International Corporate Travel
This article examines issues and problems with foreign business travel including what dangers exist for corporate travelers and the methods for reducing risks during foreign travel. The process of protecting business information is explained along with several techniques that can reduce information compromise. The importance of protecting employees, their families, and their residences while in foreign countries is reviewed and methods to improve personnel security are discussed. What organizations should do to prepare employees for foreign travel is explained, including several points that should be included in training. The need for communications security is examined and security steps that are easy to implement are reviewed.
Keywords: Access; Accountability; Authorized Persons; Communications Security; Compromise; Corporate Travel; Executive Travel; Foreign Interests; Information Security; The Overseas Security Advisory Council (OSAC); Personnel Security; Unathorized Personnel
As the new millennium opened, so did unprecedented changes in the way that corporations needed to manage foreign travel for their employees and families. After the terrorist attacks on September 11, 2001, and as the war was starting in Iraq, and SARS (Severe Acute Respiratory Syndrome) hit Asia, the travel industry went into a global tail spin ("Business travelers'," 2003). But the travel industry has always had its ups and downs. Weather, civil unrest, disease warnings, and numerous other things have put travelers in danger and the travel industry on alert. Protecting American business travelers and the information they carry and use abroad is an increasing concern for companies.
To help companies and global travelers become better prepared for what might be waiting for them on an overseas journey, The Overseas Security Advisory Council (OSAC) was established by the Department of State in 1985. The OSAC (www.osac.gov) has representatives from over 20 private sector organizations and four representatives from Government departments and agencies. The information and publications assembled by the OSAC is sent out to over 1,400 business organizations.
The overseas locations of American businesses are primary targets for information and trade secret theft and in cases of civil unrest can become symbolic targets to strike a blow against American capitalism. In general building security systems and practices can be considerably lower in many countries than they are in the United States. Depending on the country law enforcement activities are rather lax. Thus, many companies that send employees overseas maintain awareness programs to inform employees who do travel outside the country of practices that can make them safer.
People are Social and Therefore Vulnerable
In general, human beings are social creatures and many do not have experience in foreign travel. Fewer people have travel experience in places where there is social unrest or high crime rates, or where espionage is a daily activity. In the United States people generally travel with a high level of safety, compared to many countries, and where law enforcement actively responds to incidents or fights crime. As a result Americans tend to be social even with casual contacts and too often readily trust people they meet.
In addition, Americans tend to have some feelings of superiority because of money, social status, and their perception that the United States is respected abroad as much as it is at home. These values, attitudes and behaviors can be exploited by criminals as well as spies. The diverse ethnic background of the United States also results in people desiring to travel to places where their ancestors were born and perhaps feel some sense of loyalty to their heritage. Foreign intelligence agents have been known to take advantage of this deep rooted sense of ethnic identity and work to gain competitive information by appealing to persons of similar ethnic or cultural background.
Identifying What Information to Protect
Competitive intelligence and industrial espionage is not always focused on retrieving or collecting highly sensitive information. Most intelligence gathering activities tend to focus on information that is not generally known outside a given American business or industry. Such information combined with other sources of information can eventually provide the retriever with a salable commodity. The key test on what information to protect is whether or not that information enhances the competitiveness of a company or even a country (Forte & Power, 2007).
Companies can identify what information to protect by conducting an information audit. This requires all business units to review their operations and determine which information helps to create uniqueness and results in a competitive advantage. When the audit is completed corporate security professionals can then determine the cost of a reasonable level of protection and support a business decision as to how much to spend on protection mechanisms including training employees on the importance of protecting specific information (King, 2007). When training is the key protection mechanism or when office procedures need to be modified, information security can be improved for little additional cost (Myler & Broadbent, 2006).
There are many basic procedures that can readily improve information security. For example, keeping unescorted visitors, unauthorized personnel and the general public out of restricted research, production and business areas is a common practice (Berghel, 2007). One of the best ways to accomplish this is through staff training. Once trained, employees can be the first line of defense in information security (Schultz, 2007).
Ideal Security Levels
The following shows an ideal general security level. This security information was extracted from the OSAC website regarding the security of corporate information for private sector companies that have offices outside the United States and for personnel who travel or reside abroad. The information is designed to assist organizations and their personnel abroad in planning security needs. Above all information security should be considered when making decisions to move information to an overseas location (OSAC, 2005).
- Security staff should control all building perimeter openings employees and non-employees should be issued and wear proper identification in clear view.
- Areas where sensitive information is stored should be restricted with only specific personnel having access.
- Removal of sensitive information from a restricted area should be logged and tracked.
- Nonemployees should be escorted when they are in the facility.
- Equipment that can be used to reproduce information should not be allowed in sensitive areas.
- Lockable storage devices should be used to keep sensitive information secured and locks or combinations should be changed on a regular basis.
- Sensitive information should be inventoried and logged and periodically checked to account for all documents.
- Sensitive documents should be completely destroyed when they are no longer needed (http://www.osac.gov).
Protecting Key Personnel
The methods used to protect office buildings or manufacturing facilities should also be used to protect residential facilities. Any sensitive information taken to a residence needs the same level of protection as it has in corporate buildings (OSAC, 2005).
- Only authorized persons should be allowed in a residence where sensitive information is stored or used.
- The residence should also have restricted areas where only people authorized to use sensitive information have access.
- Sensitive information should not be disposed of through residential waste systems.
- Background investigations on residential employees should be conducted just as they are for corporate buildings.
- Personal or laptop computers carried offsite by corporate staff should be protected.
- Corporate staff should be trained in protecting sensitive information when attending scientific conferences and trade association meetings.
- Corporate staff should also be trained to not discuss sensitive information in places where unauthorized persons could hear the conversation.
- All employees should be trained not to discuss sensitive information over the telephone when traveling (http://www.osac.gov).
Those people that have ended up in hostage situations generally regret that they had left their family affairs in less than good order. Evacuations, illness, or death can also leave a family in situations where they need to quickly bring order to finances or property holdings. Several steps should be taken before employees travel abroad or into potentially dangerous areas. Above all, employees should discuss with their family what should be done in the case of any emergency...
(The entire section is 4003 words.)