In Depth

Offsite Meeting Security: Test Your Convergence IQ

Executives are gathering at a sensitive offsite meeting. Can you spot 12 riskssome physical, some digital? Turn the page to check your answers.

By Sarah D. Scalet

April 15, 2005CSO — At an offsite meeting, security convergence is not a theory. It's a real-world necessity. There, gathered in a room that may be thousands of miles away from headquarters, is every

imaginable risk to a company's intellectual propertyfrom loose-lipped catering staff, to hacked Internet connections, to surreptitious recording devices. No matter how sumptuous the site, the risks are real, especially when the meeting involves the company's long-term strategy or other sensitive information. And securing the meeting requires a broad spectrum of both digital and physical defensive measures.

Businesspeople may well ask, "'These are fine hotels that we're going towhat could possibly happen there?'" according to Dave Kent, CSO of biotech company Genzyme. Kent's answer to that question is "Plenty."

"People will come in and try to get into the meetings," he says. "It could be independent financial analysts who are trying to get some advance bits of information for the mosaic they need to project where the company is headed. It could be competitors. It could be people who just want to eat the food. If you're not careful, the opportunity could be there for someone to do something they wouldn't normally doso why make it easy?"

In fact, why not make it as hard as possible?

To illustrate the risks at a typical offsite meeting, CSO worked with security consultant Richard Heffernan to create the graphic at the top of this page. Risk 1Signs outside draw attention to the nature of the meeting.

Fix: Signs should say "Private Meeting."

Bonus points: For especially sensitive meetings, book the whole affair under a fictitious company name. Also consider setting up a white-noise machine outside the conference room to prevent anyone from standing outside the door and eavesdropping.Risk 2Participant is checking her e-mail using the hotel's high-speed network.

Fix: Set up a secure support room with a computer and docking station that are connected to headquarters via a virtual private network, where your company's employees can check their e-mail or do other tasks.

Bonus points: Encourage attendees to leave their laptops at home and use BlackBerrys instead. Not only do they contain less sensitive information than a laptop, they're small enough that individuals are more likely to keep them on their persons.Risk 3An employee has left his laptop unattended.

Fix: Provide an area where participants who need to bring their laptops can securely check them.

Bonus points: Before the meeting, send out a letter reminding attendees to leave their laptops in the designated area rather than in their hotel rooms, if they need to bring their laptops at all. This letter should be signed by the senior-most person attending the event.Risk 4Reports from the printer or copy center have not been secured.

RESOURCE CENTER
Loading...
WEBCAST
Gartner Video: Best Practices for Web Application Security and Compliance

Cenzic Faced with the growing threat of hacker attacks, how do you protect your data and your corporate reputation while increasing revenue?

» View this Webcast

WHITE PAPER
Email Continuity: Don't Know What You've Got Till it's Gone

MessageLabs Today, more email is being sent and attachment sizes are becoming larger. This means that security, archiving, and continuity systems must be able to scale easily. Learn to manage your email better…

» View this White Paper

Featured Sponsors