How to protect your Board Meeting through Converged Security

The Annual General Meeting (AGM) season is generally considered to run between February and September, with companies often choosing to use the days preceding the AGM to run board-level meetings and take advantage of directors, C-suite, and key stakeholders being co-located. 

In the age of hybrid and distributed working, particularly for global multinationals, the opportunity for ‘in real-life’ meetings keeps the team together and improves working relationships. 

Having the powerhouse of the business in one place has risks as well as rewards. 

In 2010 the entire board of directors of Sundance Resources, an Australian mining company, were killed in a plane crash in the Republic of Congo¹, despite the company travel policy stating that no two members of the board should travel on the same aircraft².  Sundance Resources, founded in 1992, was delisted in 2010. 

The use of covert recording devices in business negotiations, by either an interested party or hostile actor, has been illustrated by events during the sale of the Ritz hotel in 2020³ or the Ford employee caught deploying listening devices to assist in “transcribing meetings”⁴.  Sports teams, also part of a multi-million-dollar industry, are not immune to being targeted by hostile actors wishing to gain inside information on team tactics and player condition⁵.    

If your team are gathering prior to an AGM, either at a series of formal meetings or informally, then consideration should be given to your team’s travel, accommodation, and security arrangements – including their digital and cyber security.  A full technical surveillance sweep might be necessary for meeting rooms, hotel rooms, and transport.   

Would your security provider check the security of the network at your venue?  After all, loose lips sink ships. 

The ability to tie together the security of your team, whilst integrating a robust plan for information security to protect your intellectual property, is crucial.  With so many moving parts, a converged approach to the cyber and physical security of your team, their accommodation, transport, and meeting spaces should be considered.   

For the big day, the AGM, security for the board and their guests is paramount.  The rise of ‘leaderless protest’ and activism has the potential to impact the safety of those attending the AGM.  Fabulous meeting spaces, such as the elegant Dartmouth House⁶, require discretion; a good security provider will link up with the venue’s own security team and ensure that your team, shareholders, and guests are protected. 

Scrutiny is not the enemy of planning, and using the same plan, or a slight variation, every year enables a hostile actor to more easily plan their attack.  The opportunity to undertake a full threat and risk assessment for the entire event, including travel, cyber, physical, and insider threats, should not be overlooked. 

Martyn’s Law will legislate for ensuring these activities take place, because your major event for the year might also be the opposition’s major event for the year… 

How to secure your next AGM  

Travel risk analysis  

• How are you transporting your people? 
• Who is transporting your people? 
• Do you need to contract a transport provider in country with specific vehicles you can bug sweep? 
• How are you securing electronic devices during transit? 
• Is air freight safe? If you are moving large items, consider overland transport. 

Location 

• Country risk assessment – medical / crime / political / seismic / economic 
• City risk assessment – as above 
• Venue reconnaissance – to include fire / evacuation / likelihood of local crime / transport links 
• Route reconnaissance – primary, secondary, and alternative routes. 
• Hotel security- secure suites and TSCM sweep.  

AGM Venue 

• Identify Banqueting Manager and discuss: 
  • All known allergies. 
  • Discuss feeding arrangements and if the area is shared with other building users. 
  • Identify whether staff are contracted or employed. 
  • Check due diligence on all staff. 
    

• Identify Events Manager and discuss: 
  • Venue size and suitability. 
  • PA / AV systems and who has access. 
  • Fitting blinds and screening to windows with sensitive meetings taking place. 
  • Contingency planning for power or AV failure. 

• Identify Systems Manager and discuss: 
  • Securing WIFI. 
  • Disabling ‘client isolation’ / ‘AP isolation.’ 
  • Create VLAN for separate WIFI for event. 
  • Hide SSID. 
  • Set long, strong, and unique password for WIFI and keep secure.
     
• Identify Security Manager and discuss: 
  • Security plans including invacuation and evacuation plans. 
  • Room security and availability of access cards for venue. 
  • Policy for handling of firearms on site (if appropriate). 
  • Fire evacuation planning. 
  • Attack alarm and location of hard cover (if appropriate). 
  • Identify and mark emergency rendezvous points.  Ensure strobes and night vision available. 
  • Defibrillator location. 
  • Identify nominated helicopter landing sites (HLS) are clear of foreign object debris (FOD). 
  • Check CCTV coverage and obscure or disabled cameras in sensitive areas. 
  
  
• Prior to team arriving: 
  • TSCM sweep and room seals.  Check AC/DC waveform.  Install filters onto mains outlets 
  • Final network hardware audit.  
  • Check guest rooms at hotel and seal with serialised tags. 
  • Secure HLS for guests arriving by air.  Keep secure for air ambulance if required. 
  
  
• AGM: 
  • Protective surveillance and threat reporting using internal and external patrols. 
  • Counter-surveillance teams in position. 
  • Observe likely forming up points for protestors. 
  • Plain-clothed security team in audience in key locations. 

If you have any questions or would like support in making your next AGM secure, please get in touch with mike@torosolutions.co.uk.