10 Tips for Offsite Meeting SecurityAdded 2nd Feb 2012
When an organization hosts an offsite event, whether it is a small meeting, or a massive industry conference, it also presents an opportunity for the security department.
"In these situations, security can really shine, or really stub its toes," said William Besse, Vice President of Consulting and Investigations with security firm Andrews International. "These offsite events aren't a time when security needs to be dozing. They need to be on their game."
Besse, who at one point in his career was the director of global corporate security for cosmetics giant Mary Kay, became well-versed in the challenges of hosting large off-site events. Mary Kay annually holds incentive meetings for members of its huge global sales force and those events often include hosting as many 50 to 60 thousand people in a major convention venue.
"Security can either build a reputation as a contributor or enabler of these events, or as a department that wants to make it look bad and is an obstacle to making it happen," he said.
In order to be one of those security departments seen as an enabler, Besse recommends several steps to take, before and during an offsite, to ensure the event goes off without a hitch.
Besse, along with physical-security consultant Dan Finger, offer these tips for keeping an off-site venue secure.
Get to know the venue, inside and out, well before the event.
If possible, Besse recommends security get involved in the process as early as choosing a venue.
"Have individual meetings with hotel management so you can get an understanding about their rules and regulations and what they can do to help you secure this event," he said. "Get to know customer service."
Once you've agreed on a site, before operations even begin, security needs to be well-versed on all exits, stairways and other access points. Knowing the building inside and out is crucial.
"Also you need to decide where to have your security center at the venue," said Besse. "Where will sec-ops be conducted out of? Will there be phones, copiers, computer access in there? Will you need to augment the venue's security with your own additional?"
Determine local emergency medical capabilities
The most likely unplanned event at an offsite meeting is a medical emergency, said Besse. Security should have a plan in place for handling this that includes a visit to the local hospital emergency room before the event.
Other considerations should include whether there will be attendees at the event with special medical needs and how should the onsite team be equipped to handle that, said Besse.
Know what proprietary information is at stake
In addition to the safety of your attendees, what else is at stake with this off-site? Is the organization going to present proprietary products or information that needs to be closely guarded? What are your plans for ensuring it STAYS guarded?
"Figure out what is being displayed and what happens if there is an evacuation," said Besse. "What do we do with proprietary information or products in that scenario? Also, if it's a highly-value consumer product on display, we might put up close-circuit TV surveillance on the product, on the doors, and bring in our own security systems."
Have a solid access-control strategy
Perhaps the most important aspect of ensuring proprietary and sensitive information stays contained within the event is to ensure that those who have access to it are the ones you want to have access to it, said Dan Finger.
"A lot of it will start at registration," he said. "Ask for ID. A lot of times at events I just give my name and I'm given a badge to enter. But if it is an event with proprietary information, have registration explain to folks there is proprietary information being discussed and we need to see some identification before we can let you in."
Make sure credentials are visible and clear
The next step is actually getting attendees to wear their credentials, said Finger, and to keep an eye out for those wearing the wrong badge, or no badge at all.
"There may be another event going on in the same venue and people from that event might wander over to yours," he noted. "It's important to have security keeping an eye on the badges people are wearing to make sure everyone is in the right place and an outside party doesn't gain access to information they aren't there to see or hear."
Figure out your signage
Many events will feature signs throughout the venue to direct attendees to the various meeting spots. But, in some instances, certain events may call for little or no signage.
"Depending on the event, I wouldn't even put up signs because it attracts attention," said Finger. "Sometimes, the less publicity, the better."
Scope out possible hiding spots for recording devices
Plants, under benches and window sills are all places where recording devices could be hidden, said Finger. If proprietary issues and recording are both concerns, security should have a plan to regularly sweep such areas to check for such things.
But also keep in mind many attendees will have recording devices right in their laps. "Are people listening going to be recording with an iPad or other device? What are people allowed to bring in to the meetings in the first place?" said Finger. These are all things that need to be considered so the demonstration of your next beta doesnt end up on YouTube tomorrow, he said.
Check in on venue staff
Staff vetting may be necessary if you are concerned about the potential for spying or political statement.
"You may want to check with the hotel on new hires in last few weeks," said Finger. "Any new hire could be coincidental, but there could also be a plant going on. Are you bringing someone in who could be the target of kidnapping attempt, or an assassination attempt? If you are, you want to know about local staff."
Decide on vehicle access
Depending on how politically charged the event may be, or how sensitive the topics are that are being discussed, the meeting could attract people looking to make a statement, said Finger. Although rare, a demonstration could include trying to drive a car into a building.
"Security may want to develop buffer zones, designated areas away from the buildings," said Finger. "One idea is to set up some temporary bollards that would discourage people from trying to do something. Large concrete planters can be a deterrent, but also be aesthetically pleasing."
Plan your parking arrangements
Parking is not always a significant issue, but if it is: "Do you have a plan?" asks Finger. If your venue is in an area with large parking areas, are you comfortable with attendees walking through them alone at night? If not, what will you do to ensure safety?
Some ideas include staffing extra lot attendants to ensure people get to their vehicles safely, or augmenting the existing lighting in the lots with additional lights that you provide.
The past year has seen its share of newly emerging or persistent threats that security and IT executives need to be aware of and in many cases defend against.
Moving to an as-a-service computing model is inevitable and the discussion across enterprises is no longer just about risk but rather the speed by which services can be delivered to achieve competitive advantage.
A steady increase in corporate purchasing through the first three quarters of the year hints that enterprises are already rethinking how far BYOD programs will be allowed to expand, according to Strategy Analytics.
Many organisations have no formal plan for coping with DDoS attacks, lack up to date network maps, and probably depend on old technology to defend against the threat, a survey by Corero Network Security has suggested.
Cloud adopters face serious risk in the next two years because of the strong possibility that their provider will be acquired or forced out of business, the research agency says.
"We're seeing a significant amount of traction today in the hybrid world," said Kerry Bailey, an HP senior vice president for HP cloud services.
Dell Software has introduced a suite of software and services for enterprise mobility management, including a "secure workspace" for mobile devices that lets enterprise IT managers separate work from data apps.
Oracle has launched the fifth version of its Exadata database appliance, claiming the release provides in many areas double the performance of previous-generation machines.
Businesses are moving fast to address the demand for both employee- and customer-facing mobile apps. However, there is a danger in rushing. Here are five ways to avoid pushing out a mobile app too soon.
Being able to lock your mobile device is important because, in many cases, it's your first line of defense. It may not be the strongest form of security but it's a start until mobile device management measures like remote wiping are put into play.
IT managers facing the task of explaining the business value of IT to the C-suite don't necessarily have an easy time of it. But eBay believes it has fixed this problem with a metric that translates IT resources into key business metrics
The ever-increasing complexity of data about IT environments is making it increasingly difficult for organizations to make effective IT decisions.
Humavox unveiled Eterna, a new platform that uses RF signals to wirelessly power the Internet of Things, especially medical and wearable devices such as hearing aids, smart watches and augmented-reality glasses.
Google has trashed its plan to build a data center in Hong Kong, according to a report by the Wall Street Journal on Tuesday.
Oracle is now a corporate sponsor of the OpenStack Foundation and plans to weave parts of the open-source infrastructure platform into its own products, saying it will give customers more flexibility and options for managing clouds.