Companies and organizations have found themselves adapting to the ever-changing environment as life slowly eases back into pre-pandemic circumstances. A change in workplace protocols over the last two years has called for companies to reassess their executive protection programs, corporate office security, and emergency crisis response plans.
As a result, we are seeing a growing trend of organizations restarting or enhancing existing security policies and programs with an Independent Security Study (ISS).
An ISS, that aligns with the parameters of IRS Code 26, Section 132, is a holistic, executive-risk assessment that evaluates the security measures in place to protect the principals of an organization, such as the C-suite and members of the Board of Directors. The ISS assesses risk of their homes, offices, digital footprints, and their safety while traveling.
This increased interest has come from two distinct types of clients. First, organizations that have grown substantially in a short amount of time or have recently gone public. These organizations may have minimal internal security, perhaps a small team comprised of a Chief Security Officer and one or two other members.
This minimal team is expected to provide safety and security to potentially thousands of employees. They are often inundated with daily emergencies that prevent them from doing a strategic analysis of their security program. In this instance, the ISS offers a roadmap to a vastly improved program by making specific recommendations.
The second type of organization employing an ISS is an established, large organization that already has a significant internal security team. The security leaders in these organizations understand the value of having an independent consultant conduct a full analysis of their programs. These organizations are willing to undertake programs that support constant improvement and do not subscribe to the notion of “this is the way it’s always been done.”
Their primary concern is the safety and well-being of their principals, and they are willing to highlight areas for improvement to achieve that goal. The ISS is a joint exercise with key stakeholders to achieve a cohesive program by providing a baseline assessment and recommendations.
Elements of an ISS
Most people believe executive security narrowly consists of executive protection agents and security drivers. While having the right personnel is of critical importance to the executive protection program, there are other equally important facets to a robust program. As an added benefit, companies may also be able to take advantage of tax benefits associated with implementing security services identified as a need by an ISS.
The ISS includes the following:
Threat Profile Analysis. Evaluation of open-source information to determine the principal’s level of exposure and availability of personally identifiable information to potential bad actors. The ease of access to this information informs the nature and credibility of existing and future threats to the principal. This includes a probability and impact analysis represented by various threat vector scenarios.
Travel Security Assessment. Evaluation and analysis of the risks specific to the principal’s mode and means of travel, including consideration for local and long-distance travel, drivers, executive protection details, flights, locations, storage of private aircraft, watercraft and/or motor vehicles, accommodations, communications, and planning.
KR&E Insurance Evaluation. Evaluation of the specific existing and future requirements for kidnap, ransom, and extortion insurance for the principal.
Security Assessment. Physical security evaluation and analysis of the defensibility, architecture, electronic security systems, infrastructure dependencies, operations, staffing, communications, and alarm monitoring and response elements of the overall security program at the principal’s residence(s), primary office, and any corporate transportation hubs.
The ISS Is Complete – Now What?
Once the ISS has been completed, there will be numerous recommendations to improve the security posture for the organization. While the report is an important diagnostic tool, it will not necessarily decrease risk unless the recommendations are implemented. While all recommendations are of value, two areas which can have added significant impact are physical protection and online vulnerabilities.
Public Appearances and Private Lives – Causes for Concern
Publicized meetings or speaking engagements are regarded as high-risk scenarios, where there is an elevated security concern in protecting executives. If any specific threats have been identified or depending on where the public engagement is taking place, more security personnel may be required.
It is critical to do an advanced evaluation of the scope and specifics of any speaking engagement or previously planned events, especially given that many cities are now experiencing higher crime rates than previously reported.
Pre-planning for these types of events is always challenging. This is especially true when the events are held in international locations on multi-country trips. The threat profile of New York City is different than Buenos Aires and we must always stay attuned to the ever-changing risk environment.
Combatting Online Threats
The ISS includes a thorough review of the principals’ online presence, and we have found that in nearly all cases, the principals are alarmed at the information available on them, particularly that which is aggregated from information they and/or their family members have shared.
As an example, a principal’s residence is a matter of public record, but finding the physical address no longer requires a visit to the county courthouse and flipping through deed records. Online databases collate this information in a central location, along with phone numbers, emails, vehicles, business affiliations, and more. Reports can be obtained inexpensively or, in some cases, are free and available to anyone at any time.
Of great concern is that many online real estate companies, such as Zillow, Trulia, and others, contain images of the home from the last time it was placed on the market for sale. The furniture may have changed, but individuals can easily identify the presence of any security hardware, the internal layout of the home, and potential access points or locations where valuables may be stored.
Principals with unsecured security cameras, such as baby monitors, may also have additional vulnerabilities—as one family found out when a hacker pretended to be Santa Claus when speaking to their daughter through a Ring camera.
Conclusion
The world has changed since before the coronavirus pandemic and so have the types and levels of security threats. As executives return to the office, visit clients in and out of state, and conduct international business travel, a higher level of vigilance has become necessary.
Conducting an ISS should be a major factor of any business’ return-to-office planning. As we slowly enter the next phase of the hybrid-work lifestyle and as corporate travel and speaking engagements return, the security of corporate executives should be given high priority.
Matthew Peters is Vice President of Protective Services and Cody Shultz is Director of Private Client Protection at Guidepost Solutions.
The information contained in this article is provided for informational purposes only and should not be construed as tax or legal advice.