that risk while on the road.
  • Before traveling, consider deleting sensitive apps, such as banking apps, social networks, etc. These are easy to reinstall when you get home.
  • Log out of all apps after you’re done. As with some websites, many apps keep you logged in by default (Facebook, Twitter and LinkedIn) even after you close your browser or turn off your device, giving thieves easy access to your closest friends and other personal information.
  • Remain wary of suspicious emails and websites. Studies indicate people are more likely to click on malware links on their cell phone than on their computer.
  • Be aware of your surroundings. If you do use your mobile device in a public area, pay attention to people around you; take precautions to ensure that no one can see you type passwords or sensitive information on your screen.
  • Turn on your phone’s GPS locator and “wipe” function (if available). Many phones have a setting you can turn on that helps locate the phone via GPS if it’s stolen. The “wipe” feature lets you wipe your data clean if it’s stolen.
  • Back up files. It’s bad enough when your device is stolen; don’t lose personal pictures or videos as well. Make a backup of important information and store it in a secure location.
  • Properly dispose of all trip confirmation emails and boarding passes. This means shredding them before tossing them into the recycling bin.
  • Consider offering identity protection to your association members as an added benefit. It’s a great way to build loyalty by demonstrating your commitment to members and to differentiate yourself from competing associations.

Concern about identity theft, especially at large conventions, is well founded. The question is how to deal with it. “Associations can either be ahead of that trend or behind it,” Schaffer says. “I encourage all forward-thinking ones to be ahead of the curve.” AC&F