June 05

Medellin Secure Transportation Services - Exec Secure

Secure executive transportation ser [...]

ETS Security Overview – Medellin

Colombia has been improving the quality of life through foreign investments and improvement of the infrastructure, especially in Bogota (the Capital) and Medellin. Street crimes targeting business and leisure travelers are still a concern, poor road conditions outside the main cities and overwhelming traffic especially in Bogota, Medellin and Cali, are considered a significant risk.

On January 17, a VBIED carrying 80 kilos of explosives detonated in a parking lot at the Colombian National Police Academy (Escuela General Santander). There were 21 fatalities and over 65 injured. The majority of victims were Colombian police cadets; three foreigners are also reported among injured and deceased.  

Bogota did not see such a level of violence in over a decade. The residents of both Bogota and Medellin, lived in fear of bombings for nearly 40 years through the Drug Cartels turf war to dominate the Cocaine industry. As the Colombia conflict wound down through a series of “cease fire” and peace agreements in 2016, security improved but attacks continued with less frequency. The ELN (Ejercito de Liberacion Nacional de Colombia) have not respected a verbal standoff with President Duque and increased attacks on police targets.

The conflict between the Colombian Government and two leftist terrorist organizations, the FARC (Fuerzas Armadas Revoluzionarias de Colombia) and the ELN (Ejercito de Liberacion Nacional de Colombia)  in addition to several armed right-wing paramilitary organizations turned into mere organized crime, deprived the country of resources, cost hundreds of human lives and heightened the risk of terrorism-related activities, including kidnappings and bombings.

All clients utilizing our services get free access to the ExploreSecure® Travel Security Training.

Colombia Secure Transportation and Executive Protection Services

ETS Risk Management has been providing secure transport, Executive protection services, and private travel security company services in Colombia, for eight years. Our local security team is highly vetted and experienced and whether it’s a security transfer from the airport, a corporate event, or a protective detail with armored vehicles and armed close protection officers, we can assist.

Our clientele includes Energy corporations, Fortune 500 companies, Media outlets, NGOs and High Net Worth Individuals (HNWIs). From our bases of operation in Bogota and Medellin we are able to provide intelligence-led risk assessments and travel risk management solutions. Our capabilities also extend to Cali, Cartagena, Santa Marta and San Andres island.

ETS Security Experience in Colombia

ETS has been coordinating secure ground transportation and close protection services for Corporations, Energy companies, NGO’s, Media Organizations and HNWI’s. We have managed logistics and secure transportation for large groups of executives attending high profile corporate events, acquisitions and developing new partnership and expansion plans. ETS conducts risk assessment and due diligence as part of a comprehensive security plan to support the clients every step of the way. Our local team of security experts bring a great deal of experience at government and commercial level and has the capabilities to assist no matter the complexity of the assignment.

Secure Airport Transfers Medellin

A large number of clients utilize ETS to facilitate secure airport transfers, inlcuding meet and greet services, and armored vehicles, as well as English speaking armed security officers, if preferred.  We facilitate security transfers in all cities throughout Colombia and our competitive pricing complemented with a world-class local security team and vehicle options ensures the very highest standard and value.

Our local security specialists, include both trained drivers and close protection officers, English speaking and highly experienced. We are able to leverage British Expatriates based in-country stemming from UK special forces background whose knowledge of the territory and the local culture add tremendous value to the quality of our services, enabling client’s operations at every juncture. These have been used to great success for site security surveys, risk assessments and intelligence.

Armored Vehicle Rental Medellin

Our secure transportation network has a full range of non-armored vehicles and also low profile and armored vehicles with English speaking security drivers. To learn more about Armored Vehicle Rental Considerations and how Armored Vehicle Ratings work please click on the corresponding hyper-link.

Security Services Offered in Medellin

  • Secure Ground Transportation
  • Unarmed/Armed Security officers
  • Unarmed and Armed Executive Protection Personnel
  • Local Drivers – Spanish & English speaking
  • Armored and Non-Armored Vehicles
  • Site Security Surveys
  • Risk Assessments
December 24

Here Are Ways To Cyber Security Services Better

How often though do we stop to consider how the use of social media can itself create or contribute to a dangerous incident, and unwittingly place innocent people in harm’s way? As we feel more and more at ease sharing details of our travels with wide groups of online friends do we really understand the level to which that information can be exploited and in so doing set conditions for a severe compromise of the both our online and indeed cyber security and safety?



November 25

Cybersecurity In The Healthcare Industry: Threats, Challenges & Prevention

Discover the top tips for preventing healthcare da [...]

Return to Blog list

Cybersecurity In The Healthcare Industry: Threats, Challenges & Prevention

When was the last time you checked a piece of news about healthcare data being hacked?The healthcare industry is not out of danger caused by data breaches. In fact, the industry is increasingly targeted by cybercriminals nowadays. According to a report, “data breaches have been increased by 12% within the past five years, with the healthcare industry experiencing the highest costs at $6.5 million on average per breach.”

Therefore, healthcare practitioners cannot just take the matter of cybersecurity lightly. Time has come when they must give importance to it and invest in bringing betterment in digital security.

In today’s post, I am going to give you a complete overview about cybersecurity in healthcare industry – the threats caused due to cyberattack, the major cybersecurity risks in the medical sector, the possible reasons for which medical data gets hacked, and above all how healthcare industry can improve in the field of cybersecurity and protect their patients information. So, without further ado, let’s start the discussion.

Major Threats Caused Due To Cyberattack

Electronic Health Records (EHR) include various details about patients, such as the test results, medical history, etc. Thus, securing a health organization network is a major IT concern. Electronic Health Records have made it possible for healthcare professionals and insurance agencies to share important details. As a result, both can coordinate and facilitate insurance matters in an easy way. Indeed these records have helped the medical professional collaborate for meeting patient’s needs efficiently.

However, this interconnected nature of today’s healthcare industry has a downside too. It creates digital security risks. The shared medical details have improved the patient care process. But the same thing can put these patients at risk as well. Wider the healthcare network becomes, the more useful it is in delivering high-quality health care, but its details also become more inviting to cybercriminals.

But why healthcare centers have become easy targets for cyber threats?

There are a few reasons for this:

  • Healthcare networks can contain important financial information apart from patients’ medical records.
  • The network has entire personal details of everyone in some form, as there are hardly any people who do not consult a healthcare provider.
  • The way Electronic Health Records are interconnected, it signifies that hackers can have access to the information that can be collected under various patients’ names for a long time. Sharing these details is important for delivering the best possible care to the patients, but the same thing also makes all the networks very vulnerable targets for hackers.

And this vulnerability leads to compromise among the patients’ data. Due to lack of management, EHRs and other valuable details can fall into malevolent hands.

Below Are Some Possible Cybersecurity Threats:

1 Employees

Access to the patients’ information is easily available from the medical staff. There is no guarantee any employee will not illegally access the sensitive information.  The stolen information can be mishandled by criminals in many ways. They can do identity theft, make fraudulent purchases, or blackmail people with such information.

2 Phishing & Malware Schemes

These can plant malevolent scripts on a computer or steal sign-in credentials. And as a result, the whole network gets badly affected. One of the most common malware schemes is requesting sign-in information through emails from websites. Once a user gives the sign-in credentials, the hacker can sign in to the system. Diverse kinds of viruses will store the records-related information and automatically address it back to the actual host or allow it to get in action later.

3 Vendors

Medical professionals often have to work with different vendors without being aware of the associated risks. For example, if a cleaning agency is hired by a hospital, there is a possibility of that the agency’s employees get access to the hospital’s computers. While the personal details of patients should be safeguarded in such a way so that not all employees can view, it can not be guaranteed to keep the details completely secure since cleaning and other maintenance are important for keeping a health organization’s environment healthy.

4 Smartphone Devices

The medical facilities that allow sign-ins through mobile phones do not always need the phones to meet the security standards. This increases the vulnerability of their networks to cybercriminals. Also, stolen or lost mobile devices, which once used for accessing any healthcare facility, act as threats. If a lost or stolen phone comes in the wrong hands, the user can access that phone’s old or stored sign-in details and access the system. And such malicious action makes the process of resealing the data breach challenging.

5 Open Computer Access

Unlimited access to computers present in healthcare organizations can increase risks. If sensitive details about patients are stored in these computers and hackers get access in an unauthorized way, phishing attempts can be done easily, and hackers can have a gateway into the sensitive areas of the network.

6 Insufficient Discard Of Outdated Hardware

Old outdated hard drives and hardware that are used for accessing a network with credentials or electronic health records do not guarantee any security for those details even after the deletion. It has been noticed that after deleting the data and reformatting the devices, recovering the data is possible. In short, with outdated hard drives, anything that is once saved is always vulnerable.

Tips for Healthcare Industry to Be Improved in the Field of Cybersecurity

  • Build Proper Security Culture
    By educating the users in a healthcare organization about the importance of keeping information secure, you can change the old careless habits and practices of the staff automatically. If your organization does not have a security culture, it is impossible to support and increase information security. Every person in a healthcare organization should have a vision of keeping information secure so that the practices and habits become automatic. You can conduct a training and awareness program for the staff frequently.  Remember, having accountability and owning responsibility to keep information secure should be the core values of your healthcare organization. Protecting your patients through proper data security practices is as important as maintaining the hygiene of the healthcare organization.
  • Maintain Right Habits For Computer Usage
    Make sure the computers where all the records are stored should function properly. Configuring the software of such computers should be done accurately. If there is any software application that is not important for running the computer to access medical data, uninstall it. If you are installing new software, avoid accepting any default configuration. Go through every option, understand the options, and ask for technical help if needed. If there is any remote file sharing option, disable it to kill the possibility of unauthorized access to files. You should also maintain the software and operating system carefully to make your computers run smoothly for a long time.
  • Use Firewall
    Using a firewall is important for protecting computers from any malicious intrusions from outside. It inspects all the messages coming from outside sources (internet or local network) and prevents the intrusion of anything malicious. A firewall can configure both in hardware and software. It is a complicated process. Therefore you should ask for technical assistance to do it successfully and keep your computers protected for further usages.
  • Install & Update Antivirus Software
    Just like a firewall, installing a good antivirus software is also important to keep the computers protected and the information stored in them secure. An antivirus software finds and destroys anything malicious that has already been entered. After storing the health records, installing antivirus software is essential. And updating the software from time to time is also important to make it run in an error-free way. Most antivirus software shows reminders for such updates, some are configured to get updated automatically.
  • Secure Mobile Devices
    I have already discussed how mobile devices can act as threats in the healthcare industry. Be it a smartphone, tablet, laptop or any other portable storage media device, every device should be used in a secure manner to protect electronic health records. Devices that cannot support the encryption of data should be banned from accessing and handling  EHR. If in any emergency, you or your staff have to take a laptop storing EHR out of a secure space, make sure the records are secured in the hard drive via encryption.
  • Prepare For Unexpected Situations
    Important healthcare details should be protected against all  unexpected events, such as natural calamities, fire, etc. the two crucial parts of this practice are – keeping backups of the details and having a recovery plan. Keeping backups is important not only for securing the data but also for restoring it quickly and correctly whenever needed. One of the commonly used backup options is cloud computing that requires zero investment in hardware and little technical skill. On the other hand, when you have a recovery plan at the time of emergency, you know exactly what to do to protect and restore the data.
  • Use Strong Passwords And Keep On Changing Them Regularly
    No matter which operating system you are using, make sure it is protected with a strong password. There is no guarantee that a strong password can completely prevent hacking activities, but it may slow the hackers down and also discourage them. Moreover, a strong password with effectual access control restricts casual misuse. Therefore think strategically and create a strong password for your system. Also, keep changing the password from time to time to improve the protection.
  • Restrict Network Access
    Make sure any of your employees install or configure any software or application without prior approval from the authorities. Also, the signal of a wireless network should be secured so that only those who have permission to access the health records can pick up the signal. Moreover, make sure the router operates only in encrypted mode.

Final Thoughts,

Improving cybersecurity in healthcare has become a very important factor in today’s time when hackers are constantly targeting this industry. The above discussion has given you a profound idea about cyber threats and the possible risks a healthcare organization can face. Also, it helps preparing a defense against cybercriminals.

Author's Bio

Shailendra Sinhasane (Shail) is the co-founder and CEO of Mobisoft Infotech. He has been focused on cloud solutions, mobile strategy, cross-platform development, IoT innovations and advising healthcare startups in building scalable products.

Thank you for downloading our resource. Subscribe newsletters to stay updated with our resources.

November 21

Cybersecurity In The Healthcare Industry: Threats, Challenges & Prevention

Discover the top tips for preventing healthcare da [...]

Return to Blog list

Cybersecurity In The Healthcare Industry: Threats, Challenges & Prevention

When was the last time you checked a piece of news about healthcare data being hacked?The healthcare industry is not out of danger caused by data breaches. In fact, the industry is increasingly targeted by cybercriminals nowadays. According to a report, “data breaches have been increased by 12% within the past five years, with the healthcare industry experiencing the highest costs at $6.5 million on average per breach.”

Therefore, healthcare practitioners cannot just take the matter of cybersecurity lightly. Time has come when they must give importance to it and invest in bringing betterment in digital security.

In today’s post, I am going to give you a complete overview about cybersecurity in healthcare industry – the threats caused due to cyberattack, the major cybersecurity risks in the medical sector, the possible reasons for which medical data gets hacked, and above all how healthcare industry can improve in the field of cybersecurity and protect their patients information. So, without further ado, let’s start the discussion.

Major Threats Caused Due To Cyberattack

Electronic Health Records (EHR) include various details about patients, such as the test results, medical history, etc. Thus, securing a health organization network is a major IT concern. Electronic Health Records have made it possible for healthcare professionals and insurance agencies to share important details. As a result, both can coordinate and facilitate insurance matters in an easy way. Indeed these records have helped the medical professional collaborate for meeting patient’s needs efficiently.

However, this interconnected nature of today’s healthcare industry has a downside too. It creates digital security risks. The shared medical details have improved the patient care process. But the same thing can put these patients at risk as well. Wider the healthcare network becomes, the more useful it is in delivering high-quality health care, but its details also become more inviting to cybercriminals.

But why healthcare centers have become easy targets for cyber threats?

There are a few reasons for this:

  • Healthcare networks can contain important financial information apart from patients’ medical records.
  • The network has entire personal details of everyone in some form, as there are hardly any people who do not consult a healthcare provider.
  • The way Electronic Health Records are interconnected, it signifies that hackers can have access to the information that can be collected under various patients’ names for a long time. Sharing these details is important for delivering the best possible care to the patients, but the same thing also makes all the networks very vulnerable targets for hackers.

And this vulnerability leads to compromise among the patients’ data. Due to lack of management, EHRs and other valuable details can fall into malevolent hands.

Below Are Some Possible Cybersecurity Threats:

1 Employees

Access to the patients’ information is easily available from the medical staff. There is no guarantee any employee will not illegally access the sensitive information.  The stolen information can be mishandled by criminals in many ways. They can do identity theft, make fraudulent purchases, or blackmail people with such information.

2 Phishing & Malware Schemes

These can plant malevolent scripts on a computer or steal sign-in credentials. And as a result, the whole network gets badly affected. One of the most common malware schemes is requesting sign-in information through emails from websites. Once a user gives the sign-in credentials, the hacker can sign in to the system. Diverse kinds of viruses will store the records-related information and automatically address it back to the actual host or allow it to get in action later.

3 Vendors

Medical professionals often have to work with different vendors without being aware of the associated risks. For example, if a cleaning agency is hired by a hospital, there is a possibility of that the agency’s employees get access to the hospital’s computers. While the personal details of patients should be safeguarded in such a way so that not all employees can view, it can not be guaranteed to keep the details completely secure since cleaning and other maintenance are important for keeping a health organization’s environment healthy.

4 Smartphone Devices

The medical facilities that allow sign-ins through mobile phones do not always need the phones to meet the security standards. This increases the vulnerability of their networks to cybercriminals. Also, stolen or lost mobile devices, which once used for accessing any healthcare facility, act as threats. If a lost or stolen phone comes in the wrong hands, the user can access that phone’s old or stored sign-in details and access the system. And such malicious action makes the process of resealing the data breach challenging.

5 Open Computer Access

Unlimited access to computers present in healthcare organizations can increase risks. If sensitive details about patients are stored in these computers and hackers get access in an unauthorized way, phishing attempts can be done easily, and hackers can have a gateway into the sensitive areas of the network.

6 Insufficient Discard Of Outdated Hardware

Old outdated hard drives and hardware that are used for accessing a network with credentials or electronic health records do not guarantee any security for those details even after the deletion. It has been noticed that after deleting the data and reformatting the devices, recovering the data is possible. In short, with outdated hard drives, anything that is once saved is always vulnerable.

Tips for Healthcare Industry to Be Improved in the Field of Cybersecurity

  • Build Proper Security Culture
    By educating the users in a healthcare organization about the importance of keeping information secure, you can change the old careless habits and practices of the staff automatically. If your organization does not have a security culture, it is impossible to support and increase information security. Every person in a healthcare organization should have a vision of keeping information secure so that the practices and habits become automatic. You can conduct a training and awareness program for the staff frequently.  Remember, having accountability and owning responsibility to keep information secure should be the core values of your healthcare organization. Protecting your patients through proper data security practices is as important as maintaining the hygiene of the healthcare organization.
  • Maintain Right Habits For Computer Usage
    Make sure the computers where all the records are stored should function properly. Configuring the software of such computers should be done accurately. If there is any software application that is not important for running the computer to access medical data, uninstall it. If you are installing new software, avoid accepting any default configuration. Go through every option, understand the options, and ask for technical help if needed. If there is any remote file sharing option, disable it to kill the possibility of unauthorized access to files. You should also maintain the software and operating system carefully to make your computers run smoothly for a long time.
  • Use Firewall
    Using a firewall is important for protecting computers from any malicious intrusions from outside. It inspects all the messages coming from outside sources (internet or local network) and prevents the intrusion of anything malicious. A firewall can configure both in hardware and software. It is a complicated process. Therefore you should ask for technical assistance to do it successfully and keep your computers protected for further usages.
  • Install & Update Antivirus Software
    Just like a firewall, installing a good antivirus software is also important to keep the computers protected and the information stored in them secure. An antivirus software finds and destroys anything malicious that has already been entered. After storing the health records, installing antivirus software is essential. And updating the software from time to time is also important to make it run in an error-free way. Most antivirus software shows reminders for such updates, some are configured to get updated automatically.
  • Secure Mobile Devices
    I have already discussed how mobile devices can act as threats in the healthcare industry. Be it a smartphone, tablet, laptop or any other portable storage media device, every device should be used in a secure manner to protect electronic health records. Devices that cannot support the encryption of data should be banned from accessing and handling  EHR. If in any emergency, you or your staff have to take a laptop storing EHR out of a secure space, make sure the records are secured in the hard drive via encryption.
  • Prepare For Unexpected Situations
    Important healthcare details should be protected against all  unexpected events, such as natural calamities, fire, etc. the two crucial parts of this practice are – keeping backups of the details and having a recovery plan. Keeping backups is important not only for securing the data but also for restoring it quickly and correctly whenever needed. One of the commonly used backup options is cloud computing that requires zero investment in hardware and little technical skill. On the other hand, when you have a recovery plan at the time of emergency, you know exactly what to do to protect and restore the data.
  • Use Strong Passwords And Keep On Changing Them Regularly
    No matter which operating system you are using, make sure it is protected with a strong password. There is no guarantee that a strong password can completely prevent hacking activities, but it may slow the hackers down and also discourage them. Moreover, a strong password with effectual access control restricts casual misuse. Therefore think strategically and create a strong password for your system. Also, keep changing the password from time to time to improve the protection.
  • Restrict Network Access
    Make sure any of your employees install or configure any software or application without prior approval from the authorities. Also, the signal of a wireless network should be secured so that only those who have permission to access the health records can pick up the signal. Moreover, make sure the router operates only in encrypted mode.

Final Thoughts,

Improving cybersecurity in healthcare has become a very important factor in today’s time when hackers are constantly targeting this industry. The above discussion has given you a profound idea about cyber threats and the possible risks a healthcare organization can face. Also, it helps preparing a defense against cybercriminals.

Author's Bio

Shailendra Sinhasane (Shail) is the co-founder and CEO of Mobisoft Infotech. He has been focused on cloud solutions, mobile strategy, cross-platform development, IoT innovations and advising healthcare startups in building scalable products.

Thank you for downloading our resource. Subscribe newsletters to stay updated with our resources.

July 20

7 Tips To Avoid Failure In Investigation | Ets Risk Management

Violence against co-worker by a present or former [...]


Conduct, both physical and verbal, intended to negatively impact the safety or security of your bank should be included cyber security. A broad definition allows your Legal and Human Resource units to address problem behavior early and swiftly supported by written policy. Further, an inclusive policy sends a strong message to all that the bank will not tolerate fear in the workplace.


July 20

Best Security Transportation Services in UK | Ets Risk Management

It is strongly advised that any armored vehicle is [...]


Armored vehicles are vulnerable if trapped and cannot escape the immediate threat invastigation. As with all security proactive action armored vehicle ukand avoidance is key. Well-trained security drivers, with evasive and defensive driving skills and with excellent working knowledge of local roads are invaluable. If an incident occurs drivers must react immediately to extricate the vehicle from the immediate threat.


July 20

A Trusted Armored Vehicle Rental Company | Ets Risk Management


Kidnapping is a significant weapon of influence and source of funding for criminals and terrorists from South America to Southeast Asia to Africa. Kidnapping is the unlawful seizure and detention of a person usually for a ransom. That latter part of the definition, “usually for a ransom”, is the beacon of cyber security  light the skilled negotiator homes in on and exploits to accomplish the mission – the safe release of the victim.


 


July 05

All About Cyber Security | Ets Risk Management

Cyber Security leaders with a significant global high-risk footprint know that a kidnapping may not be a question of “if” but a question of “when”. It may happen when you are not directly responsible for covering your employee or their family and therefore least able to prevent it – when they are alone and most vulnerable. Learning what to expect in those first hours of an abduction will help you avoid becoming a bystander when your leadership is most needed.


 


May 14

List of Cyber Security Companies | ETS Risk Management


The first of a three-part series to help protective professionals understand how K&R can be successfully resolved.


Preparing for the worse is part of every security professional’s repertoire especially when it comes to planning for failure. This three-part series is designed to enhance understanding of how kidnap and ransom negotiations work and your role in the event the unthinkable happens. Cyber Security leaders with a significant global high-risk footprint know that a kidnapping may not be a question of “if” but a question of “when”. It may happen when you are not directly responsible for covering your employee or their family and therefore least able to prevent it – when they are alone and most vulnerable. Learning what to expect in those first hours of an abduction will help you avoid becoming a bystander when your leadership is most needed.


Kidnap 101:


Kidnapping is a significant weapon of influence and source of funding for criminals and terrorists from South America to Southeast Asia to Africa. Kidnapping is the unlawful seizure and detention of a person usually for a ransom. That latter part of the definition, “usually for a ransom”, is the beacon of light the skilled negotiator homes in on and exploits to accomplish the mission – the safe release of the victim.


Cyber Security


The international kidnap phenomenon is a “good news, bad news” scenario. The bad news – Kidnapping is a burgeoning crime flourishing in countries where police and prosecutors are unable or unwilling to address it. Consequently, the kidnapper perceives his plans as low risk, high gain. The good news – The captor’s motivation in most kidnappings, is money. The kidnapper’s purpose is monetary rather than bringing harm to the hostage. Therefore, hostages retain their value when they remain alive. This critical dynamic provides the negotiator with the leverage and influence needed to liberate the hostage.


Although money remains far and away the most common kidnap motivation, political demands including publicity, release of prisoners and welfare items have also been used as ransom criteria. Nigerian groups have taken hostages to force oil companies to provide economic assistance to local villagers. Journalist Danny Pearl was taken to pressure the Pakistan government not to support the U.S. In all cases, the kidnapper’s goal is to force a third party to do something; usually to pay money. Holding the hostage and threatening harm empowers the kidnapper. Nevertheless, victim companies and families have control and influence since they control what the kidnapper wants – money. The overriding theme a negotiator messages is; “If you harm the hostage you won’t get what you want.”


The Early Hours:


The initial stages of a kidnap are marked by both limited and conflicting information. You will normally have more questions than answers when your employee’s whereabouts are unknown. You may be nowhere near your protectee nor responsible for their welfare when you get a call indicating they or their family member are missing. Therefore, your priority must be to confirm that a kidnapping truly occurred.  Event Security professionals who maintain viable tracking and locator technology enjoy a significant advantage here. Immediately engage a pre-selected K&R professional, who you or your company have already vetted. These professionals often come out of federal law enforcement or specialized firms and are extensively trained in crisis negotiations. Your consultant should be able to demonstrate dozens of successful resolutions to ransom, extortion and barricaded subject scenarios. Next, prepare for the worse-case scenario by planning for the abductor’s initial call.  Next, assist the consultant, your company and the employee’s family to decide who should take the initial ransom call.


The Communicator:


As a protective professional you should have a crisis management plan that includes a K&R response protocol. Part of that protocol should be an understanding that if a kidnap occurs, a K&R consultant will want to select a communicator to engage with the captor. The role of the communicator is that of a mouthpiece for the victim family or company and to act as a conduit to the kidnapper. The communicator has limited authority and must project subordination to the final decision makers when conversing with the captors. Adherence to company or family objectives and gathering accurate information are important aspects of the communicator’s duties.


When helping to select a communicator remember that the person must be: Willing to accept coaching; Loyal to your client’s company and its policies; Emotionally stable; and, an excellent listener. The communicator is not a debater but more of an influencer and persuader who conveys honesty and resolve while trying to avoid confrontation.


The ability of the communicator to maintain a low key, calm and patient business-like demeanor is imperative. One of the communicator’s key tasks is to establish a window of contact with the kidnapper. The communicator can exert a degree of control and minimize the necessity of being continuously available by arranging a specific time frame for contacts with the captors. If the captor attempts to make contact outside of the arranged time, the communicator must not acknowledge the contact thereby using a classical conditioning approach to influence the captor to abide by the agreement.


Prior to a scheduled contact the communicator will prepare and rehearse under the supervision of a trained K&R negotiator. Objectives are set out for each contact. The communicator must be prepared to play both defense and offense. The communicator will be coached on how to respond (defense) to anticipated topics the captor may broach. At the same time, the communicator will be armed with three or four key points (offense) to work into the conversation. The conversation will be scripted with key words and phrases prominently posted on situation boards in the negotiation operations center (NOC). You can facilitate this operation by acquiring and securing a NOC that is quiet and convenient for all.


Once a decision is made as to where and to whom the initial call will be directed the key messages must be readied. Your K&R professional will help draft a message for the company or family that is designed to convey three things to the captor: 1) A willingness to communicate; 2) The need for proof of possession/proof of life; and 3) A requirement for a reasonable delay. You should prepare the communicator for what’s coming – A high financial demand, a deadline, threats, and a warning to not involve law enforcement.


Up next: The second article in this series will address interaction with law enforcement, families, and the media.


Contact Us to speak with our Subject Matter Expert Kidnap and Ransom Consultancy Team


The original article was first published by Security Magazine


About the authors


Steve Romano and Frank Figliuzzi help lead ETS Risk Management, Inc. They consult with global clients on Crisis Negotiations, Kidnap, and Workplace Violence. Steve was the FBI’s Chief Hostage Negotiator and a Vice President of Control Risks. Frank was the FBI’s Assistant Director for Counterintelligence and a Fortune 100 corporate security executive. Frank also works as a National Security Contributor for NBC News.


May 07

Our Executive Is Missing: Kidnap and Ransom Basics for Security | ETS Risk Management

Free Join Social Media Community: Blog : Our Execu [...]

OUR EXECUTIVE IS MISSING: KIDNAP AND RANSOM BASICS FOR SECURITY

  • Our Executive Is Missing: Kidnap and Ransom Basics for Security Professionals

    The first of a three-part series to help protective professionals understand how K&R can be successfully resolved.

    Preparing for the worse is part of every security professional’s repertoire especially when it comes to planning for failure. This three-part series is designed to enhance understanding of how kidnap and ransom negotiations work and your role in the event the unthinkable happens. Cyber Security leaders with a significant global high-risk footprint know that a kidnapping may not be a question of “if” but a question of “when”. It may happen when you are not directly responsible for covering your employee or their family and therefore least able to prevent it – when they are alone and most vulnerable. Learning what to expect in those first hours of an abduction will help you avoid becoming a bystander when your leadership is most needed.

    Kidnap 101:

    Kidnapping is a significant weapon of influence and source of funding for criminals and terrorists from South America to Southeast Asia to Africa. Kidnapping is the unlawful seizure and detention of a person usually for a ransom. That latter part of the definition, “usually for a ransom”, is the beacon of light the skilled negotiator homes in on and exploits to accomplish the mission – the safe release of the victim.

    The international kidnap phenomenon is a “good news, bad news” scenario. The bad news – Kidnapping is a burgeoning crime flourishing in countries where police and prosecutors are unable or unwilling to address it. Consequently, the kidnapper perceives his plans as low risk, high gain. The good news – The captor’s motivation in most kidnappings, is money. The kidnapper’s purpose is monetary rather than bringing harm to the hostage. Therefore, hostages retain their value when they remain alive. This critical dynamic provides the negotiator with the leverage and influence needed to liberate the hostage.

    Although money remains far and away the most common kidnap motivation, political demands including publicity, release of prisoners and welfare items have also been used as ransom criteria. Nigerian groups have taken hostages to force oil companies to provide economic assistance to local villagers. Journalist Danny Pearl was taken to pressure the Pakistan government not to support the U.S. In all cases, the kidnapper’s goal is to force a third party to do something; usually to pay money. Holding the hostage and threatening harm empowers the kidnapper. Nevertheless, victim companies and families have control and influence since they control what the kidnapper wants – money. The overriding theme a negotiator messages is; “If you harm the hostage you won’t get what you want.”

    The Early Hours:

    The initial stages of a kidnap are marked by both limited and conflicting information. You will normally have more questions than answers when your employee’s whereabouts are unknown. You may be nowhere near your protectee nor responsible for their welfare when you get a call indicating they or their family member are missing. Therefore, your priority must be to confirm that a kidnapping truly occurred.  Event Security professionals who maintain viable tracking and locator technology enjoy a significant advantage here. Immediately engage a pre-selected K&R professional, who you or your company have already vetted. These professionals often come out of federal law enforcement or specialized firms and are extensively trained in crisis negotiations. Your consultant should be able to demonstrate dozens of successful resolutions to ransom, extortion and barricaded subject scenarios. Next, prepare for the worse-case scenario by planning for the abductor’s initial call.  Next, assist the consultant, your company and the employee’s family to decide who should take the initial ransom call.

    The Communicator:

    As a protective professional you should have a crisis management plan that includes a K&R response protocol. Part of that protocol should be an understanding that if a kidnap occurs, a K&R consultant will want to select a communicator to engage with the captor. The role of the communicator is that of a mouthpiece for the victim family or company and to act as a conduit to the kidnapper. The communicator has limited authority and must project subordination to the final decision makers when conversing with the captors. Adherence to company or family objectives and gathering accurate information are important aspects of the communicator’s duties.

    When helping to select a communicator remember that the person must be: Willing to accept coaching; Loyal to your client’s company and its policies; Emotionally stable; and, an excellent listener. The communicator is not a debater but more of an influencer and persuader who conveys honesty and resolve while trying to avoid confrontation.

    The ability of the communicator to maintain a low key, calm and patient business-like demeanor is imperative. One of the communicator’s key tasks is to establish a window of contact with the kidnapper. The communicator can exert a degree of control and minimize the necessity of being continuously available by arranging a specific time frame for contacts with the captors. If the captor attempts to make contact outside of the arranged time, the communicator must not acknowledge the contact thereby using a classical conditioning approach to influence the captor to abide by the agreement.

    Prior to a scheduled contact the communicator will prepare and rehearse under the supervision of a trained K&R negotiator. Objectives are set out for each contact. The communicator must be prepared to play both defense and offense. The communicator will be coached on how to respond (defense) to anticipated topics the captor may broach. At the same time, the communicator will be armed with three or four key points (offense) to work into the conversation. The conversation will be scripted with key words and phrases prominently posted on situation boards in the negotiation operations center (NOC). You can facilitate this operation by acquiring and securing a NOC that is quiet and convenient for all.

    Once a decision is made as to where and to whom the initial call will be directed the key messages must be readied. Your K&R professional will help draft a message for the company or family that is designed to convey three things to the captor: 1) A willingness to communicate; 2) The need for proof of possession/proof of life; and 3) A requirement for a reasonable delay. You should prepare the communicator for what’s coming – A high financial demand, a deadline, threats, and a warning to not involve law enforcement.

    Up next: The second article in this series will address interaction with law enforcement, families, and the media.

    Contact Us to speak with our Subject Matter Expert Kidnap and Ransom Consultancy Team

    The original article was first published by Security Magazine

    About the authors

    Steve Romano and Frank Figliuzzi help lead ETS Risk Management, Inc. They consult with global clients on Crisis Negotiations, Kidnap, and Workplace Violence. Steve was the FBI’s Chief Hostage Negotiator and a Vice President of Control Risks. Frank was the FBI’s Assistant Director for Counterintelligence and a Fortune 100 corporate security executive. Frank also works as a National Security Contributor for NBC News.

    Click for Source

April 11

Our Executive Is Missing: Kidnap and Ransom Basics for Security Professionals-Part I | ETS Risk Management


The first of a three-part series to help protective professionals understand how K&R can be successfully resolved.


Preparing for the worse is part of every security professional’s repertoire especially when it comes to planning for failure. This three-part series is designed to enhance understanding of how kidnap and ransom negotiations work and your role in the event the unthinkable happens. Cyber Security leaders with a significant global high-risk footprint know that a kidnapping may not be a question of “if” but a question of “when”. It may happen when you are not directly responsible for covering your employee or their family and therefore least able to prevent it – when they are alone and most vulnerable. Learning what to expect in those first hours of an abduction will help you avoid becoming a bystander when your leadership is most needed.


Kidnap 101:


Kidnapping is a significant weapon of influence and source of funding for criminals and terrorists from South America to Southeast Asia to Africa. Kidnapping is the unlawful seizure and detention of a person usually for a ransom. That latter part of the definition, “usually for a ransom”, is the beacon of light the skilled negotiator homes in on and exploits to accomplish the mission – the safe release of the victim.


The international kidnap phenomenon is a “good news, bad news” scenario. The bad news – Kidnapping is a burgeoning crime flourishing in countries where police and prosecutors are unable or unwilling to address it. Consequently, the kidnapper perceives his plans as low risk, high gain. The good news – The captor’s motivation in most kidnappings, is money. The kidnapper’s purpose is monetary rather than bringing harm to the hostage. Therefore, hostages retain their value when they remain alive. This critical dynamic provides the negotiator with the leverage and influence needed to liberate the hostage.


Cyber Security


Although money remains far and away the most common kidnap motivation, political demands including publicity, release of prisoners and welfare items have also been used as ransom criteria. Nigerian groups have taken hostages to force oil companies to provide economic assistance to local villagers. Journalist Danny Pearl was taken to pressure the Pakistan government not to support the U.S. In all cases, the kidnapper’s goal is to force a third party to do something; usually to pay money. Holding the hostage and threatening harm empowers the kidnapper. Nevertheless, victim companies and families have control and influence since they control what the kidnapper wants – money. The overriding theme a negotiator messages is; “If you harm the hostage you won’t get what you want.”


The Early Hours:


The initial stages of a kidnap are marked by both limited and conflicting information. You will normally have more questions than answers when your employee’s whereabouts are unknown. You may be nowhere near your protectee nor responsible for their welfare when you get a call indicating they or their family member are missing. Therefore, your priority must be to confirm that a kidnapping truly occurred.  Event Security professionals who maintain viable tracking and locator technology enjoy a significant advantage here. Immediately engage a pre-selected K&R professional, who you or your company have already vetted. These professionals often come out of federal law enforcement or specialized firms and are extensively trained in crisis negotiations. Your consultant should be able to demonstrate dozens of successful resolutions to ransom, extortion and barricaded subject scenarios. Next, prepare for the worse-case scenario by planning for the abductor’s initial call.  Next, assist the consultant, your company and the employee’s family to decide who should take the initial ransom call.


The Communicator:


As a protective professional you should have a crisis management plan that includes a K&R response protocol. Part of that protocol should be an understanding that if a kidnap occurs, a K&R consultant will want to select a communicator to engage with the captor. The role of the communicator is that of a mouthpiece for the victim family or company and to act as a conduit to the kidnapper. The communicator has limited authority and must project subordination to the final decision makers when conversing with the captors. Adherence to company or family objectives and gathering accurate information are important aspects of the communicator’s duties.


When helping to select a communicator remember that the person must be: Willing to accept coaching; Loyal to your client’s company and its policies; Emotionally stable; and, an excellent listener. The communicator is not a debater but more of an influencer and persuader who conveys honesty and resolve while trying to avoid confrontation.


The ability of the communicator to maintain a low key, calm and patient business-like demeanor is imperative. One of the communicator’s key tasks is to establish a window of contact with the kidnapper. The communicator can exert a degree of control and minimize the necessity of being continuously available by arranging a specific time frame for contacts with the captors. If the captor attempts to make contact outside of the arranged time, the communicator must not acknowledge the contact thereby using a classical conditioning approach to influence the captor to abide by the agreement.


Prior to a scheduled contact the communicator will prepare and rehearse under the supervision of a trained K&R negotiator. Objectives are set out for each contact. The communicator must be prepared to play both defense and offense. The communicator will be coached on how to respond (defense) to anticipated topics the captor may broach. At the same time, the communicator will be armed with three or four key points (offense) to work into the conversation. The conversation will be scripted with key words and phrases prominently posted on situation boards in the negotiation operations center (NOC). You can facilitate this operation by acquiring and securing a NOC that is quiet and convenient for all.


Once a decision is made as to where and to whom the initial call will be directed the key messages must be readied. Your K&R professional will help draft a message for the company or family that is designed to convey three things to the captor: 1) A willingness to communicate; 2) The need for proof of possession/proof of life; and 3) A requirement for a reasonable delay. You should prepare the communicator for what’s coming – A high financial demand, a deadline, threats, and a warning to not involve law enforcement.


Up next: The second article in this series will address interaction with law enforcement, families, and the media.


Contact Us to speak with our Subject Matter Expert Kidnap and Ransom Consultancy Team


The original article was first published by Security Magazine


About the authors


Steve Romano and Frank Figliuzzi help lead ETS Risk Management, Inc. They consult with global clients on Crisis Negotiations, Kidnap, and Workplace Violence. Steve was the FBI’s Chief Hostage Negotiator and a Vice President of Control Risks. Frank was the FBI’s Assistant Director for Counterintelligence and a Fortune 100 corporate security executive. Frank also works as a National Security Contributor for NBC News.


Click for Source


April 03

Cyber Security Risk Management | ETS Risk Management

Preparing for the worse is part of every security professional’s repertoire especially when it comes to planning for failure. This three-part series is designed to enhance understanding of how kidnap and ransom negotiations work and your role in the event the unthinkable happens. Cyber Security leaders with a significant global high-risk footprint know that a kidnapping may not be a question of “if” but a question of “when”. It may happen when you are not directly responsible for covering your employee or their family and therefore least able to prevent it – when they are alone and most vulnerable. Learning what to expect in those first hours of an abduction will help you avoid becoming a bystander when your leadership is most needed.

March 22

Why Is Cyber Security Important For Security| ETS Risk Management

Cyber security advances and arrangements are developing because of the changing risk scene, where dangers are getting to be more astute and harming. In the present associated wellbeing condition, cyber security is never again an alternative or idea in retrospect though it is a basic vital resource that is being tended to by each association.

March 22

Will I Like Cyber Security | ETS Risk Management

The worldwide medicinal services cyber security advertise is fragmented based on end client, district, and arrangement type. By district, the worldwide human services cyber security advertise is separated into North America, Europe, Asia Pacific, and Rest of the World.

March 08

Special Cyber Security| ETS Risk Management


As a protective professional you should have a crisismanagement plan that includes a K&R response protocol. Part of that protocol should be an understanding that if a kidnap occurs, a K&R consultant will want to select a communicator to engage with the captor.