Spring til hovedindhold

Suggestions

{{result}}

Protect your organization when receiving visitors

It is a good idea to lay down standard procedures for handling visitors. Read more about what to consider in this regard.

alt=””

Photo: Ditte Valente

Knowledge sharing and networking may be of great value, but carry a risk that visitors gain unauthorized access to sensitive information or install malware on your systems. 

 

A good step towards protecting your organization is to lay down fixed procedures for handling visitors.  You may consider the following:

 

Before the visit 

  1. Consider the risks: Consider possible risks in connection with the visit and set up countermeasures. 
  2. Limit the access to information and physical areas: Determine what information may be shared and, in particular, what may not. Define a limited area for the visit, and do not leave sensitive information freely accessible in this area.
  3. Appoint supervisors: Appoint employees whose primary task it will be to supervise the visit. 
  4. Check who will be participating: Be aware of last-minute changes to the group of visitors – especially any sudden participation by embassy staff, as intelligence officers may be working under diplomatic cover. You should also be aware of visitors from foreign authorities and others who stand out from the original delegation.
  5. Set up IT logging: Set up IT logging to detect any unauthorized access in connection with the visit.
  6. Decide whether electronics are allowed: Consider whether visitors should be allowed to bring phones, tablets, cameras, smartwatches, electronic key rings, etc. Such devices can be used for recording sound and images and for registering GPS positions without your knowledge, or they can be used for installing malware on your systems. 
  7. Make background checks: Make background checks on new partners to determine if there is any cause for concern. This may include checks on the ownership of a company, any sanction notices, and so on.

During the visit

  1. Create a clear framework: Start by explaining the framework for the visit to make it clear to the visitors what they may or may not do.
  2. Use guest lanyards: Supply the visitors with guest lanyards or some other clear indication that these are visitors.
  3. Never leave visitors unattended: Never leave visitors unattended with any of your organization's electronic equipment – including computers, printers, routers and servers. Be aware of visitors who leave the delegation or “get lost”. 
  4. Do not allow visitors to install software or hardware: Do not allow visitors to install any software or hardware – including USB sticks in connection with presentations. If possible, use a stand-alone computer for presentations.
  5. Be aware of unexpected questions: Be alert to questions that fall outside the agenda of the visit. This may include questions relating to security, sensitive political topics or the names of individuals. 

After the visit

  1. Go through your IT log: Go through your IT log in order to uncover any unauthorized access to your organization’s systems.
  2. Be aware of any subsequent contact: Be aware if employees are subsequently contacted by a visitor. Does the contact give rise to any concern? Also be aware of any requests for a repeat visit. 
  3. Evaluate the visit: Evaluate the visit and take action if you suspect that a security breach or some other suspicious incident has taken place. For example, did any of the visitors display suspicious behaviour? Mention your suspicion to the head of security or your immediate superior. 

If you assess that the incident may be related to espionage or terrorism, you should also request a confidential meeting with PET on pet@politi.dk.

 
Read more about
Faa raadene paa A4 ark
Travel security
PET's security advisory services