Risk management for foreign visitors and business trips abroad
In order to limit risks during visits from abroad to sensitive locations, you are advised to prepare a visitor protocol. In the reversed scenario, a business trip to countries with increased risk profile, for instance due to participation in a conference, requires careful preparation and alertness.
Elements for a visitor protocol
- Require all visitors and delegations from abroad to be registered in advance by the staff members who will be receiving them. Do not grant access without registration. In addition, require all visitors to identify themselves upon entry and be registered and met at the reception desk.
- Know where certain visitors are and are not allowed to roam, so that it can be assessed in advance whether a visit can occur in a certain area.
- Announce visits to sensitive areas to colleagues in advance, so that they can take this into account.
- Never leave your visitors alone (and especially not in sensitive areas). They should always be accompanied while on your premises.
- Clearly inform visitors that they are not allowed to take photographs or videos at the site without permission or ensure that all equipment in sensitive locations is stored away (e.g. in a safe).
- Determine in advance what is and is not to be shared with the visitor or visitors and steer all information-related discussions during the visit away from subjects related to the security of information security or sites.
- For highly sensitive investigations/places/sites, it is better not to receive visitors, or to exclude visitors from countries with increased risk profiles.
Elements for a protocol for business trips to countries with increased risk profiles, prior to departure
- Take only a minimum amount of confidential (or other) data with you on the trip.
- Decide in advance what will be contained on the data carriers that you will take. If files containing sensitive information are stored on your laptop but will not be needed during the trip, transfer these files to another computer before you leave, or take another laptop with you on the trip.
- The same applies to your mobile phone. Delete the call history before you leave or take a different phone on the trip.
- Use passwords and/or access codes on all devices and turn them off whenever possible. If a device is activated, you are particularly vulnerable.
- Always disable the Bluetooth function on your phone and laptop.
- Always take confidential information and data carriers (e.g. USB sticks, smart phones) in your carry-on bag, and not in your checked luggage.
- Exercise caution when conducting confidential conversations on board of planes, trains or in other public spaces. For example, some airlines have close ties to intelligence and security services. The same could apply to other passengers.
At the destination
- Protect confidential information. Do not leave confidential data behind in places where they could be seen by others. The same applies to your hotel room or hotel safe.
- Never simply hand over your laptop or telephone to others, and always make sure that you are able to check whether someone has seen your information.
- Be selective in providing information. Apply the ‘need-to-know’ principle with your contacts: do not tell your conversational partner any more than is absolutely necessary. The same applies to conferences or meetings to which you have been invited as a speaker.
- Exercise caution with any USB sticks purchased or received for free at conferences or events. This is an easy way to install malware on your laptop.
See also the AIVD flyer ‘Travelling abroad – safety risks’.