The Real Price of Virtual Kidnappings

By Matthew Harwood


That’s why Garcia tells his traveling employees to “sanitize” their wallets and purses—to cleanse them of the type of personal data that a virtual kidnapper could use, such as pictures of loved ones with names on the back, which would help a virtual kidnapper weave a convincing story. Travelers should also be careful not to give personal information inadvertently or carelessly; the person requesting it might have ulterior motives.
If a company or loved one does receive a ransom call, they can’t know whether it is for real, so the same rules of kidnapping apply: get “proof of life,” says Voss. If a voice over a phone says they have your employee or loved one, ask the caller, “How do I know he’s alive? Can I speak with him?”
According to Voss, asking that question will not increase the risk to the person if they really are kidnapped, because professional kidnappers know they must prove the abducted person is alive for payment. They are, after all, basically profit-seeking businessmen.
“If you’ve got someone claiming to have kidnapped an employee or a loved one, and they want the money now, and they want it wired now, they probably don’t have him,” says Voss.
People don’t have to go it alone, however. The FBI’s Bryant says American employers or family members who receive a call from someone claiming to have kidnapped their employee or family member in another country should contact their local FBI field office and the State Department immediately. The State Department will contact the U.S. Embassy in the relevant country.
If it’s in Mexico, “They’ll contact our legal attaché in Mexico, who has a good relationship with Mexican law enforcement,” Bryant says. 
Garcia recommends having employees prepare two code words with their offices and families to quickly confirm proof of life as well as how grave the situation is. Garcia, who travels nearly every day into Mexico, says he has already done this with his family. One code word is positive, and it means that kidnappers have him, he’s in good shape, and negotiate for his release. The negative code word, however, means he’s in poor shape and to do whatever is necessary to get him out as fast as possible.
“If my [family] does not hear a code word, they’re to hang up,” he says. “Because it’s only one of two things: They don’t have me, or I’m already dead. So there’s no reason to be sending money if I’m already gone.”
Another thing a company can do to protect against virtual kidnapping is to let all employees know that honesty won’t end in their termination. If a traveling employee goes out, gets drunk, and loses a company’s electronic device with sensitive corporate or personal information on it, the office should want him to report it immediately.
“The bottom line is [an employee] is going to put his company in a bad position in having to potentially pay the ransom when he wasn’t kidnapped, he was hung over,” Voss says.
More importantly, companies should educate employees so that they know they need to follow commonsense security precautions as discussed, using a password to protect data on their phone, for example. During travel, they should be required to call their office and loved ones at designated times to let them know everything is okay. Finally, employees need to become more aware of their surroundings so that they don’t make themselves an easy mark.



Cell phone OPSEC

It's something most people simply do not practice.  There are various levels and layers one should consider going to depending upon the environment they are in, but geez how many people don't even use a password on their cell phone?  It may be an inconvenience, but when somebody gets a hold of your cell phone you will wish like hell you had practiced the most basic security.

"There Are No Silver Medals in the High Risk Environment"™


The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.