Disaster Recovery from Criminal Activity


Corruption can be like a form of tax, but there may be mounting pressure not to pay. In the past, there were allegations that the extractive industries — particularly energy and oil — were paying off lots of people, in order to operate in corrupt environments, said Chris Voss, a former lead hostage negotiator for the FBI and now CEO of The Black Swan Group. Now, “under pressure from human rights groups, there’s a set of voluntary principles that the extractive industries signed off on, saying that they would contribute to trying to build legitimate law enforce infrastructure instead of paying people off and encouraging corruption.”

In places where the law enforcement infrastructure is not well-developed, these companies are also building their own security forces and compounds. If an economic downturn makes them unable to afford this protection, it will affect their security.


Here’s one CISO ’s plan if he receives an extortionist’s e-mail:

Criminal Activity1)     Contact general counsel and CIO executive team (and whomever else they deem appropriate), and jointly make assessment of the company’s risks as well as the credibility of the threat. Discuss all possible factors that could magnify the risks (such as impending big executive news or an acquisition).

2)     Recommend contact with appropriate electronic crimes law enforcement officials for tactical advice and (hopefully) assistance. (For example, are we the first to ever get this threat? Are these known perps? Has there been prior experience with them or with this MO?)

  1. 3. If top management agrees to involve external law enforcement, begin an investigation jointly with law enforcement. Formulate detection and response strategy with them to prepare to acquire and preserve evidence.
  2. 4. If senior management declines to involve external CSO EXECUTIVE GUIDE The Ultimate Guide to Busi ness Continuity 7 law enforcement, then expect to be tasked to assemble a “red team”. Regardless of whether management decides to pay, this team will search for and eliminate the vulnerabilities that make the threat credible, and take other steps to diminish risk of attacks.
  3. 5. Simultaneously expect to be working with crisis management teams, and especially the investor relations and corporate PR staff, to prepare an official position for the media. If a U.S.-based company, consider the Sarbanes- Oxley implications of every decision. That means senior finance folks will also need to be involved.
  4. 6. Warm up disaster and business continuity plans and providers depending on the nature of the threat, perhaps increase backups in frequency or type. (For example, go to “full now” instead of “incremental” for critical systems at risk.)


Chris Falkenberg, president of Insite Security, a New Yorkbased consultancy, outlines four preventative measures companies can consider to minimize kidnapping risk.

  1. Establish a counter-surveillance program. An organization with an effective counter-surveillance program has good shot at detecting a threat, increasing security and motivating potential kidnappers to go elsewhere. In addition to having personnel manning the gate, a counter-surveillance program has personnel who are watching to see who is watching others. This means looking for people who might be walking back in forth frequently in front of a location, taking video or photographs, or counting footsteps to determine the measurements of a given location. A counter-surveillance program might also use CC TV infrastructure in a proactive way, Falkenberg said. “A counter- surveillance team can use all of the intelligent video in a proactive means, particularly if you have the ability to identify cars and license plates to keep an eye out for who seems to be in your perimeter.”
  2. Utilize GPS. Falkenberg recommends companies put in place technology to be able to receive GPS transmissions from cell phones or emergency GPS transmitters. While this technology may only go so far because the device will likely be taken from the victim, in some scenarios, it could still aid in rescue. “There is some technology coming out in which you can program a cell phone to send out a distress signal,” Falkenberg said. “What we are using with some clients is a handheld GPS transmitter which you can essentially use as a portable panic button.”
  3. Train employees on how to stop a kidnapping in progress. When an event takes place, victims find themselves forced into vehicles with commands shouted at them like “Get in the car! We are going to kill you!” While this is terrifying, it is actually much easier to turn the situation to your advantage at that point than it is once you are incarcerated, Falkenberg said. However, this kind of reaction to threats is not second nature—it is something that has to be learned. He recommends talking with employees about what to do if threatened and rehearsing it.
  4. Consider families, too. A crisis management and continuity plan for the family outside the office is key. However, the family component can’t be addressed with the same techniques used for employees because families are not going to tolerate the kind of protection that c-level executives tolerate at work. Also, it is just not cost effective. Falkenberg suggests training family about potential dangers and how to behave if someone attempts to abduct them.

More tips and advice. Falkenberg also recommends companies train employees about how to act as hostages in the event that they are abducted. Tips include touching everything in sight to leave lots of fingerprints and talking to the kidnappers so they see you as a human, not an object. Falkenberg recommends mentioning family, children, and other personal facts that may aid in getting them to see you as a person.

McCann, senior VP of security operations and training at Kroll, also advises finding some kind of resonant chord with abductors to try to get them to show more empathy toward you. Mining your captors for information also can be helpful. You may be able to discern whether you were abducted for political or religious reasons, for ransom or for all of the above.

It’s also important to remember that people are working to get you released. “The feeling of hopelessness works completely against you,” he said.

© 2014 Disaster Recovery Whitepaper