Executive protection plan should integrate cyber security


Executive protection plan should integrate cyber security

The senior or C-level executive protection forms a key component of an organization’s overall risk management strategy. Executive protection has developed as a mature professional service; however, at present its scope is limited to

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

physical protection. Web revolution has transformed the way an organization works, giving rise to a wide range of cyber threats. Hence, the current myopic vision of the executive protection plan needs to evolve to include protection from cyber threats.

Defense against cyber espionage

The senior or C-level executives of organizations operating in critical sectors like energy, nano-computing, semi conductor, oil and gas, next generation mobile technology, banking, and defense are easy targets of cyber espionage, as their log-in credentials provide immediate access to critical data. As a senior executive, you should be extra vigilant while travelling to adversary countries (engaging in cyber espionage to benefit their nation), which may wire your hotel room or bribe the cab or hotel room service provider to get access to any information possible. The WiFi network of a hotel can also be compromised to get access to your internet session. Thus, an executive protection plan must include defense against cyber espionage activities. Senior executives must be extra cautious while travelling to countries like China, Russia, Brazil, Iran and Middle-East, which are considered high risk areas.     

Cyber security – a vital element

Every organization has an information security policy to ensure that the information technology infrastructure is updated with the latest antivirus, firewalls and other critical security controls. However, the security policy might not cover executive protection. Therefore, the organization must develop an exclusive executive protection plan to protect senior executives from cyber threats. Huge multinational companies with several chief executive officers, vice presidents, and directors, especially require executive protection plans, imbibing cyber security. However, designing an exclusive executive protection plan for cyber security requirements may not be feasible for the IT department due to constraints in budget and manpower. An organization could thus resort to specialized service providers (though rare) that offer cyber security for executive protection.     

To start with, an organization could implement the following measures as part of its executive protection plan:

  1. Don’t allow senior executives to carry work laptops when they are travelling.
  2. Provide a second laptop to the executive that never connects to the home-office network (company network). This laptop should preferably carry as less work files and applications as possible.
  3. Avoid carrying highly vulnerable and targeted applications on such laptops, such as Adobe Acrobat Reader, which is being targeted by several blackhat hackers. Instead, use an alternative PDF reader.
  4. The executive should try and avoid keeping crucial information on the travel laptop. Important files, presentations, and critical information should be stored on flash drives, which should be carried at all times by the executive. Using encrypted flash drives which offer high security would be even better.
  5. Conduct a forensic analysis of the travel laptop once the executive is back.

Given the range of risks involved, a chief information security officer managing an executive protection plan must know that protecting an individual is different from securing a facility. A proper risk assessment exercise would help create a profound executive protection plan, involving cyber security.

About the author:  Jeffrey Carr, Principal, GreyLogic is a cyber intelligence expert, columnist for Forbes Firewall blog, and cyber warfare author who specializes in the investigation of cyber attacks against governments and infrastructures by state and non-state hackers. Carr regularly consults with agencies of the United States and allied governments on Russian and Chinese cyber warfare strategy and tactics as well as new and emerging threats to critical infrastructure. He has authored a book called ‘Inside Cyber Warfare’ and has spoken on the issue of cyber warfare at various events. 

(As told to Dhwani Pandya.)

This was first published in December 2010

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.