“Organization must develop an exclusive executive protection plan to protect senior executives from cyber threats.”
The senior or C-level executive protection forms a key component of an organization’s overall risk management strategy. Executive protection has developed as a mature professional service; however, at present its scope is limited to physical protection. Web revolution has transformed the way an organization works, giving rise to a wide range of cyber threats. Hence, the current vision of the executive protection plan needs to evolve to include protection from cyber threats.
The senior or C-level executives of organizations operating in critical sectors like energy, nano-computing, oil and gas, next-gen mobile technology, public service departments, banking, and defense are easy targets of cyber threats as their log-in credentials provide immediate access to critical data. As a senior executive, you should be extra vigilant while travelling to adversary countries, which may wire your hotel room or bribe the cab or hotel room service provider to get access to any information possible. The Wi-Fi network of a hotel can also be compromised to get access to your internet session. Thus, an executive protection plan must include defense against cyber espionage activities. Senior executives must be extra cautious while travelling to countries which are considered high risk areas.
Cyber security – a vital element
Every organization has an information security policy to ensure that the IT infrastructure is updated with the latest antivirus, firewalls and other critical security controls. However, the security policy might not cover executive protection. Therefore, the organization must develop an exclusive executive protection plan to protect senior executives from cyber threats. Huge multinational companies with several chief executive officers, vice presidents, and directors, especially require executive protection plans, imbibing cyber security.
To start with, an organization could implement the following measures as part of its executive protection plan:
- Do not allow senior executives to carry work laptops when they are travelling.
- Provide a second laptop to the executive that never connects to the home-office network (company network). This laptop should preferably carry as less work files and applications as possible.
- Avoid carrying highly vulnerable and targeted applications on such laptops, such as Adobe Acrobat Reader, which is being targeted by several hackers. Instead, use an alternative PDF reader.
- The executive should try and avoid keeping crucial information on the travel laptop. Important files, presentations, and critical information should be stored on encrypted flash drives which should be carried at all times by the executive.
- Conduct a forensic analysis of the travel laptop once the executive is back.
Given the range of risks involved, a chief information security officer managing an executive protection plan must know that protecting an individual is different from securing a facility. A proper risk assessment exercise would help create a profound executive protection plan, involving cyber security.
