This post covers personnel safety — making sure employees can safely work and travel. While some of the techniques are common sense, others are less obvious.
- Travel. The laws and policies in other countries can sometimes be drastically different than your own country. Employees must be familiar with the differences prior to traveling. For example, something you see as benign might be illegal and punishable by jail in another country. Other laws could make it difficult to do business in another country or put your company at risk. When traveling to other countries, you should familiarize yourself with the local laws to minimize danger to yourself and your company. Another key concern when traveling is protecting company data. To protect company data during travel, encryption should be used for both data in transit and data at rest. It is also a good practice (although impractical) to limit connectivity via wireless networks while traveling. Take your computing devices with you, when possible, since devices left in a hotel are subject to tampering. In some cases, such as when traveling to high-risk nations, consider having personnel leave their computing devices at home. While this isn’t always feasible, it can drastically reduce the risk to personnel and company devices or data. In some organizations, employees are given a special travel laptop that has been scrubbed of sensitive data to use during a trip; the laptop is re-imaged upon return home.
- Security training and awareness. Employees should be trained about how to mitigate potential dangers in the home office, while traveling or at home. For example, campus safety includes closing doors behind you, not walking to your car alone after hours, and reporting suspicious persons. Travel safety includes not displaying your company badge in public places and taking only authorized ride hailing services. Safety outside of work includes using a secure home network and not inserting foreign media into devices. While the training and awareness campaigns will differ, a key element is to have a campaign that addresses your organization’s particular dangers.
- Emergency management. Imagine a large earthquake strikes your primary office building. The power is out, and workers have evacuated the buildings; many go home to check on their families. Other employees might be flying to the office for meetings the next day. You need to be able to find out if all employees are safe and accounted for; notify employees, partners, customers, and visitors; and initiate business continuity and/or disaster recovery procedures. An effective emergency management system enables you to send out emergency alerts to employees (many solutions rely on TXT or SMS messages to cellular phones), track their responses and locations, and initiate emergency response measures, such as activating a secondary data center or a contingent workforce in an alternate site.
- Duress. Duress refers forcing somebody to perform an act that they normally wouldn’t, due to a threat of harm, such as a bank teller giving money to a bank robber who brandishes a weapon. Training personnel about duress and implementing countermeasures can help. For example, at a retail store, the last twenty-dollar bill in the cash register can be attached to a silent alarm mechanism; when an employee removes it for a robber, the silent alarm alerts the authorities. Another example is a building alarm system that must be deactivated quickly once you enter the building. If the owner of a business is met at opening time by a crook who demands that she deactivates the alarm, instead of entering her regular disarm code, the owner can use a special code that deactivates the alarm and notifies the authorities that it was disarmed under duress. In many cases, to protect personnel safety, it is a good practice to have personnel fully comply with all reasonable demands, especially in situations where the loss is a laptop computer or something similar.
For solution, online support and query email us at .