• United States



sarah d_scalet
Senior Editor

Offsite Meeting Security: Test Your Convergence IQ

Apr 15, 20056 mins
Mobile SecurityPhysical SecurityRisk Management

Executives are gathering at a sensitive offsite meeting. Can you spot 12 risks—some physical, some digital? Turn the page to check your answers.

At an offsite meeting, security convergence is not a theory. It’s a real-world necessity. There, gathered in a room that may be thousands of miles away from headquarters, is every imaginable risk to a company’s intellectual property

from loose-lipped catering staff, to hacked Internet connections, to surreptitious recording devices.

Also see The Clean Desk Test: What’s Wrong With This Picture?

No matter how sumptuous the site, the risks are real, especially when the meeting involves the company’s long-term strategy or other sensitive information. And securing the meeting requires a broad spectrum of both digital and physical defensive measures.

Businesspeople may well ask, “‘These are fine hotels that we’re going towhat could possibly happen there?'” according to Dave Kent, CSO of biotech company Genzyme. Kent’s answer to that question is “Plenty.”

“People will come in and try to get into the meetings,” he says. “It could be independent financial analysts who are trying to get some advance bits of information for the mosaic they need to project where the company is headed. It could be competitors. It could be people who just want to eat the food. If you’re not careful, the opportunity could be there for someone to do something they wouldn’t normally doso why make it easy?”

In fact, why not make it as hard as possible?

To illustrate the risks at a typical offsite meeting, CSO worked with security consultant Richard Heffernan to create the graphic at the top of this page.

Risk 1

On the door: Signs outside draw attention to the nature of the meeting.

Fix: Signs should say “Private Meeting.”

Bonus points: For especially sensitive meetings, book the whole affair under a fictitious company name. Also consider setting up a white-noise machine outside the conference room to prevent anyone from standing outside the door and eavesdropping.

Risk 2

Front left table: Participant is checking her e-mail using the hotel’s high-speed network.

Fix: Set up a secure support room with a computer and docking station that are connected to headquarters via a virtual private network, where your company’s employees can check their e-mail or do other tasks.

Bonus points: Encourage attendees to leave their laptops at home and use BlackBerrys instead. Not only do they contain less sensitive information than a laptop, they’re small enough that individuals are more likely to keep them on their persons.

Risk 3

Briefcase, center floor: An employee has left his laptop unattended.

Fix: Provide an area where participants who need to bring their laptops can securely check them.

Bonus points: Before the meeting, send out a letter reminding attendees to leave their laptops in the designated area rather than in their hotel rooms, if they need to bring their laptops at all. This letter should be signed by the senior-most person attending the event.

Risk 4

Front right table: Reports from the printer or copy center have not been secured.

Fix: Have the printer sign a confidentiality agreement and agree not to tape the original copy to the outside of the box, where it can easily be perused. Provide for secure transportation to and storage at the meeting location.

Bonus points: Give attendees a secure way to get the materials they need back to headquarters, perhaps by providing self-addressed FedEx envelopes.

Risk 5

A second, more subtle risk associated with local copy centers or shipping stores: Offsite attendee may have received a sensitive fax.

Fix: In the secure support room, include a fax machine, photocopier, high-quality printer and paper shredder so that people won’t have to use local copy shops or the hotel business center.

Bonus points: Consider securing another extra room to be used as a lounge. Keep it stocked with snacks and drinks, and encourage people to take breaks there rather than in public areas.

Risk 6

Ceiling, plants: The room could have been wired for sound and video before your company arrived.

Fix: Before the meeting, sweep the room for bugs using professional countersurveillance equipment. Then make sure the room is locked or supervised at all times.

Bonus points: Don’t forget that surveillance devices can be planted in drop ceilings or adjacent rooms, or hidden in plain sightdisguised as smoke detectors, clocks or even pens.

Risk 7

Waiter: Catering staff could be hired or paid off by corporate spies.

Fix: Make sure the hotel’s general manager or meeting planner has signed a confidentiality agreement on behalf of the hotel and staff.

Bonus points: Pick the conference site carefully. Even a reputable chain hotel is only as good as the general manager of a particular site.

Risk 8

Waiter: Coffee urns could contain hidden surveillance devices.

Fix: Be wary of anything brought into the room after it has been swept for bugs.

Bonus points: Keep the amount of food service equipment in the room to a minimum to decrease the number of places a surveillance device could be hidden.

Risk 9

Right rear: The service door is unprotected.

Fix: Make sure that all service doors are locked whenever security is not present. Monitor back corridors during the event if necessary.

Bonus points: The locks on all the doors to the room should be re-cored, and only the hotel manager and the company’s security staff should have the key. If the room can’t be locked for some reason, a security officer should be stationed in the room starting after the bug sweep.

Risk 10

Podium: Wireless microphones are transmitting meeting content outside the room.

Fix: Make sure that all unencrypted wireless microphones have been removed from the room, and replace them with encrypted ones.

Bonus points: Bring your own wireless microphones in case the conference center doesn’t have them.

Risk 11

Podium: The audio-visual technician who is running the projection equipment has stored all of the presentations on her laptop.

Fix: Make sure the audio-visual company has signed a confidentiality agreement. At the end of the day, erase all the presentations from the technician’s laptop. This should be done using a small program that the security staff has on a diskette, which will wipe and rewrite the information on the hard drive.

Bonus points: If the room has windows, make sure projection equipment faces away from them so that no one outside can see what’s on the screen.

Risk 12

Person by projection screen: An uninvited guest has wandered into the room.

Fix: A security officer should be stationed outside of the room at all times, checking those who enter against a list of those who are invited.

Bonus points: Include photographs of the participants on this list.