Whether you're using eContact, CMD, enterprise CRM, or the offline check-in tool to check in guests at your event, you must be cognizant of the very real physical security threats your guests and other persons may pose to your data and devices.
In summary, good operational security, maintaining control of your devices and separately controlling any passwords you're using and limiting other uses of your check-in network will help you optimize security on game day at your post.
To maintain control of your event, the integrity of your attendance statistics, and the privacy of your guests, we advise each post to:
- Securely transfer a final .json import file to your server using an approved and encrypted thumb drive or organizational cloud storage account. (eg. a Department-issued Google Drive, Box.com, or OneDrive account)
- Have someone physically attending to the devices throughout the event until they're broken down.
- In addition, maintain physical control of all devices used for event management and guest check-in
- Secure your laptop or a lockable iPad case/stand with a Kensington-style anti-theft lock.
- Use an app that activates an audible alarm if a phone or tablet is disconnected from power.
- Lock all devices when not in use, requiring a well-protected password to unlock. Fully shut them down and physically secure them rather than risk leaving them unattended: Even a laptop with full-disk encryption enabled offers little security benefit if left online or worse, unlocked.
- Use Ethernet or well-protected wireless networks (WPA2 at a minimum, possibly with a hidden SSID or limited 5Ghz-only spectrum) w/well-protected passwords limited in use to only the check-in devices.
- In many cases, this is done on an airwalled network disconnected from the Internet, but we'd focus more on limiting who is using the network: If you have access to a well controlled, government-owned wifi network at your site, great. If you're considering using a 3rd party event host's wireless network, we'd advise you to bring your own wireless access point and and run this on a more private network.
- Avoid leaving connection instructions where they'll be visible to your guests:
- Client devices: Use full-screen mode on your browser or on signage visible to your guests.
- Server: Avoid having the information below shown on screen unless you're actively connecting a client device. Leave the actual check-in interface in the foreground or lock the server when not in use.