Crisis Mgt Presentation

We Must Be Ready

www.andrewsinternational.com

We Must Be Ready


When you are walking through the flames


You should be thinking about What’s Next?


A Crisis of Sorts?


Violence Crisis


A “Dilbert” View


Hazards: The List Continues to Expand

Natural Hazards – hurricanes, earthquakes, tornadoes, floods

Terrorism – the threat continues to loom large

Workplace Violence – becoming more frequent

Power Outages – blackouts, brownouts, rolling blackouts

Fires, Explosions, Chemical Releases

Security Threats- new generation of eCrime


New Breed of Damaging Brand Attacks

Classic Phishing

Vishing (aka: VoIP phishing using phones)

SMiShing (test message to a link that installs a Trojan)

Malware

419 Scams ( morphed Nigerian letter scam gone cyber)

Blended Abuse

H1N1 Treatment Products Fraud


New Security ThreatsEconomy Driven

A DuPont scientist stole $400 million in intellectual property from him employer in the form of 16, 706 documents and over 25,000 scientific abstracts

An employee working in a Texas physician’s office that was contracted to treat FBI agents attempted to sell an agent’s health records to drug traffickers for $500.

A Federal Emergency Management Agency employee stole the identity information of 200 people and opened $150,000 in credit accounts.


21st Century Hacktivism

Microsoft’s Irish website defaced

FBI website defaced

Scotland Yard career website defaced

Hackers invade Obama website: users redirected to Clinton campaign website

Safe website let you embarrass people in high places- ananomize

Palin’s Yahoo mail hacked- published on wikileaks.org

Blackmail and Extortion using stolen information


Understanding Key Terms

Emergency Management – – An Ongoing Process to:

• Prevent, mitigate, prepare for, respond to, and recover …• From an incident that threatens life, property, operations, or the

environment.”

Examples– Medical Emergencies– Fires or explosions– Natural hazards – Hazardous material spills or releases– Security threats


Terms

Business Continuity– An ongoing process to successfully:

• Identify the impact of potential losses• Apply viable recovery strategies and plans• Maintain continuity of services

Needed When . . . – Interruption or loss of:

• Technology: hardware, software, data, connectivity• Operations: critical facility, building, process, system, equipment • Transportation: air, land• Communication

– Essential personnel unavailable


Terms

Crisis Management– Crisis: situation threatens to significantly harm:

• Operations• Financial Results • Reputation or Image• Relations with Key Stakeholders

– Needed When . . . • Accident, Natural or Environmental Disaster• Financial Troubles• Rumors or Scandals• Litigation• Strategic/Business Environment• Terrorism/Cyber Terrorism• Media Reports


Developing an Integrated Program


Integrated Plan


Lessons Learned from Disruptive Events


Normal life may be impacted


It could be difficult to travel


Assistance might be delayed


Typical Challenges

No electricity Damaged hardware, equipment No plans to relocate remaining equipment No plans to repair/replace/dispose of damaged equipment Incomplete coverage on service contracts No employee evacuation, re-assemblage plans No planned employee communication system No plans for communicating with key stakeholders No plans for emergency equipment acquisition No offsite backup of IT systems


Lessons Learned:Power

No power, or limited power supplies No time estimates for restoring power Poor location of generators Poor location of redundant power supplies No testing of redundant power supplies No plan for acquiring generators Inadequate fuel supply Inadequate protection for fuels


Things you assume will be there- may not


Lessons Learned:Infrastructure

Located in high risk area– Did not foresee risk, vulnerabilities of locations

Structural Damage Security, Accessibility problems Storage/Location of critical assets Mold, contaminants Mobile solution didn’t work in affected areas No access to vendor contact information for clean-up


Lessons Learned:Insurance

Poor or inadequate coverage Did not know what disaster scenarios were covered No documented information for claims adjuster

– Inventory of Assets

– Inventory of Event Activities Had not assessed risks vs. coverage Had not insurance-tested various disaster scenarios Keep an inventory of all assets No independent review of insurance coverage


Lessons Learned:The Plan Itself

Plans – Outdated or non-existent– Not available - were in the damaged facility– Plans were not linked to change management– Plans too complex for quick use under stress– Not tested; lack of regular team drills

No incident command system IT and business change plans not integrated Crisis response structure not organization-wide Teams not set: Incident Command, Crisis, Operational No pre-set locations, equipment to facilitate teams


Lessons Learned:Travel

Movement takes longer than expected People did not follow local agency directions Limited or no gasoline Limited or no air travel available No rental vehicles available Heavy traffic, contra-flow Limited housing availability No plan for moving key employees and families


Lessons Learned:Communications

No central number for employees/customers to call Cell phones may not work Cordless phones may not work Internet, Email may not be accessible No plans to address the media, authorities, others No communications with public sector agencies Emergency contact information not easily accessible No emergency notification system Not prepared to handle incoming inquiries


Plan to use a range of technologies


Lessons Learned:People

Employees– Not 100% focused

• Traumatized• With or concerned about families

– Did not know what to do – Safety not considered in plans– Emergency loans not available

Alternate team members not planned Confusion = slow, inadequate decision-making Not prepared to inform families

– Incoming family inquiries– Notify families of injured, deceased employees


Operational Challenges

Scale: Large magnitude, multi-location event/crisis Infrastructure: Damage or Loss of:

– Voice, data communications systems– Power/Fuel– Facilities

Rapidly changing environment = unique support needs Competing interests = non-productive behavior:

– Individual, bureaucratic and departmental interests– Stovepipes, silos and measurement issues

Complex coordination between company, authorities


Operational Challenges(Cont’d)

Acquiring Needed Resources: – Food– Supplies– Security– Transportation– Personnel– Funding – Sanitation

Chaos, trauma, emotional stress, harsh environment Polices, regulations, practices Limited staff with crisis, disaster experience


Communications Challenges

“90 percent of a crisis response is communications” – Barbara Reynolds, Center for Disease Control, USA

Responding quickly but accurately Managing both the company and the crisis Coordinating crisis operations and communications Managing rumors Establishing control of communications

– Media– Internet– Employees– Other stakeholders


Crisis Communications:Be Prepared

Know your vulnerabilities Have crisis communications plans already in place

– Immediate response plan– 72-hour response plan

Pre-set teams – One to manage the company– One to manage the crisis

Pre-set decision structure (rapid-response) Pre-set contact lists (frequently updated) Pre-test with crisis communications drills


At Crisis Time

Activate the teams – minutes count! Quickly establish:

– Secured crisis location – Command Center (operations and communications)– Access to accurate information– Control of outgoing information

• Media• Internet

Credibility is your most valuable asset


Some Thoughts on Crisis Management

“In a crisis, don’t hide behind anybody or anything. They’re going to find you anyway.” -Paul “Bear” Bryant- American Football Coach

“What one decides to do in a crisis depends on one’s philosophy of life, and that philosophy cannot be changed by an incident. If one has no philosophy in crisis, others make the decision.” –Jeanette Rankin- US House of Representatives

“It takes 20 years to build a reputation and 5 minutes to ruin it” –Warren Buffet-

“If it’s not important to senior management, it will not be important to middle management or line management at all” – Denny Lynch, Senior VP of Communications, Wendy’s-


Primary Challenge & Priority

Maintaining communication regardless of the nature of the event, be it a natural disaster or terrorist incident, is the primary challenge during a disaster


Integrated Approach to Crisis Management

Operations and communications Risk Assessment – vulnerability audits Crisis Prevention – mitigating the risks Crisis Response Planning – becoming prepared Crisis Response Training – preparing your people Responding to the Crisis – minimizing damage Managing Reputation – before, during, and after


EXECUTIVE DIRECTORCONSULTING & INVESTIGATIONSANDREWS INTERNATIONAL469.737.5926 (OFFICE)972.741.7532 (CELL)[email protected]

William M. “Bill” Besse

Crisis Mgt Presentation

Documents

Transcript of Crisis Mgt Presentation