Traveler Safety & Security in the Modern World Bruce McIndoe February 2012
iJET.com You will learn… How Global Threats and Business Disruptions Impact Business About Organizational Liability and Duty of Care Travel Risk Management as a discipline About the Traveler Safety Continuum How to benchmark your TRM program and where to focus Precautions around social media, smartphones, and laptops The Top 10 Reasons Programs Fail 2
iJET.com Major Incidents Every Year… 3
iJET.com Escalating Global Threats 4 SOURCES: Georgia Institute of Technology. National Center for Atmospheric Research. The Rand Corporation. The World Health Organization.
iJET.com Who do Your Employees Turn to? 1.Pre-trip / assignment destination – safety and security? 2.For immunizations and medical advice? 3.Hotel or residence property selection? 4.When they need help? 5.When an incident occurs? 5
iJET.com Who do You Turn to? 1.For country/city safety/security information? 2.Traveler or Expat safety/security training? 3.What to do in higher-risk environments? 4.Threat against an employee? 5.For a medical emergency? 6.Plane or vehicle crash? 7.Kidnapping? 6
iJET.com Management Questions What’s really happening now? Who is impacted? Where and how does this affect us? Are the right people aware? What should we do? When? 7 Who can do it? What is our liability if we don’t? What is our competition doing?
iJET.com Legal Deposition – How would you answer? Death or serious injury to employee It is well known that this area was risky, why wasn’t the employee notified? What process do you have in place to understand the risks your employees may face? What information is provided to the employee before he or she went there? What did you do to mitigate these hazards? Who was notified and when? What did they do? 8
iJET.com Management Program Motivators Organizational Liability Risk Exposure Previous litigation history Duty of Care What is expected? Anxiety Management Standard of Care What are others doing? 9
What is Travel Risk Management?
iJET.com Travel Risk Management … is a well defined process to identify risks, prepare travelers pre- trip, monitor threats, and respond to incidents as they arise. Benefits include: More productive and prepared employees Reduced number of costly “incidents” Lower cost of response Reduced corporate liability 11
iJET.com Optimal Response Time The longer it takes an organization to respond to an incident or opportunity, the greater the risks and costs. 12 Optimal Response
iJET.com Preparedness Impacts Response Time 13 Planning Mitigation Communication Exercises/Drills PREPAREDNESS
iJET.com Multiple Functional Areas Support the Employee 14 EMPLOYEE HR/LEGAL Focus on expatriatesResponsible for all employeesPolicy & proceduresCorporate insurance / benefit programs MEDICAL Pre-trip health planning Immunizations Medical assistance & evacuations for international travelers TRAVEL Advisor and knowledge base Books trips and handles travel issues Provides reporting SECURITY Risk assessment Crisis & evacuation plans Emergency contact info Coordinates Response
iJET.com Traveler Safety Continuum 15 Training All employees Management team Personal protection Country/region specific Pre-Trip/Assignment Crisis management plans Policy/compliance Enterprise communication Access to Intelligence Travelers/Expatriates Management (push) Assess risks/set ratings Pre-trip (pull) During travel (Alerts) Track Employees Employee profiles Automated and verified Real-time alerting Communication options Security Service Executive Protection Ground Transport Guards Evacuation Medical Service In-country, Western-quality care Evacuation Hotline 24 x 7 - One Number Specific protocols Travel, security, health
iJET.com Key Elements of Execution Proactive Planning Reactive Training Incident Response 24x7 Monitoring Feedback
iJET.com How it works – Every Trip! Country & City Information Employee Travel/ Security/ HR Manager Travel Agency/ Booking Tool Alerts & Notification Implement Protocol 24x7 Global Employee Hotline Report Trouble Report Issue Response Help Provided Pre-trip/assignment Preparedness Book Trip or Assignment Automated Risk Assessment Automated Trip/Assignment Briefs & Alerts Alerts & Notification Report Issue Implement Protocol Report Trouble Help Provided Worldcue® Risk System
iJET.com TRM Key Process Areas 18 Data Management Risk Assess- ment Policy/Procedures Training Notification Communication Risk Disclosure Risk Mitigation Risk Monitoring Response Overarching KPAs Management KPAs Infrastructure KPAs
iJET.com Measuring your Program Maturity Level 19 Program integrated throughout organization Metrics collected and reviewed. Cross-organization support. Consistent execution of travel risk management processes. Basic travel risk management policies defined and documented. Primary focus on incident response. Ad hoc. Few policies. Chaotic in the event of an emergency. Optimized (5) Managed (4) Proactive (3) Defined (2) Reactive (1)
iJET.com Social Media Awareness Do not disclose travel plans on Facebook or other social media sites. Do not post while on travel – discloses where you are, and are not! Caution on using Twitter or other IM software in high risk countries Be cautious of who you “friend” – especially on travel Consider having two personalities – “Open You” and “Closed You” 20
iJET.com Be Aware! Your mobile telephone has four major vulnerabilities 1.Vulnerability to monitoring of your conversations while using the phone. 2.Vulnerability of your phone being turned into a microphone to monitor conversations in the vicinity of your phone while your phone is inactive. 3.Vulnerability to tracking your phone based on its emitter or GPS data. 4.Vulnerability to "cloning," or the use of your phone number by others to make calls that are charged to your account. 21
iJET.com Smart Phones - Vulnerabilities Smart phones are powerful computers… Complete with an Operating System and Applications Every PC vulnerability can be translated to the phone… and more! Cross-Service Attacks (LAN, Bluetooth, WiFi, GSM, etc.) Code vulnerabilities and exploits Malware Viruses
iJET.com What to do? Backup contacts, , and calendars Install latest OS and security updates Enable PIN/Password – And remote “Wipe” Record Make/Model/Serial Numbers Maintain continuous control of your devices Lock in safe if you leave in room Do not use unprotected networks Do not allow web browser to save login & password Consider using a travel phone with limited data to higher risk locations 23
iJET.com Guidelines for Laptops – Before Travel Leave all but essential storage devices at home – use encrypted USBs Enable “user authentication” -- requiring a password or PIN on your device to gain access. Use a strong (combination of number, digit, and special character) password Load encryption software and encrypt either the whole device (full-disk encryption) or any sensitive files or folders Ensure operating system, firewall/VPN and Anti-Virus are updated
iJET.com Summary – Key Take-Away Thoughts Protection of human assets is a multidisciplinary effort Best approach is a risk management framework Training is critical to overall success Prevention and decision support through real-time intelligence & communication Planning for response minimizes impact
Top 10 Reasons Things Fail…
iJET.com #10 Company does not know what to do in an emergency 27 Don’t be reactive. Get a basic plan in place and make sure you know where to get help.
iJET.com #9 Out of date contact numbers 28 Get contact numbers (cell, home, office, e- mail, IM, etc.) for the people that you need in an emergency. Periodically get them updated and verified.
iJET.com #8 Primary AND Backup Person are not available 29 This happens frequently. Try to have multiple backup contacts. Think about people that are normally available.
iJET.com #7 Cell phones don’t always work 30 We are becoming totally reliant on cell phones. Try to find a pay phone! Provide travelers with international cell phones or satellite phones.
iJET.com #6 No response resource retained 31 Who would you turn to for a kidnapping? What about a threat against an employee? Medical emergency? Car accident? Incident on Vacation? Make a list of incident types and answer who would I turn to?
iJET.com #5 3rd Party response resource does not know what is going on 32 Talk to your vendors. Include them in your planning. Run exercises and drills.
iJET.com #4 Protocols are not maintained 33 Managers and organizations need to periodically review their plans and protocols. At least annually. Train staff on procedures. Run drills and exercises.
iJET.com #3 Protocol or procedure is too complex 34 Many times the plans and procedures are way too complex. Look to streamline the process. In a time of emergency, you will only have time and bandwidth for the basics.
iJET.com #2 Inconsistent skill level within the team 35 Crisis and emergency management is not the core competency of most travel managers and staff. Get training for the core team that will be called to deal with an emergency.
iJET.com #1 Cost sensitivity delays response 36 Deal with where the funds will come from and who will pay BEFORE the event! Delay in response increases cost and can cost lives.
iJET.com THANK YOU! Every organization needs to address duty of care for all employees Bruce McIndoe, President, iJET International Resources 37