Authored by: Nikki Desai (Associate Director, Security Consulting)
An effective travel risk program is a key tool in any company’s risk management effort. Travel risk programs provide end-to-end service for traveling employees, starting from when the employee’s trip is planned up until the employee’s safe return home.
The process typically begins with a risk assessment of the destination that evaluates potential risk factors such as political instability, crime activity, terrorism, cybersecurity threats, and health and safety standards. This assessment informs any appropriate protective measures that should be arranged for the traveler’s physical security and the protection of any potentially sensitive corporate data they will be traveling with.
While employees are abroad, the travel risk program provides overwatch with real-time monitoring of relevant locations. This monitoring generally includes informing the travelers of natural disasters, social unrest, mass casualty attacks, or other high-risk events that imminently impact those located within their same geographic area. With overwatch and employee alerting capabilities, a company is well poised to respond to ensure the safety and wellbeing of employees if something were to go wrong.
Five ways that a comprehensive corporate travel risk program mitigates risk:
- Provide peace of mind for travelers: Employees and executives traveling for work will rest easier knowing that their safety is a priority. Issuing pre-travel security briefs, providing security staff to accompany travelers to high-risk destinations, and establishing open communication channels for emergencies enable employees to feel prepared and secure.
- Fulfil duty of care: Travel risk programs help to fulfil duty of care obligations by providing employees with protection and security support commensurate with the risk of each destination.
- Protect sensitive corporate data: When employees travel, their company-issued devices containing intellectual property and sensitive corporate data are at elevated risk of compromise. Travelers may forget their phone in the airport or leave their laptop open and unlocked when sitting in a cafe. Depending on the destination, a foreign government or industry competitor may target the devices to collect corporate intelligence. A risk analysis of the destination will allow companies to take the appropriate preventative measures, such as sending the employee with a “clean” device that is not connected to the corporate network and only contains the limited data needed for that trip.
- Facilitate effective emergency response: If the worst happens, the last thing a company needs is to waste time scrambling to figure out what to do. Travel monitoring programs help companies identify emergencies as soon as possible, or even give advanced notice of extreme weather or other more predictable situations. Knowing where each employee is traveling, how to contact them, and having clear action plans for emergency scenarios facilitates a faster, coordinated response that saves precious time and utilizes resources effectively.
- Track data over time: Collecting travel data over time allows for long-term analysis of security incidents and other challenges, which will inform future travel decisions. Trend analysis also feeds into maintenance of travel security policies; reviewing and updating policies periodically helps to maximize risk management. Furthermore, if there is a security issue that occurs during a trip, data on the traveler, their itinerary, and the risk profile of the destination will be a valuable addition to the investigation.
Consider this scenario...
The CEO and CFO of a tech company are traveling to Paris, France for a major industry conference, where they will host a panel discussion of high-profile tech leaders. The conference will be highly covered by the media and their presence at the event has been publicly advertised.
The CEO and CFO have arranged for a driver to transport them between their hotel and the conference, but otherwise do not have any security personnel or preparations in place. As they approach the conference the first morning, they are stopped by a large crowd of protesters blocking the access road. The driver is unable to get to the building via the planned route; neither the executives nor the driver were expecting the protests and, as a result, did not plan an alternative route to a secondary entrance of the building. The driver ultimately must drop off the executives nearby, leaving them to walk through the protest in order to enter the conference.
Later that afternoon, the protests outside the building turn violent. The CEO and CFO are stranded inside the building and are unsure of how to safely leave and return to their hotel. They seek out assistance from event staff, but staff are overwhelmed trying to assist hundreds of other conference attendees. They try to call their Director of Security at corporate headquarters for guidance but aren’t sure of the best way to reach her.
After a few hours, police are able to deescalate the protests and the CEO and CFO are safely escorted out of the building along with the other remaining guests. They walk back to their hotel and make contact with their executive assistant, who informs the Director of Security about the situation.
If the company had an effective travel risk management program in place, the scenario would have played out differently:
- The travel intelligence analyst would have identified the planned protest ahead of time by monitoring social media.
- The Director of Security, aware of the large-scale protest, would have assigned an executive protection agent to accompany the CEO and CFO given they were high-profile speakers at the conference.
- The corporate security team at headquarters would have coordinated with the driver, executive protection agent, and conference staff before the trip to confirm alternative routes into and out of the building to avoid the protests.
- The CEO, CFO, and executive protection agent would have received real-time alerts from the travel intelligence analyst providing updates on the escalating situation, and they would be able to report their current safety status to the analyst, who would keep relevant stakeholders informed.
- The executives would have been briefed on a communications plan so they could quickly contact the Director of Security as needed.
Contact Red Five to learn more about establishing or expanding your corporate travel risk program.