Traveler Safety
& Security in
the Modern
World
Bruce McIndoe
February 2012
You will learn…
 How Global Threats and Business Disruptions Impact
Business
 About Organizational Liability and Duty of Care
 Travel Risk Management as a discipline
 About the Traveler Safety Continuum
 How to benchmark your TRM program and where to focus
 Precautions around social media, smartphones, and
laptops
 The Top 10 Reasons Programs Fail
iJET.com
2
Major Incidents Every Year…
3
iJET.com
Escalating Global Threats
SOURCES: Georgia Institute of Technology. National Center for Atmospheric Research.
The Rand Corporation. The World Health Organization.
iJET.com
4
Who do Your Employees Turn to?
1. Pre-trip / assignment destination – safety and
security?
2. For immunizations and medical advice?
3. Hotel or residence property selection?
4. When they need help?
5. When an incident occurs?
iJET.com
5
Who do You Turn to?
1. For country/city safety/security information?
2. Traveler or Expat safety/security training?
3. What to do in higher-risk environments?
4. Threat against an employee?
5. For a medical emergency?
6. Plane or vehicle crash?
7. Kidnapping?
iJET.com
6
Management Questions
•
What’s really happening now?
• Who can do it?
•
Who is impacted?
• What is our liability if we
•
Where and how does this affect
don’t?
us?
•
•
• What is our competition
Are the right people aware?
doing?
What should we do? When?
iJET.com
7
Legal Deposition – How would you answer?
Death or serious injury to employee

It is well known that this area was risky, why
wasn’t the employee notified?
 What process do you have in place to
understand the risks your employees may face?
 What information is provided to the employee
before he or she went there?
 What did you do to mitigate these hazards?
 Who was notified and when? What did they do?
iJET.com
8
Management Program Motivators
 Organizational Liability

Risk Exposure
 Previous litigation history
 Duty of Care

What is expected?
 Anxiety Management
 Standard of Care
 What are others doing?
iJET.com
9
What is Travel Risk Management?
Travel Risk Management
… is a well defined process to identify risks, prepare travelers pretrip, monitor threats, and respond to incidents as they arise.
Benefits include:
• More productive and prepared
employees
• Reduced number of costly “incidents”
• Lower cost of response
• Reduced corporate liability
iJET.com
11
Optimal Response Time
The longer it takes an organization to respond to an
incident or opportunity, the greater the risks and costs.
Optimal
Response
iJET.com
12
Preparedness Impacts Response Time
 Planning
 Mitigation
 Communication
 Exercises/Drills
PREPAREDNESS
iJET.com
13
Multiple Functional Areas Support the
Employee
SECURITY
TRAVEL
Risk assessment
Crisis & evacuation plans
Emergency contact info
Coordinates Response
Advisor and knowledge
base
Books trips and handles
travel issues
Provides reporting
HR/LEGAL
Focus on expatriates
Responsible for all employees
Policy & procedures
Corporate insurance / benefit
programs
iJET.com
EMPLOYEE
14
MEDICAL
Pre-trip health planning
Immunizations
Medical assistance
& evacuations for
international travelers
Traveler Safety Continuum
Pre-Trip/Assignment
• Crisis management plans
• Policy/compliance
• Enterprise communication
Training
• All employees
• Management team
• Personal protection
• Country/region specific
Access to Intelligence
• Travelers/Expatriates
• Management (push)
• Assess risks/set ratings
• Pre-trip (pull)
• During travel (Alerts)
Track Employees
• Employee profiles
• Automated and verified
• Real-time alerting
• Communication options
Hotline
• 24 x 7 - One Number
• Specific protocols
• Travel, security, health
Security Service
• Executive Protection
• Ground Transport
• Guards
• Evacuation
iJET.com
15
Key Elements of Execution
Feedback
Planning
Training
Proactive
iJET.com
24x7
Monitoring
Incident
Response
Reactive
How it works – Every Trip!
Travel
Agency/
Booking Tool
Country & City
Information
Pre-trip/assignment
Book Trip or
Assignment
Preparedness
Help Provided
Automated Risk
Assessment
Employee
Report Trouble
Automated Trip/Assignment
Briefs & Alerts
Worldcue®
Risk System
iJET.com
Alerts & Notification
Report Issue
Travel/
Security/
HR Manager
24x7 Global
Employee
Hotline
Implement
Protocol
Response
TRM3 - 10 Key Process Areas
Policy/Procedures
Overarching KPAs
Training
Management KPAs
Risk
Assessment
Risk
Disclosure
Risk
Mitigation
Risk
Monitoring
Notification
Infrastructure KPAs
Data Management
Communication
iJET.com
18
Response
Measuring your Program Maturity Level
Optimized (5)
Managed (4)
Proactive (3)
Defined (2)
Reactive (1)
iJET.com
Program integrated
throughout organization
Metrics collected and reviewed.
Cross-organization support.
Consistent execution of travel risk
management processes.
Basic travel risk management policies defined and
documented. Primary focus on incident response.
Ad hoc. Few policies. Chaotic in the event
of an emergency.
19
Social Media Awareness
 Do not disclose travel plans on Facebook or
other social media sites.
 Do not post while on travel – discloses where
you are, and are not!
 Caution on using Twitter or other IM software
in high risk countries
 Be cautious of who you “friend” – especially
on travel
 Consider having two personalities – “Open
You” and “Closed You”
iJET.com
20
Be Aware! Your mobile telephone has
four major vulnerabilities
1. Vulnerability to monitoring of your conversations
while using the phone.
2. Vulnerability of your phone being turned into a
microphone to monitor conversations in the
vicinity of your phone while your phone is inactive.
3. Vulnerability to tracking your phone based on its
emitter or GPS data.
4. Vulnerability to "cloning," or the use of your phone
number by others to make calls that are charged
to your account.
iJET.com
21
Smart Phones - Vulnerabilities
 Smart phones are powerful computers…
 Complete with an Operating System and
Applications
 Every PC vulnerability can be translated to the
phone… and more!
 Cross-Service Attacks (LAN, Bluetooth, WiFi,
GSM, etc.)
 Code vulnerabilities and exploits
 Malware
 Viruses
iJET.com
What to do?








Backup contacts, email, and calendars
Install latest OS and security updates
Enable PIN/Password – And remote “Wipe”
Record Make/Model/Serial Numbers
Maintain continuous control of your devices
Lock in safe if you leave in room
Do not use unprotected networks
Do not allow web browser to save login &
password
 Consider using a travel phone with limited
data to higher risk locations
iJET.com
23
Guidelines for Laptops – Before Travel
 Leave all but essential storage devices at home –
use encrypted USBs
 Enable “user authentication” -- requiring a password
or PIN on your device to gain access. Use a strong
(combination of number, digit, and special character)
password
 Load encryption software and encrypt either the
whole device (full-disk encryption) or any sensitive
files or folders
 Ensure operating system, firewall/VPN and Anti-Virus
are updated
iJET.com
Summary – Key Take-Away Thoughts
 Protection of human assets is a multidisciplinary effort
 Best approach is a risk management framework
 Training is critical to overall success
 Prevention and decision support
through real-time intelligence
& communication
 Planning for response
minimizes impact
iJET.com
Top 10 Reasons Things Fail…
#10
Company does not know what to do
in an emergency
Don’t be reactive. Get a basic plan in
place and make sure you know where to
get help.
iJET.com
27
#9
Out of date contact numbers
Get contact numbers (cell, home, office, email, IM, etc.) for the people that you need in
an emergency. Periodically get them updated
and verified.
iJET.com
28
#8
Primary AND Backup Person are not
available
This happens frequently. Try to have
multiple backup contacts. Think about
people that are normally available.
iJET.com
29
#7
Cell phones don’t always work
We are becoming totally reliant on
cell phones. Try to find a pay phone!
Provide travelers with international
cell phones or satellite phones.
iJET.com
30
#6
No response resource retained
Who would you turn to for a kidnapping?
What about a threat against an employee?
Medical emergency? Car accident?
Incident on Vacation?
Make a list of incident types and answer
who would I turn to?
iJET.com
31
#5
3rd Party response resource does
not know what is going on
Talk to your vendors. Include them in
your planning. Run exercises and
drills.
iJET.com
32
#4
Protocols are not maintained
Managers and organizations need to
periodically review their plans and
protocols. At least annually.
Train staff on procedures. Run drills
and exercises.
iJET.com
33
#3
Protocol or procedure is too
complex
Many times the plans and procedures are
way too complex.
Look to streamline the process.
In a time of emergency, you will only have
time and bandwidth for the basics.
iJET.com
34
#2
Inconsistent skill level within the
team
Crisis and emergency management is
not the core competency of most travel
managers and staff.
Get training for the core team that will be
called to deal with an emergency.
iJET.com
35
#1
Cost sensitivity delays response
Deal with where the funds will come from and
who will pay BEFORE the event!
Delay in response increases cost and can cost
lives.
iJET.com
36
THANK YOU!
Every organization needs to address
duty of care for all employees
Bruce McIndoe, President, iJET International
Bruce@iJET.com
Resources
www.ijet.com/GBTA
iJET.com
37