Business travel threats are dynamic: they’re neither constant nor consistent. They change for many reasons, and when a threat is unidentified or the capabilities of the threat expand, they’re often referred to as emerging threats. How to identify and manage them is the difference between strategic safety planning and hopeful complacency.
Threats can affect travelers, their plans and business objectives. Security professionals cannot alter or eliminate threats. But since vulnerable targets, such as business travelers, are attractive to threats, security teams can reduce the vulnerabilities of the traveling workforce by mitigating their vulnerabilities with specific procedures, behavior modification and training that specifically addresses the threat.
By understanding the characteristics of a threat, a security planner can lessen their assets’ exposure to the threat, lowering the risk associated with it. Security professionals quantify the level of risk, and the organization’s leadership selects a specific level of risk tolerance.
Take this common example: a city may have bad roads with no streetlights. This makes driving at night a threat and creates a higher level of risk. The threat is clearly identified — unlit roads. The vulnerability is limited vision. The convergence of a roadway threat and a vulnerable, vision-impaired traveler creates a higher level of risk. A policy of no night driving does not eliminate the threat, but rather mitigates the vulnerability of not being able to see while driving, thus lowering the overall risk.
Willingness to adapt
During my time in U.S. Special Operations, I was a key leader for the protection detail for the Interim Prime Minister of Iraq when I learned of an emerging threat. We had access to nearly endless resources and support from the United States and coalition conventional units to lock down streets, control the environment and shut down communications abilities that potential attackers could use. The strategy deterred the threat because it significantly lessened the likelihood of an attack succeeding.
Leaders in corporate security have limited resources available and must be creative in developing methods to deter emerging threats. For example, shortly after retiring from the Navy SEALs, I became a Field Security Manager for several oil production facilities in a Middle Eastern country rapidly approaching failed–state status. There were warring tribes affecting our production efforts. One of the facilities was under threat of tribal artillery fire, which would damage the facility and potentially injure or kill personnel. I recommended an evacuation out of the line of fire — a response from military risk management procedures.
The production facility’s leadership explained that evacuating was not optimal because of an extreme loss of productivity. They challenged me to find another solution, which I did by negotiating with one of the tribes to use an alternate staging area that put the facility and its personnel out of any potential line of fire.
The lesson? Unknown, new or emerging threats may result in a security plan with an inappropriate safety and productivity balance. That means a reactive response to an emerging threat may cause security to overwhelm and eliminate productivity.
If an organization wants to reduce the likelihood of being affected by an emerging threat, then its leadership must buy into the fact that security will enhance, not damage, business capability in regions where competitors may not have the appetite nor the capacity to do business. Security leadership has an equal responsibility to understand that their purpose is to find measures that balance security with productivity.
Here are some essential steps to take while mitigating risk and responding to incidents in business travel:
1. Intelligence gathering
Accurate intelligence throughout the planning and execution of a security strategy ensures teams are using critical decision-making information while attempting to effectively balance productivity and safety. Intelligence includes prior experience in the region, the political situation, infrastructure, culture, law enforcement capabilities, accommodations, transportation and health considerations.
When intelligence is collected and the noise is sorted from the signal, it can then be combined effectively with the business objectives of the organization and adjusted accordingly as threats are identified, change or emerge.
2. Recognize and report suspicious surveillance
While the gravity of an emerging threat may not be defined, how the threat is recognized — such as phishing attempts, oddly specific queries from strangers or repeated loitering by unknown individuals — can be identified and included in reporting for later analysis.
The most successful security strategies converge all security efforts in one plan, as there are often physical threats to cyber assets and cyber threats to physical and personnel assets. An isolated or detached physical security department may unknowingly use a messaging platform or VPN for travelers inconsistent or incompatible with the organization’s cybersecurity policies and procedures. There may also be information assurance protocols that conflict with physical security strategies such as access control and traveler check-in procedures.
3. Communications, SOPs and local networks
The foundation of any security plan is communication. It’s critical to have redundant methods of communication with travelers for any emerging threat avoidance. Various forms of electronic communication include SMS, mobile phone, satellite communication, messaging apps and emails. Additionally, travelers should have a printed copy of all significant phone numbers and email addresses in case of lost, damaged or powerless devices.
The security strategy should have guidelines to mitigate multiple vulnerabilities and keep varying threat levels at bay. These protocols can include using a dedicated car service instead of self-driving while in foreign countries and staying at hotels with adequate security infrastructure. Establishing group messaging ensures all persons receive the same information consistently and device tracking capability when risk or travel time is elevated. Always inform leadership of itinerary adjustments and changes in the daily agenda. These behaviors make dealing with an unexpected threat easier.
One of the critical elements for protecting business travelers while abroad is developing and cultivating a local relationship network that can support the security workforce during a developing crisis or even assist with basic requirements. These relationships start with a connection between the organization and the representative for commerce at the embassy or consulate, as well as key people in the hosting organization. Maintaining these relationships can prevent minor inconveniences from escalating into an emergency or crisis.
The most effective way to handle an emerging threat during business travel would be to have a solid plan for the well-identified threats and adjust that plan accordingly if developments arise. Adjustments in real time may mean finding another way to the objective until the overall effort overwhelms the business objective. Are real-time adjustments realistic? Yes... if the organization has an established plan that includes clear and practical guidelines across a larger spectrum of threat capabilities.