7.15 Address personnel safety and security concerns

7.15 Address personnel safety and security concerns

• Travel
• Security training and awareness
• Emergency management
• Duress

How do we keep our people safe while on the road?

• When our employees travel, there is always a risk that they might get attacked or robbed, especially in dangerous areas.  We should check the travel advisory for the region that an employee is travelling to.
  
  
• A business traveler might be a target, especially if it is known that they have access to sensitive information.
  
  
  • They might be subject to espionage if the business process is classified or valuable.  That means that their hotel room could be bugged, or their electronics could be compromised by malware.
    
    
• An executive of a large corporation might be required to travel via private jet and may be accompanied by a bodyguard.  Their trips will be planned well in advance.
  
  
• We should make sure that travellers don’t carry any sensitive data if possible.  If we can’t then they should at least make sure that the devices are encrypted.
  
  
• We should also make sure that all devices have malware protection.  We don’t want to leave our devices behind at hotel rooms or left unattended.  Somebody could come damage them or put malware on them
  
  
• We might give our employees temporary devices that they can take with them on the trip and then erase them when they get back.  That way, a device they took on the trip never connects back to the corporate network.
  
  
• Free Wi-Fi is not good.  People can capture the Wi-Fi data via a man in the middle attack.  We should make sure to bring our own Wi-Fi via a hotspot.  Many business laptops have built in cellular modems.
  
  
• We can use a VPN to connect back to the corporate network.
  
  
• We should consider putting GPS tracking on our employee’s phones, vehicles, and devices.  When an employee is travelling on behalf of the organization, we should always know where they are.
  
  
• We might provide self defence training to our employees.  Part of being safe is being aware of your surroundings.

A duress system alerts others when somebody needs help.  We might implement the duress system in an office, bank, airport, or other area where there is a risk of an attack.  Some examples of duress systems

• Code Word.  We might use a code word to let the security monitoring station know that things are good or that things are not good.  For example, if a robber has a gun to your head, and you need to summon help, you might not be able to tell them what is really going on. 
  
  For example, you might decide that the code word is “Mr. Jones”.  If you call the alarm company (or a coworkers) and tell them that you are looking for “Mr. Jones”, they will know that you are being robbed, and will summon help, but the robber won’t know.
  
  
• Panic Button.  A panic button is a small button that we can install under a desk.  They are common in retail stores, banks, and airports.  When you press the panic button, a silent alert is sent to the alarm monitoring station, which contacts the police.  An employee will press the panic button if they are being robbed.
  
  
• Panic Room.  A panic room is a secure room where employees can hide in the event of a robbery.  The panic room is designed with the following features
  
  
  • Bullet resistant material
    
    
  • Two-way voice and/or video communication
    
    
  • Door that can only be opened from the inside
    
    
  • Supply of oxygen and food