In Depth

Offsite Meeting Security: Test Your Convergence IQ

By Sarah D. Scalet

April 15, 2005 — CSO — At an offsite meeting, security convergence is not a theory. It's a real-world necessity. There, gathered in a room that may be thousands of miles away from headquarters, is every

imaginable risk to a company's intellectual propertyfrom loose-lipped catering staff, to hacked Internet connections, to surreptitious recording devices. No matter how sumptuous the site, the risks are real, especially when the meeting involves the company's long-term strategy or other sensitive information. And securing the meeting requires a broad spectrum of both digital and physical defensive measures.

Businesspeople may well ask, "'These are fine hotels that we're going towhat could possibly happen there?'" according to Dave Kent, CSO of biotech company Genzyme. Kent's answer to that question is "Plenty."

"People will come in and try to get into the meetings," he says. "It could be independent financial analysts who are trying to get some advance bits of information for the mosaic they need to project where the company is headed. It could be competitors. It could be people who just want to eat the food. If you're not careful, the opportunity could be there for someone to do something they wouldn't normally doso why make it easy?"

In fact, why not make it as hard as possible?

To illustrate the risks at a typical offsite meeting, CSO worked with security consultant Richard Heffernan to create the graphic at the top of this page. Risk 1Signs outside draw attention to the nature of the meeting.

Fix: Signs should say "Private Meeting."

Bonus points: For especially sensitive meetings, book the whole affair under a fictitious company name. Also consider setting up a white-noise machine outside the conference room to prevent anyone from standing outside the door and eavesdropping.Risk 2Participant is checking her e-mail using the hotel's high-speed network.

Fix: Set up a secure support room with a computer and docking station that are connected to headquarters via a virtual private network, where your company's employees can check their e-mail or do other tasks.

Bonus points: Encourage attendees to leave their laptops at home and use BlackBerrys instead. Not only do they contain less sensitive information than a laptop, they're small enough that individuals are more likely to keep them on their persons.Risk 3An employee has left his laptop unattended.

Fix: Provide an area where participants who need to bring their laptops can securely check them.

Bonus points: Before the meeting, send out a letter reminding attendees to leave their laptops in the designated area rather than in their hotel rooms, if they need to bring their laptops at all. This letter should be signed by the senior-most person attending the event.Risk 4Reports from the printer or copy center have not been secured.

• Email
• Print
• Comments
• Digg This
• SlashDot

• Case Study: Security Convergence
• All Hazards: Taking Leadership to a New Level
• The Defining Moment
• Unified Security: The Payoff...The Pain