A recent report from International SOS and Control Risks estimates that the demand for travel security advice has increased by 800 percent in the past decade. Considering the age of globalization that we live in, this isn’t surprising, but it also speaks to how imperative it is that enterprises put their money where their mouths are when it comes to keeping their most valuable assets – their people – safe. Here are some of the crucial elements of successful travel security programs.
They Make the Standard of Care Distinction
While duty of care is supremely important to any travel security program, what you might not realize is that you also need to consider the standard of care. Basically, this refers to what other companies in your industry with similar risk profiles and similar characteristics are doing to protect their people. “Often, companies tend to look past the standard of care, which is largely often determined through litigation, unfortunately,” says Wesley Bull, CEO of Sentinel Resource Group and a former chief security officer. “Everybody overwhelmingly understands this notion of duty of care around travel risk, but the standard of care is a really important distinction to look at.”
Getting an independent baseline assessment can help you meet that standard of care by identifying any gaps in your program based on factors like your industry, your company’s risk profile, where your workforce is traveling, and how high profile your executives are, says Bull. If you do decide to engage an independent consultant to assess and audit your program, make sure the company you hire doesn’t also provide executive protection. “There are provisions under the IRS code that allow a company to write off their executive protection expenses as a business cost because it’s germane, but one of the key requirements for that is the company must have an independent party come and assess that risk and, very importantly, that company can’t be an executive protection company because it’s a conflict of interest,” Bull says.
They Don’t Forget About Cybersecurity
One aspect of travel security that many enterprise programs and those in the executive protection space may pay less attention to than they should is cybersecurity. It’s a gap Bull sees frequently enough that he’s included it in Sentinel Resource Group’s model for training development, along with foreign counterintelligence. “We don’t use our intelligence community in the United States to steal secrets to advance our commercial interests. However, many of the countries that we are well engaged in with respect to commerce absolutely do use their intelligence services to commit corporate espionage,” says Bull. Cybersecurity is not just about knowing where your phone is; it’s entirely possible that when traveling, “foreign agents for intelligence services in that country will get access to the executive’s hotel room and actually image their laptop while the person’s away at dinner,” Bull says.
Greg Threatt, head of personal protection at Threatt Protection Services and a personal protection specialist, says he has been addressing cybersecurity risks for the last five years, though he, too, sees it as a threat that doesn’t get the focus it deserves. “One of the first things that I implemented in my security plan was that everyone uses a virtual protection network, a VPN,” says Threatt. He has clients buy and use a strong VPN the entire time they’re out of the country.
Threatt also has clients use clean phones when going to a country with a higher threat. “A clean phone for that particular country also has some apps that you wouldn’t find in the United States, and they’re helpful for that area, as well as minimizing future risks if your phone gets lost or stolen,” Threatt says. In cases where you’re using your own phone, he advises that you always have it on your person, where you can actually touch and see it “because any time you don’t have eyes on that phone, it’s vulnerable to being stolen, cloned, lost, or broken.”
One potential issue Threatt has run into is open Wi-Fi networks that are named similarly to hotels or businesses. An example he gives is staying at a Holiday Inn in Greece where you connect to the Wi-Fi named “Holiday Inn.” Unfortunately, that’s not the name of the hotel’s Wi-Fi, and you’ve instead logged into the Wi-Fi of some random man sitting across the room collecting people’s information. “It’s incredibly profitable in foreign countries,” he says. Threatt also recommends using encrypted messaging apps and covering the camera on your tablet, iPad and/or laptop. “They love to hack into your cameras,” he says. “The hackers are so far beyond what we hear about in the media, it’s laughable.”
They Have Ninja-Like Capabilities
Being prepared to deal with events that can become PR issues or even international incidents are all part of the ninja-like capabilities that folks in executive protection need to have these days, says Bull. “Advance work is the bread and butter of any executive protection program,” says Steven Keller, executive protection specialist at Gavin de Becker and Associates. “It’s that proactive intelligence that can make or break a trip. There’s a lot of planning to make the trip as smooth and seamless as possible.” Implementing a variety of communication methods, understanding client personality profiles and preferences, being familiar with country-specific security threats, planning multiple routes to destinations, creating backup plans, and being prepared for medical emergencies are just some of the many details executive protection specialists take care of behind the scenes to ensure their clients’ peace of mind and that business can be conducted as usual.
They Use Security-Trained Drivers
Considering that up to 85 percent of attacks on principals happen in or around a vehicle, having a security-trained driver is paramount to a successful executive protection program, says Threatt. “It’s a zone of predictability,” he says. “The majority of people on the road stop using their vehicle in a behind-the-wheel emergency at 40 percent of that car’s capability. Most security drivers are trained up to 80 percent of a car’s capability. The vehicles are essential to what we do and because of their importance, the operators need to have the training to react in situations.” Untrained drivers can end up costing principals time, money, and potential PR nightmares.
They Make Executives More Efficient
One good way to sell the value of executive protection is to show the C-suite how much more efficient it can make executives. “We do what we can to expedite their entry from point A to point B, so we’re allowing them to focus on what matters,” says Craig Dischinger, corporate security professional. “We’re saving the company and the shareholders a lot of money because some of the CEOs that have protection teams are making thousands of dollars a minute. Every minute you can save those individuals, the better the company can function.”
“In corporate environments, we need to get our clients to understand how we contribute to the bottom line, because historically, security is that one thing that you have to have, that necessary evil that doesn’t really help the company, but nine times out of 10, it’s the first thing to go when they get into financial trouble,” says Threatt. “We contribute to the bottom line by making sure that everything is running smoothly. We increase their mobility and their effectiveness.” It’s not just safety and security; it’s taking care of personal needs before the client even gets there, like checking into the hotel and having cars and trained drivers ready.
They’re Proactive and Reactive
“Cheap is expensive in this space,” notes Bull. “It is remarkable to me that despite the fact that we can largely quantify the costs to proactively mitigate risk versus what a reactive posture looks like, in the course of a travel security program people get dismissive of certain things. On the reactive side, if you haven’t done your heavy lifting on the proactive piece first, the cost component can be exponentially larger.”
When it comes to cybersecurity, for instance, it’s not just about becoming a victim of a data breach – you can lose much more. “The travel risk might not be somebody getting hurt or kidnapped or mugged. It might be that the brand new designs you’ve just spent $50 million in research and development on just got leaked to some foreign national during a business trip and now your intellectual property is compromised and now you’ve got a brand and reputation impact and maybe even a stock impact because a foreign adversary is able to advance technology more quickly into the marketplace ahead of you now,” Bull says. “A good program is going to be both proactive and reactive.”
Challenges
Travel security and executive protection come with their own set of challenges. A gap Bull has noticed in executive protection training is in fire protection. “The problem is these programs don’t really teach in detail how to actually assess fire protection infrastructure, even though there’s an exponentially larger probability that the principal will be involved in either a fire or a car accident during their travels,” he says.
Establishing trust and helping clients or the C-suite understand the value of executive protection is another hurdle, says Dischinger. “It’s an insurance policy to make sure that you’re doing everything you can to protect the shareholder value,” he says. “At the end of the day, that’s why executive protection exists. If something happens to the position in that organization, you can see a dip in the shareholder’s value for days. Sometimes it can make a company crumble.”
“Executive protection can be very expensive. Companies don’t want to spend that kind of money because they’re accountable to shareholders if they’re publicly traded, so they’re trying to maximize that revenue,” says Keller. “Putting all of this money into executive protection doesn’t really look good. But conversely, if something happens to the CEO, that stock price is going to fall anyway, so it makes more sense to keep that CEO safe.”