Does corporate security stop when execs leave the office? asks Peter Clements of consultancy Templepan Security Systems Ltd. He continues his series on counter-surveillance.
There is a famous hotel in London whose meeting rooms I inspected before a conference. The meeting was to negotiate a major exploration contract and the stakes for those present could not have been higher. Two hours before the meeting I visited the room simply by asking reception where the meeting was to be held and I was politely directed accordingly. The unlocked room was already laid out and even had the delegates’ names on the tables. I noticed that confidential data packs had been placed in a corner of the room ready for the meeting. I was now totally alone in this room and left to my own devices. I carried out my work without supervision and was questioned by no-one. I could have installed anything here: from a powerful listening device to something even more sinister.
There is a renowned hotel on the corner of Hyde Park which was recently chosen by a client for an extra-ordinary board meeting. I visited to carry out the technical sweep at 7am while coffee cups were being laid out. I just walked in past reception and did the sweep and no-one questioned me.
Why off-site
A company’s meetings are held off-site for two main reasons. Firstly to avoid emails, phone calls and other distractions; secondly, and more importantly, to conduct meetings in a closed environment away from the intrusion or interruption by interested parties. Most employees are anxious to know what is going on and are often apprehensive when high-profile meetings are held at the office and those not privy to the meeting become suspicious. The off-site meeting helps to remove these issues but at the same time reduces the security protection normally afforded by head office. Hiring hotels or conference facilities for meetings, especially in exotic overseas locations, eliminates the normal security measures to which the staff have become so accustomed.
Everyone knows what happens at the meeting. White boards, diagrams, flow charts, Blackberrys, mobiles and laptops are all in use and many of the presentations are delivered using radio microphones and other wireless communications. To eavesdrop this type of meeting would be easy. I have done this accidentally with a scanner when I stayed at a hotel in Manchester. During the morning I picked up the radio mike from a meeting there and could have listened to the whole proceedings. Almost any day you can walk around buildings in London and tune into meetings simply because the venue has provided radio microphone equipment which transmits well into the street and beyond. When lunchtime comes, laptops and papers are left lying around in the meeting room. In hotels there is rarely any effective security for delegates. Why is management so unaware of the dangers they face from possible information loss once they leave HQ?
Country houses and corporate management centres in lavish grounds are an ideal location for getting away from the normal office. The idea; to bring all the top brass together to relax, bond and perhaps let their hair down, all in the interests of better relations, to make staff more committed, to have full and open discussions about where the company should go for new markets and to develop new strategies. This is nothing new, but one significant aspect of corporate life is now missing. Neither the staff nor their discussions are protected with the level of security provided at head office, they are now away from all head office rules, regulations and are no longer in a secure environment. The conference facility is unlikely to provide security which would be effective against the risks these companies face. Even in the bedrooms there is no protection against conversations the those that use hotel phones, faxes and emails. Calls are routed though an unsupervised hotel switchboard which is totally outside the company’s control. It seems that management are confident that once the delegates have arrived and checked in, identity badges are all that are needed to ensure satisfactory security. Somehow all the security measures employed at the HQ building are now not really necessary. Why should they be required at head office when they are not required at the off-site meeting?
The major security risk is the spoken word in the meeting itself or perhaps outside before or just after the meeting. Are any of these venues swept for listening devices before meetings? Very rarely I suggest. As security co-ordinator for a large US corporation during a period when several contracts were being negotiated in several countries, I inspected each hotel venue. The meetings were only conducted after I had carried out a sweep of the rooms and, furthermore, these rooms were continuously monitored whilst the meetings were in progress. Land line phones were disconnected and removed from the room and mobile phones were not allowed and had to be handed in beforehand. Radio microphones were also banned. Many hotels and conference facilities have little understanding of this type of threat to their clients’ business.
It seems that neither parties at the off-site meeting are concerned with security. Hotels by their nature are open to one and all and members of the public are free to roam around. Imagine that scenario at HQ?
