Business travel, whether domestic or international, is an inherent and often necessary part of many employees’ professional lives. Whilst this can be very enjoyable, viewed as a perk of the job for many people, it does expose the employees to additional risks, driven in part by sending people to environments they may not be familiar with. The question is, therefore, are companies doing enough to help safeguard business travellers as they fulfil the organisations’ duties in unfamiliar territories? The quick answer is that in my experience some do, but others fall short. In this article I will introduce some of the considerations that need to be made by an organisation, and pose a few questions that travel security programme owners and business travellers could ask themselves or their colleagues by way of a benchmark. The list is by no means exhaustive, but should serve as a good starting point to test the waters and perhaps prompt a review.
Having managed the global travel security programme for a multinational company for over 10 years - involving liaising with a multitude of fellow security professionals and service providers - I have a good understanding of what a thorough and resilient travel security programme should look like, tailored to suit the needs of the organisation. There is a plethora of services a company could employ to support and help safeguard their staff, and, likewise, there are a multitude of different individuals and companies who may require such services. To that end it must be recognised that one size does not fit all; the company must provide a service that suits their needs, based largely, but not wholly, on organisational complexity and risk exposure.
As alluded to in the opening paragraph, one main differentiating feature of business travel, as opposed to travel for leisure, is that your company is sending you somewhere on their behalf. I’m not suggesting that you are going unwillingly, though I can say with some authority that some are dragged on to the aircraft kicking and screaming. What I’m referring to is that as the company is sending you on a trip they have a duty of care to ensure you are not exposed to unnecessary and potentially avoidable risks.
Factors such as size of organisation, number of travellers, destinations routinely travelled to (and from) are the more obvious ones that need to be assessed as a travel security programme is designed and implemented, but considerations should also be given to more nuanced influences, including company culture, risk appetite and whether the company’s public profile adds additional risk exposure. If, for example, you work for a company whose name has been dragged through the mud in the press recently, is it wise to travel displaying your company’s logo on clothing or on your luggage? Maybe, maybe not, but it should be thoroughly assessed and the recommendations, or clear direction, shared with those who need to know.
Now, let’s take a quick look at some of the questions a business traveller could ask themselves and their company, concerning the duty of care that has been extended to them. By “their company” I mean travel managers, corporate security teams, senior managers’ or teams’ assistants. Additionally, it may be a good exercise to discuss this with corporate lawyers, given that they will likely be involved in the aftermath of an incident, particularly if the company was accused of being liable for not demonstrating a duty of care to travellers or international assignees.
Do you have a travel security policy?
Do you track all travel bookings, including transport methods and accommodation?
Do you know where all travellers are at any time?
Do you maintain a list of contact details for travellers?
Do you provide information and advice about the traveller’s destination(s), including security and medical risks, and advice on appropriate onward travel?
Do you have a means of restricting or banning the use of certain airlines or hotels?
Do you run or contract a service to monitor the threat and risk environment for travellers, and detecting incidents or events that could negatively impact them?
Do you have a means of proactively warning travellers of an incident in their vicinity and advising them what to do?
Is the means of contacting potentially impacted travellers robust and reliable, using a number of independent modes?
Do you have a means of accounting for travellers in the event of a serious incident? If yes, is this automated?
Do you have a training and awareness programme for travellers?
Are employees and their managers aware of their responsibilities concerning security during business travel, including personal and information security, as well as safeguarding company reputation?
Do you provide advice or guidelines of keeping sensitive information and data secure during travel?
As stated earlier, this list is far from exhaustive, but is a good starting point. Also, I wouldn’t expect the answer to be yes for everyone, due to reasons already discussed; it just might not be needed. However, there are some services I would expect to see as a minimum in all organisations, and if needed, I am always here to support in the form of a benchmarking exercise, designing an appropriate programmes, recommendations for services or provision of employee awareness training. On the latter point, I offer a very comprehensive modular training package that can be delivered to individuals or groups, face-to-face or online.