Trade fairs, conferences, travel: how to limit the risks of hacking
VivaTech, France Quantum, eurosatory, G7, major economic summits, AI conferences, investor forums: professional events now concentrate, in just a few days, what attackers are looking for most: qualified identities, connected terminals, sensitive data and strategic conversations.
The issue is no longer just technical, but organizational, behavioral and sometimes geopolitical. As technology fairs become showcases of sovereignty, artificial intelligence, cybersecurity, defense or quantum, they also attract actors whose objective is not to network, but to observe, collect, trap or prepare a delayed attack.
The event, a persistent blind spot in cybersecurity
In a living room, the usual landmarks disappear, the visitor leaves a controlled work environment to evolve in a temporary, dense, hybrid and highly connected space. Open Wi-Fi, QR codes, smart badges, event apps, charging stations, product demonstrations, file exchanges, LinkedIn invitations and post-event messages suddenly expand the attack surface.
The bias remains the same: the event is perceived as a social space, whereas it constitutes, from a cyber point of view, an unreliable environment by default.
This reality takes on a particular dimension in 2026. VivaTech explicitly highlights the themes of cybersecurity, defense, AI and critical technologies. France Quantum, for its part, is part of a moment where France is accelerating on quantum technologies and where ANSSI is preparing the transition to security products resistant to quantum attacks. Trade shows are no longer just places for demonstrations. They become strategic exhibition spaces.
Public Wi-Fi, the first point of exposure
The majority of risks start with a banal gesture: logging in. A trade show network, even an official one, remains an infrastructure that the visitor does not control. The danger does not necessarily arise from a sophisticated operation. This could be a fake network imitating the event name, an opportunistic interception, or a harvesting of active sessions.
The rule must be simple, favor mobile connection sharing, avoid any sensitive operation on a public network, deactivate automatic connection to known Wi-Fi, use a professional VPN when the connection is essential and check precisely the name of the network with the organizer.
In a VivaTech, France Quantum or Eurosatory context, a network called “official guest” should never be enough to create trust.
Personal terminals: the human factor remains central
The smartphone is often the participant’s real safe: emails, encrypted messaging, banking access, multi-factor authentication, confidential documents, investor contacts, agenda, meeting notes. Its compromise is sometimes worth more than that of a computer.
Before a major trip, best practices remain simple: update systems, reduce the number of installed applications, enable encryption, remote wipe and strong authentication, limit documents stored locally and avoid administrator accounts on devices used while traveling.
For exposed profiles, managers, journalists, funds, industrialists, quantum, AI or defense players, the use of a terminal dedicated to international exhibitions is no longer an excessive precaution. This is a risk reduction measure.
USB terminals, cables and charging: never plug in by reflex
In a dense environment, a discharged phone becomes a point of weakness. Public USB terminals and unknown cables should be avoided. The risk of compromise by recharging remains less frequent than phishing, but the operational rule is clear: do not plug a sensitive terminal into uncontrolled equipment.
An external battery, a personal charger and a cable without data transfer are enough to eliminate some of the risk.
QR codes, short links and physical media: industrialized social engineering
Professional events have made the QR code commonplace. Program, registration, contact, white paper download, access to a demo, participation in a competition: everything now requires a scan.
This convenience opens an ideal breeding ground for phishing. A QR code replaced on a stand, added to a poster or sent after a meeting can redirect to a fake Microsoft, LinkedIn, Google Workspace page or to a fake event portal.
The principle must be constant: check the URL before entering an identifier, avoid short non-contextualized links, never plug in a promotional USB key and download documents from official sites rather than from media provided on site.
Identities, badges and delayed exposure
A trade show exposes both people and machines. Badges, photos, speeches, LinkedIn publications, meeting announcements, selfies in front of the stands, lists of participants and press releases create usable material.
The attack does not always occur during the event. It often occurs afterwards, when attention fades: false message from an organizer, false investor invitation, false sharing of photos, request for a document, tricked commercial follow-up, usurpation of a contact met on site.
The reflexes to adopt are known: activate multi-factor authentication, limit accounts accessible from mobile devices, delete saved Wi-Fi networks upon return, monitor unusual connections and increase vigilance on emails received in the days that follow.
Open conversations and visible screens: the simplest escape
Event-driven cybersecurity is not limited to malware. It often begins with what is said, displayed or photographed.
In lounges, queues, taxis, hotel lobbies and press areas, discussions about a fundraising, an acquisition, an industrial partnership, a quantum prototype, a cloud architecture or an AI roadmap can be collected without technical intrusion.
A visible screen, a printed document, an open note, a very specific conversation or a function displayed on a badge are enough to reconstruct a context. In sensitive sectors, discretion is not a posture. This is a security measure.
Quantum, AI, defense: the most exposed profiles
Events dedicated to AI, quantum, semiconductors, the cloud, cybersecurity or defense attract particularly attractive players: deeptech startups, laboratories, manufacturers, specialized funds, administrations, major accounts and critical infrastructure suppliers.
The risk then goes beyond opportunistic cybercrime. It involves economic espionage, technological intelligence gathering and preparation for future attacks.
Quantum news reminds us that the threat is not limited to current systems. The so-called “collect now, decrypt later” logic transforms certain encrypted data into vulnerable long-term assets. In this context, specialized trade fairs are not just industrial showcases. They become privileged observation points.
A professional discipline
Business travel must now be treated as a specific cyber situation. Before the event, the data carried must be reduced. During the event, limit automatic connections and gestures. After the event, monitor for weak signals and clean temporary accesses.
Good posture is neither paranoia nor permanent hindrance. It comes down to one rule: behave as if in an unreliable environment by default.
