Keeping high-profile meetings safe and secure

Advanced technology makes it easier than ever to compromise security of meetings, but Harlan Calhoun has tips to fight off would-be spies

Before the advent of smartphones, planting covert listening devices was the most popular way to illegally record content from a private meeting. Today, with an estimated 130 million smartphones in use in the United States, every user has the potential to be a covert meeting operative with their own Wi-Fi receiver, camera, audio recorder, keyboard and computer at their disposal.

Maintaining security and privacy for high profile meetings is vital whether it is a shareholder meeting, political fundraiser or internal executive meeting. When off-the-cuff comments made by Mitt Romney at a fundraiser were recorded and posted online, his political campaign took a negative hit. The theft of intellectual property costs American businesses billions each year. Discussions of proprietary information may include customer pricing, R&D and production processes, marketing and advertising strategies, legal issues and salary information. How can corporate and government leaders ensure that their meetings are safe and secure and that proprietary information is not leaked?

As a security and law enforcement professional, I have been responsible for the safety and security of Fortune 500 executives and have seen the positive results of a well-planned meeting. These guidelines can help establish processes and protocols to keep people and information protected.

[Slideshow: Security for off-site meetings]

Pre-planning is critical -- About three months before the meeting, all critical parties (human resources, legal, internal security, external security, local law enforcement and facilities) should meet to begin the planning process and assess the level of risk associated with this meeting. Questions to ask include: how many people are expected, where the meeting is being held (off-site or at corporate headquarters) and what are the parking logistics? Will there be sufficient security personnel assigned to the meeting? What is the training of these officers? Who would have an interest in the content of the meeting? How could this content be utilized?

While corporate locations generally already have significant security controls in place, an important meeting could attract crowds or protesters or the content of the meeting may be such that additional security measures are required. Additionally, off-site meeting locations such as hotels and convention centers demand more advance planning so that each area to be accessed is reviewed and accounted for from a security perspective.

Effective pre-planning also includes social media and news monitoring to assess what topics are prominent in the news and how the individual company may factor in. For example: if it is an energy company, how are their environmental practices interpreted by organizations such as Greenpeace, and what impact might that have? Active social media monitoring of Twitter, Facebook, Instagram and other channels can help intercept and prevent potential flash mob scenarios.

One month before the meeting, a tabletop exercise should be conducted where everyone is tasked with creating potential meeting crisis situations such as a medical emergency, disruptive attendee or water main break.

Establish security protocol -- Access control is critical and every meeting attendee should be thoroughly vetted, ensuring their identity matches their state or federal identification. The security firm should engage in an electronic sweep of the meeting room right before it starts to ensure there are no surreptitious listening devices planted. Metal detectors at the point of meeting entry should be employed.

All meeting attendees should be aware that security protocol is in place which could include:

  • Pocketbook and briefcase check -- Smartphones, computers, iPads and video and audio recorders should be removed and stored in a safe location.
  • Corporate computer used for presentations -- Speakers should provide their PowerPoint presentations in advance and all presentations should be run off of one master encrypted computer that is pre-screened for bugs.
  • Post-meeting material check -- There should be a review of all written material taken by meeting attendees to ensure that no sensitive information leaves the meeting room.

Attendees should be briefed by the security team on appropriate protocol both during and after the meeting. Many secrets have been divulged at the hotel bar or gym when executives are not aware that competitors are located at an adjacent bar stool or treadmill.

Security protocol should also account for meeting disruption. A shareholder who owns just one share of a company's stock can lawfully gain access to a shareholder's meeting. It is not uncommon for an activist to purchase a solitary share for this reason. While every shareholder has a right to ask questions during a shareholder's meeting, no one has the right to be purposefully disruptive. It is important to pre-plan with corporate security and the company's public relations department to establish protocols to handle a disruptive questioner, or even uninvited media.

[Vulnerabilities in D-Link network video recorders enable remote spying, researcher says]

Meeting monitoring -- Security and surveillance should remain in full force throughout the meeting. Security officers should conduct continual perimeter checks of the surrounding areas. There should be electronic and physical monitoring during the meeting. Make sure that all unencrypted wireless microphones, which can transmit meeting content outside of the room, have been removed and replaced with encrypted ones.

Escape clause -- Sometimes even the best laid plans can result in an unexpected surprise. A meeting that becomes unruly, for example, may require that the CEO and other top executives are able to depart the premises safely and quickly. Advance of the meeting, all escape routes should be detailed along with vehicles staged with drivers who can whisk away executives at a moment's notice. If it is not possible to get the executives out of the building, it should be determined what the shelter in place plan is and that that this temporary shelter includes sufficient food and water.

Effective meeting security must also consider the health and welfare of all meeting attendees. If an attendee has a medical emergency, can the company access medical personnel quietly and without public incident? A CEO of a publicly traded company who suffers a heart attack, for example, should not be wheeled out to awaiting ambulances at the main entrance where people can observe his condition. Crowds can impede departure and news of a CEO's negative health issues could adversely affect stock price.

Confidentiality for all -- Everyone who comes into contact with the meeting personnel (event planning personnel, security, audiovisual technicians, foodservice, administrative personnel, etc.) should sign a confidentiality agreement on behalf of the corporation and/or hosting hotel or venue. This should include not just those assisting the day of the event but those involved in pre-event preparations as well.

Post-meeting review -- Conducting a post-mortem meeting analysis is a valuable way to identify and document lessons learned from the project. The security and administrative team benefits from this post-meeting review of protocol and processes and is better equipped and prepared to face the next big meeting.

[Security and vulnerability assessment: 4 common mistakes]

Meetings should not be publicized beyond the scope of meeting attendees. CEOs and other executives traveling to the meeting should be met by a driver who does not display the company name on their sign. There should not be any signs in the meeting location that draw attention to the nature of the meeting. Attendees should all understand that information should not be disseminated on any public Wi-Fi and that only secure, encrypted networks should be used.

These important events should never be an opportunity for corporate spies to gather proprietary information and intelligence. With proper planning, training and resources, all meetings can be safe, secure and productive.

Harlan Calhoun is vice president of operations for AlliedBarton Security Services, www.alliedbarton.com, the industry's premier provider of highly trained security personnel to various industries. Prior to joining AlliedBarton, Harlan was a police officer, hostage negotiator and academy instructor in the Charlotte-Mecklenburg Police Department.

Tags security

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Email Security and Data Protection

Encrypt your sensitive email

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.