DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

Employees are organizations’ most vital assets, so when these same employees travel abroad carrying laptops and carry-ons brimming with corporate information, a company is risking the two core foundations of its competitive advantage. Also, organizations carry a fiduciary responsibility to protect their employees and internal information. This article will address general guidelines for companies when their employees are traveling abroad on business. And although it doesn’t address domestic travel or security risks, many of these concepts can be applied to these areas as well.

Not Us. Why Should We Be Concerned?

In the realm of employee safety, organizations innocently send out their employees to locations domestically and internationally with little awareness of the basic travel precautions. Even rarer breeds are those corporations or people that prepare for the environment they are heading into.

Employees traveling in unfamiliar locations should be aware of some basic safety precautions, and those traveling overseas will need special awareness about laws, customs, and other unique scenarios that can vary from country to country. All organizations should take diligent steps to promote awareness if they send their employees on corporate sponsored travels as they often make obvious and easy targets.

For most people the realm of competitive intelligence and industrial espionage protection is a Tom Clancy novel that provides great reading but has little impact to them and their company.

The unfortunate fact is quite the opposite. The vast majority of travelers pay but cursory attention to protecting what they carry with them, the environment they are passing through, and, consequently, the information they expose. From a deliberate perspective, these employees also face elicitation, quarterbacking, and other intrusion techniques. Simple eavesdropping and carelessness also can be the cause of information release and/or public embarrassment. For example, most people traveling in the U.S., especially recently, have likely heard the overhead announcements about laptops being left behind at security stations. Many of us also have at one time or another, innocently, glanced at what the people around us are reading or perhaps heard what was being discussed.

Proprietary information is defined as information not within the public domain and that which the owner has taken some measures to protect. This means any business large or small carries information that can be of interest or curiosity to others. This includes, as well as the more obvious copyright, patent or trade secret information, the less obvious business information around corporate policies, R&D, strategies, mergers, client base, etc. In a report compiled by the Office of National Counterintelligence, with the assistance of 12 organizations within the Intelligence community, it was estimated in the congressional report that the U.S. espionage costs ranged from $100 billion to $250 billion in the year 2000.

So, What Should Be Done?

First and foremost, as a frequent traveler I ask travelers to remember that our country and their company will be judged by the impression they make. As an American abroad, they serve as one of the few face-to-face examples many people will have of the United States, its corporations, and its people. Also, do not be surprised if one occasionally encounters anti-American sentiments. Be gracious, ignore them, and move on. Never get involved in comparing other countries unfavorably with the United States. From time to time, all travelers experience frustrations such as crowded hotels, long lines, overbooked restaurants, and delayed airline flights. Do not let this reflect on the experience.
As an organization, a general outline for creating “employee travel guidelines” must not only address general travel concerns but also country-specific issues. A practical outline should include two separate sections: general recommendation for travel safety (which follows) and a country-specific format as outlined in section B.

The general format could potentially include the following recommendations:

A. General Travel Information
1. Prior to Departure:

a. Be sure employees only provide travel arrangers, hotels, rental agencies, etc. with the minimum information needed to conduct the transaction.
b. Unless required to, do not specify or divulge information that identifies you as a corporate or government traveler.
c. Remind employees to avoid idle chat in planes, hotels, lobbies, etc. that divulges who they work for, what they are doing, etc.
d. Be sure they ignore unwanted inquiries and are taught polite ways of deflecting these conversations.
e. Never leave PDA, computer equipment, satchels, purses, etc. out of your sight. (You would be surprised how often this happens).
f. Your hotel room is not a secure environment. Never leave corporate information lying about or discard corporate information in the room.
g. Do not use hotel/foreign faxes, phones, or computer systems to transmit critical company data.
h. Establish points of contact for families/work to contact you at hotels, business sites, etc.

2. While Traveling

a. Check in with your family or company prior to any departure on flights and upon arrivals. (From personal experience I can relate how important this is when I “disappeared” for more than 24 hours from a flight from Riyadh to Bombay). My family and contact knew quickly that something had gone wrong.
b. Maintain a low profile in the way you act and dress. By all means get out and visit your host country and its people, but in doing so, employees can still keep a low profile.
c. Avoid political discussions. State that you are not well versed in the topic under discussion, then change the subject.
d. Carry identification with you at all times.
e. Leave copies of itineraries, personal information and your passport at home or work. (This can be used to assist in replacing documentation.)
f. Carry extra passport photos and copies of your personal data with you, but store separate from the originals.
g. If your stay is extended, register with the nearest embassy or consulate.
h. Shun publicity or social disturbances (Even such innocent events as peaceful protests, marches, etc.).
i. Carry the appropriate currency with you. Do not rely on airport exchanges always being open.
j. Learn basic phrases in the local language to obtain assistance.
k. Be aware of your surroundings:
i. Avoid alley shortcuts.
ii. Street vendors or innocent children who may distract you.
iii. Avoid after-dark travel if alone.
iv. Avoid ‘flashing’ money.
l. In hotels:
i. Choose rooms between the 2nd and 7th floors.
ii. Do not use stairwells.
iii. Know your exits.
iv. Report lost keys immediately.
v. Do not accept room deliveries unless expected.
vi. Use the “Do Not Disturb” sign for your room when leaving, unless cleaning is needed.

B. Country Specific Guidelines

a. Country description, brief review of the history, government, sites, etc.
b. Travel advisories (State Department).
c. Entry and exit requirements.
d. Safety and security precautions.
e. Crime profiles and warnings.
f. Medical facilities and insurance information.
g. Traffic rules and environment.
h. Customs regulations.
i. Entering that country.
ii. Entering back to U.S.
i. Using electronic equipment, i.e.
i. GPS systems in some countries are not welcome.
ii. Cell phones in some countries require an agreement from a local provider to bring in.
j. Embassy/consulate locations.
k. Criminal penalties.

In Closing

We live in a world that increasingly measures travelers, their company and country not by the brute force they can muster but by the economic power and influence at their support.
As an organization the best help that can be given to protect employees and corporate information is to provide travelers with basic safety guidelines and helpful country information. This need not be a long process, especially once an organization has prepared and begun to collect this information.

Remember foremost that business travelers are guests representing both their company and country. Just as one wouldn’t comment on a person’s home or family while at their house, nor should any traveler be loud, abrasive, or make disparaging comments about the host country, its environment, or people.

Be sure that these trips prove to be safe, enjoyable, and profitable for the organization and its employees.

Keith A. Baker, CBCP, is a manager with Ernst & Young in the Security & Technology Solutions Group based out of Minneapolis. As part of E&Y’s national practice, he specializes in risk, security and business continuity.