Lesser-known threats and vulnerabilities: What executive protection pros (and everyone else) need to know


July 25, 2019 - By Christian West & Martin Nielsen

Tags: ,

When many people think about the risks that executive protection helps mitigate, they quickly conjure up images of threats they have seen in the media. Home invasions, pushy paparazzi, kidnappings, and public attacks all come to mind. And of course, these are all threats that executive protection professionals and their clients must take seriously.

But beyond what some might call “the usual suspects” exists a range of threats and vulnerabilities that deserve more attention than they get. Some of these are things we have written about before. Others, as you will see in this blog, are considered outliers but occur more frequently than you would think.

We hope this blog will cast some light on these lesser-known threats and vulnerabilities so EP clients and practitioners can consider them as they plan and implement comprehensive protection programs. Even if you’re not in the executive protection industry, awareness of these lesser-known threats and vulnerabilities is the first step towards mitigating them.

Find more information about our approche to executive protection here

Medical emergencies and traffic accidents: High-probability, high-impact – and low-attention

That medical emergencies and traffic accidents are the most likely risks facing our principals and practically everyone else should come as no surprise. We have written about both topics (see, for example, Secure local transportation: The missing link of executive travel or Medical training and tools for corporate executive protection, to mention just two), as have many others.

We won’t go into all the details of how executive protection professionals should mitigate the risks of medical emergencies and traffic accidents here. Suffice it to say that there should be a trauma medical kit in the car, and agents and drivers should know how to use it by undergoing training, then keeping these perishable skills fresh through sustainment training.

Everyone on the road, really, should have accident avoidance training. So should security drivers, of course, in addition to more advanced training.

Finally, here are two tips that everyone should follow:

  1. 1. Don’t use a cell phone while driving, whether texting or talking, with or without hands. Distracted drivers are not good drivers.
  2. 2. Eliminate or reduce loose items in the car. Surviving a rollover only to be hit by a bottle of water (or that medical kit we just talked about!) moving at 80 mph is a preventable tragedy.

Connectivity is great. Until it isn’t.

Of course, you already knew that using public Wi-Fi hotspots is risky, and take the appropriate precautions, right? No? Oops.

The good news is at least everything is safe at home, where access to your Wi-Fi requires a secret password, right? Sorry, more bad news. Although you might have a hard time recalling that password, determined hackers don’t even have to remember. Whatever the motive, and it’s seldom benign, the means and the opportunity are only a few clicks away. Try googling “how to hack wifi” to get the first 1.7 million tips.

Getting your Wi-Fi router hacked is bad because everything between your at-home devices and the internet first passes through someone else, who can intercept and then use your passwords, bank information, emails, browsing history, etc. But everything else in the connected home (or office, or car…) can also be hacked. We’ve written about up- and downsides of the Internet of Things (IoT) relative to executive protection before, and about the risks of smart hotel rooms. It’s safe to say that the smarter our homes get, the smarter we have to be to mitigate the risks of the connected home.

Stalkers have also been known to harass and threaten their victims through Wi-Fi hacking. This can range from installing spyware on victims’ computers and phones to watch and listen, or even switching a family’s Wi-Fi name so children and parents alike are met with a new, nasty Wi-Fi name every day when they come home. Click this link to see the FTC’s technology tips for domestic violence and stalking victims.

But wait. There’s more. So far, we’ve only touched on the risks due to all of the devices we plug in ourselves. What about the threat of someone else planting bugs and other listening/viewing devices into our homes, cars, and meeting rooms? Welcome to the world of electronic eavesdropping, another risk that is often overlooked in otherwise solid executive protection programs. Learn more about this risk, and the Technical Surveillance Counter Measures (TSCM) that mitigate them, here.

If they can reach the principal with a milkshake, what about acid?

Milkshaking, like egging and pieing before it, are forms of protest which, depending on one’s opinion of the person who gets covered in something sticky, are variously excused as political theater or condemned as political violence. They are all assault crimes.

Whatever the intent, and whatever the substance thrown, such made-for-media attacks are aggressive and alarming violations of personal space and dignity that no one wants to endure. What is more, their political message has an ominous subtext: You are vulnerable. If we can do this to you, we can do even worse things.

Acid attacks could be one such escalation. Although commonly associated with poorer parts of Bangladesh and India, acid attacks have been carried out in dozens of countries, not least the U.K. Acid attacks in London increased six-fold in six years between 2012 and 2017. Counter to popular conceptions, according to the London Metropolitan Police the victims and perpetrators represent a broad swath of ethnicities, with white Europeans far outnumbering Asians as both suspects and targets.

Powders, explosives, and other mailroom threats

While snail-mail correspondence might be dwindling, online sales and parcel deliveries to homes and offices are booming. The convenience is appealing, and every year we get more and more goods brought right to our door. Between 2014 and 2018, e-commerce sales in the US increased by 72%.

 

Image and stats by Statista

At the same time, the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) has documented that the number of suspicious and unattended packages reported in the same period has grown apace, with a near-identical increase of 68%.

Image and stats from United States Bomb Data Center Explosives Incident Report 2018

Of course, correlation is not causation, and many variables underlie these statistics. However, as the table below shows, it is clear that the number of incidents caused by mail and courier deliveries is on the rise. “Letter/Envelope” incidents increased by 77% from 2017 to 2018. “Package/Parcel” incidents increased by 99%. And these are only the incidents that get reported to the ATF.

Image and stats from United States Bomb Data Center Explosives Incident Report 2018

Interestingly, “Powder (Without Envelope)” incidents increased by 22% from 2017 to 2018. While many so-called “white powder incidents” are hoaxes, some are not. In any case, these incidents cause serious disruptions due to precautionary HVAC shutdowns and staff evacuations. Unlike the newcomer RaySecur, older mail scanning devices do not even pick up powders.

Many Fortune 500 companies have experienced mail threats, as have many smaller companies. All it takes to shut down an office building, be it in a suburban strip mall or a high rise in a central business district, is a suspicious parcel or a letter containing some unknown powder. Already this year, extortionists have used white powders to blackmail Danish food companies and Italian coffee companies. Law offices large and small are also frequent victims.

But even if a principal does not have a mailroom, “mailroom threats” are something that all executive protection professionals need to take seriously. The threat extends to any residence, high net worth or not, but prominence definitely increases the risk.

Swatting

Another hoax that can have extremely disruptive – and even fatal consequences – is swatting.

This entails calling an emergency service to falsely report a serious incident that requires rapid deployment of specialized law enforcement personnel, SWAT teams. Such incidents could include bomb threats, hostage situations, murders, and mentally ill people brandishing weapons. Sometimes inspired by online games, the intent is to trick law enforcement officials to deploy heavily armed SWAT teams to the residence or business the perpetrators wish to harass through disruption of business, public embarrassment, or accidental harm to innocent people.

Swatting is a criminal offense in many countries and is unfortunately on the rise. As The Economist recently reported, in the U.S. alone this dangerous hoax has increased from an estimated 400 annual incidents in 2011 to more than 1,000 now, and has targeted numerous celebrities, including Paris Hilton, Miley Cyrus, Justin Bieber, Russell Brand, Tom Cruise, and Clint Eastwood.

More to come

That’s about all we can cover in one blog, so thanks for reading if you made it this far.

We’ll dig into some of these lesser-known threats – and how to mitigate them – in later posts. And new threats will surely develop in the future.

Let us know what you think: Are there other lesser-known threats that you believe deserve more attention? Ping us on social media to respond!

 

Photo by Ethan Hoover on Unsplash

Christian West

Founder and CEO

Christian has been active in the executive protection industry since the late 1980s, when he worked for Danish musicians who relocated to Hollywood. Upon returning to Denmark, he founded his own EP company, which he quickly grew into Scandinavia’s largest, before it was acquired by Securitas.

Christian founded AS Solution in 2003, and again in 2009 followed his international clients to the US, where he is now based. An active member of ASIS and a leader in the corporate executive protection industry, Christian has personally planned and led high-profile engagements in over 76 countries for a wide variety of corporate and high net worth individual clients, including the international roadshow for the biggest IPO in history.

Martin Nielsen

Martin Nielsen

Executive Protection Operations & Executive Projects Manager

With over 18 years of worldwide experience in executive protection, physical security, and security operations management worldwide, Martin has participated in, led, planned, managed and executed security details in more than 65 countries. He has held positions from team member to detail leader, SAIC, operations manager and assistant director. Martin’s experience with security for ultra-high net worth individuals and corporations also includes program design, recruiting and training agents, technology sourcing, system and GSOC design, SOP and TTP development, and creating training programs for EP agents and other security professionals.

Martin believes in being on the forefront of technology, and keeps up on the latest developments within everything from access control to drone and counter-drone technology.

Passionate about developing both hard and soft skills for himself and others, Martin has consistently sought the best training ever since he started in the industry. He is a graduate of more than 35 courses.

Martin’s current role at AS Solution supports senior management in a variety of ways, including protection program data analysis, handling client information requests, organizing and coordinating outreach and external relations efforts, improving EP training programs, and overseeing special projects from conception to completion.