Skip to content
Menu
menu

Illustration by Security Technology; iStock

Don’t Wait for a Tragedy to Implement Proactive Executive Travel Security

The need to safeguard executives during travel has never been more urgent. Geopolitical changes, criminal groups’ adoption of artificial intelligence (AI) tools, and the ability to send money quickly via digital currencies are changing the threat landscape.

Geopolitical changes make it easier for criminal groups to slip through the gaps by moving to environments—either physical or digital—that are becoming increasingly unstable and lack a strong rule of law, offering a safe haven to organize and work.

Digital currencies then allow these groups to move money around quickly, leaving all but the highest funded law enforcement agencies unable to quickly respond. To compound matters, AI tools provide a way for criminals to rapidly develop and deploy new, malicious software.

As a result, over the last five years there has been a rise in corporate awareness and spending on security. This ranges from concern for executive teams and corporate security to funding security for top executives, like Meta CEO Mark Zuckerberg’s more than $23 million security bill.

Organizations can no longer wait for a tragedy to reassess their security approach. Proactive, dynamic security measures are essential—especially for companies in high-risk industries, such as banking, and industries with travel to high-risk regions, like oil and gas.

Instead, a continuous improvement model is crucial to ensure protection protocols remain effective against emerging threats.

Understanding the Emerging Threat Landscape

The interconnectedness of the global business world has introduced a range of security threats, both physical and digital. Cybercriminals exploit vulnerabilities in systems and human behavior, while geopolitical instability and civil unrest create additional physical risks. From AI-driven cyberattacks to sophisticated surveillance tactics, the threats faced by executives while traveling are diverse and evolving.

Criminals now deploy hybrid tradecraft more effectively against their victims to ensure they are blending in with legitimate physical and technological interactions. This includes legitimate QR codes in restaurants and hotels being replaced by criminal groups with malicious ones to infect devices; use of AI and machine learning to create deepfake audio on phone calls pretending to be a hotel or business contact to collect valuable insight; and stealing devices without encryption to compromise the victim’s corporate network and digital identities. 


Organizations can no longer wait for a tragedy to reassess their security approach.


The question is no longer whether threats exist, but how can companies continuously adapt to an ever-changing threat environment. Security measures must be dynamic and responsive to location, industry, and individual roles. A one-size-fits-all solution is no longer feasible.

Pre-Trip Security: Mitigating Risk Before Departure

Many travel risks can be mitigated before the executive even departs. Key elements of a pre-trip security plan include:

  • Know the destination. Research each destination thoroughly to understand local threats, both digital and physical. For example, investigate local cybercrime trends, transportation safety, and areas of civil unrest. Ensure you are aware of any specific risks tied to the region. 
  • Understand digital threats. Some countries may have different digital security standards. For example, certain nations may use different alert systems, which could lead to social engineering schemes. Be aware of these variances to protect against phishing and malware attacks.

  • Provide safe apps list. Create a list of trusted apps for transportation, communication, and other travel needs for each destination. Avoid apps that could inadvertently reveal your location, like loyalty programs or shared ride services.

  • Physical safety awareness. Be aware of the risks associated with public transportation and unfamiliar areas. Pre-plan safe routes and ensure executives are familiar with potential threats. In some regions, using public transportation is an absolute “do not use,” so transportation requirements are essential to plan ahead of departure.  

  • Provide clean devices. Personal devices can expose sensitive information, so executives should use clean devices—free of personal data and apps—during business travel. Never use personal devices for work-related tasks. Ensure that work devices are secured with strong passwords, restricted settings, and virtual private networks (VPNs)—adhering to the organization’s infrastructure requirements.

On the Move

When an executive travels, security teams need to ensure that people, processes, and technology are all in place to maximize the safety of personnel throughout every phase of travel. This includes the ability to enhance situational awareness and preparedness for crisis management, as well as executives’ awareness of their own security stature. 


Security measures must be dynamic and responsive to location, industry, and individual roles.


Situational awareness. Twenty years ago when traveling to a region of high conflict, executives would be pre-briefed on the risks in the area, briefed again on the ground, and provided maps with the location of safe zones and secure communication devices with contact numbers already programmed. This was largely a manual process, which left much responsibility on the executives and their teams in those environments to maintain their awareness without dynamic updates.

Today, the use of commercial technology can significantly enhance situational awareness and safety by relaying updates via digital platforms, including mapping on secure devices to show risks in real-time; geofencing, customizable geographic areas that can be designated as safe, high risk, or anything in between; and alerting that can be sent out to one person or multiple teams anywhere in the world.

There are multiple platform options, but a key consideration before implementation is a travel risk assessment. Real-time data from open-source intelligence (OSINT) sources like live maps, weather alerts, local news, and emergency notifications can be aggregated for a common operational picture to improve awareness and identify potential threats and emerging trends.

Personnel logistics and GPS tracking capabilities should also be considered. Modern security software, applications on phones, and personnel travel logistics platforms offer options to greatly improve situational awareness by providing the ability to track the location and movement of personnel.

It’s important to explore options for passive (geolocation off) and active (geolocation on) tracking to determine what best suits an executive’s needs.

Active tracking provides real-time monitoring and updates for immediate decision making, empowering teams to respond at the speed of relevance. Passive tracking can be used to log data throughout the travel process and is more suitable for less time-sensitive situations.

To ensure efficiency and that all staff are accounted for, a logistic platform can check-in and check-out staff from location to location, flight to flight through ground transportation and hotel arrival, so that even in areas of poor digital communications, executives and their staff can be traced along the course of their journey—even during flights to be aware of any real-time risks that they may encounter at the next destination.

Crisis management. Response time is critical in any crisis. A duty of care program should include tools to support immediate action to all staff out in that environment. Real-time tracking and 24/7 support should cover teams of people with the ability to communicate with one person or several groups at once. In case of an emergency, these resources ensure that an executive and his or her team’s safety—across state lines and even across multiple countries—is easy to manage and prioritized promptly.

The ability to communicate with the security team securely in real-time is paramount. Contemporary security platforms and mobile phone applications include mobile duress capability, allowing executives to send an SOS and location via their phones if they are in danger so their security teams can react immediately to bring them to safety. Some applications support more passive tracking so that the individual isn’t being tracked until an SOS is initiated on his or her mobile device and, at that point, GPS location and SOS are sent to the security team.

Modern platforms can also synchronize efforts to protect executives and their teams with local emergency services close to them. One way this done is through providing real-time updates on traffic, weather, and other incidents to be avoided while simultaneously directing teams to the most appropriate emergency service based on need. For example, an important update on a traffic jam—and suggested re-routing—could be the difference between life or death in getting necessary medical attention.  

Safety stature. Executives and security teams can improve their safety stature while traveling by engaging in several activities, such as pattern of life disruptions. Alter routines to minimize the risk of being targeted and harmed during regular, daily activities.

Simple changes—like taking different routes or varying departure times—can make it difficult for adversaries to predict executives’ movements. Artificial intelligence (AI) and machine learning (ML) capabilities can automate this process by generating new routes, highlighting risks, and adapting to changes in the environment in real-time.

Also consider real-time surveillance measures. Monitor areas in real-time, identify suspicious behavior, and alert the executive or protection team. While this can be accomplished manually, adding the pattern of life AI/ML capabilities to this process makes surveillance more efficient, capturing and highlighting previously unseen risks. This also allows companies to operate on a far greater scale—protecting executive teams in multiple places in real-time.

Finally, travel with a colleague or security personnel. Two sets of eyes are always better than one.

Executive Education  

Regardless of where an executive travels, he or she should be briefed on and then use basic security and best practices. Many of these steps, though simple, can be overlooked:

  • Avoid unknown Wi-Fi. Connecting to unsecured networks exposes sensitive data to cybercriminals.

  • Limit downloads. Downloading unfamiliar apps, especially in countries with different security standards, increases risk.

  • Engage in social media security best practices. Understand and use basic social media security measures, including strong and unique passwords and Two-Factor Authentication. Also, limit posting of personal details, restrict access to personal profiles and story details, and avoid using shared devices to log in to accounts.

  • Avoid posting to social media. Sharing real-time travel details can alert potential attackers to an executive’s whereabouts. 
  • Use RFID protection and anti-theft bags. RFID-blocking wallets prevent electronic pickpocketing, and anti-theft bags protect valuables like passports and electronics.

Staff Awareness and Training

Ongoing staff training is essential to ensure that everyone is aware of the latest threats and security measures. Security personnel and IT departments should undergo monthly training to stay informed about new risks, common cybercrime techniques, and best practices for dealing with tech-based threats.

As mentioned previously, executives themselves should routinely receive training on how best to protect themselves and their devices for the locations that they are travelling to. In addition, they should be regularly updated (even before each trip) on how to contact their security team in case of emergency—such as use of SOS and other security capabilities.

Avoid using lengthy PowerPoint presentations or generic documentation for these trainings. These formats can overwhelm executives with too much information, create complacency, and cause lack of interest or importance in the information being provided.  

Continuous Security Assessments

Security assessments should be a regular part of any executive protection program. At a minimum, reassessments should be conducted quarterly.

In addition, companies must keep their security measures up to date with emerging risks. This includes adapting to new cybercrime techniques, such as public charging stations being used to spread malware, and responding to the latest digital threats, like QR code scams that trick executives into divulging sensitive information.

Every assessment should include device assessments to ensure devices are not vulnerable. Do this quarterly or when new threats are discovered.

A comprehensive executive protection strategy must be adaptable and evolve with different types of travel, locations, and emerging threats. With the right planning, technology, training, and assessments, companies can prioritize the ongoing safety and security of traveling executives and personnel—rather than waiting for a crisis to prompt action. 

Anthony Jeapes, PhD, is the vice president of customer success at Knowmadics. He spent nearly 20 years working for the British government in a variety of intelligence and law enforcement agencies, including running digital evidence collection teams. Later, he was deployed overseas as a diplomat to cover a range of projects in partnership with the Drug Enforcement Agency (DEA), U.S. government agencies, and host nations to assist their law enforcement, military, and intelligence agencies. This work covered a wide remit from officer protection and surveillance to open-source intelligence and application of other digital platforms needed for operational success.

arrow_upward