Upload
wbesse
View
575
Download
3
Embed Size (px)
Citation preview
www.andrewsinternational.com
Hazards: The List Continues to Expand
Natural Hazards – hurricanes, earthquakes, tornadoes, floods
Terrorism – the threat continues to loom large
Workplace Violence – becoming more frequent
Power Outages – blackouts, brownouts, rolling blackouts
Fires, Explosions, Chemical Releases
Security Threats- new generation of eCrime
www.andrewsinternational.com
New Breed of Damaging Brand Attacks
Classic Phishing
Vishing (aka: VoIP phishing using phones)
SMiShing (test message to a link that installs a Trojan)
Malware
419 Scams ( morphed Nigerian letter scam gone cyber)
Blended Abuse
H1N1 Treatment Products Fraud
www.andrewsinternational.com
New Security ThreatsEconomy Driven
A DuPont scientist stole $400 million in intellectual property from him employer in the form of 16, 706 documents and over 25,000 scientific abstracts
An employee working in a Texas physician’s office that was contracted to treat FBI agents attempted to sell an agent’s health records to drug traffickers for $500.
A Federal Emergency Management Agency employee stole the identity information of 200 people and opened $150,000 in credit accounts.
www.andrewsinternational.com
21st Century Hacktivism
Microsoft’s Irish website defaced
FBI website defaced
Scotland Yard career website defaced
Hackers invade Obama website: users redirected to Clinton campaign website
Safe website let you embarrass people in high places- ananomize
Palin’s Yahoo mail hacked- published on wikileaks.org
Blackmail and Extortion using stolen information
www.andrewsinternational.com
Understanding Key Terms
Emergency Management – – An Ongoing Process to:
• Prevent, mitigate, prepare for, respond to, and recover …• From an incident that threatens life, property, operations, or the
environment.”
Examples– Medical Emergencies– Fires or explosions– Natural hazards – Hazardous material spills or releases– Security threats
www.andrewsinternational.com
Terms
Business Continuity– An ongoing process to successfully:
• Identify the impact of potential losses• Apply viable recovery strategies and plans• Maintain continuity of services
Needed When . . . – Interruption or loss of:
• Technology: hardware, software, data, connectivity• Operations: critical facility, building, process, system, equipment • Transportation: air, land• Communication
– Essential personnel unavailable
www.andrewsinternational.com
Terms
Crisis Management– Crisis: situation threatens to significantly harm:
• Operations• Financial Results • Reputation or Image• Relations with Key Stakeholders
– Needed When . . . • Accident, Natural or Environmental Disaster• Financial Troubles• Rumors or Scandals• Litigation• Strategic/Business Environment• Terrorism/Cyber Terrorism• Media Reports
www.andrewsinternational.com
Typical Challenges
No electricity Damaged hardware, equipment No plans to relocate remaining equipment No plans to repair/replace/dispose of damaged equipment Incomplete coverage on service contracts No employee evacuation, re-assemblage plans No planned employee communication system No plans for communicating with key stakeholders No plans for emergency equipment acquisition No offsite backup of IT systems
www.andrewsinternational.com
Lessons Learned:Power
No power, or limited power supplies No time estimates for restoring power Poor location of generators Poor location of redundant power supplies No testing of redundant power supplies No plan for acquiring generators Inadequate fuel supply Inadequate protection for fuels
www.andrewsinternational.com
Lessons Learned:Infrastructure
Located in high risk area– Did not foresee risk, vulnerabilities of locations
Structural Damage Security, Accessibility problems Storage/Location of critical assets Mold, contaminants Mobile solution didn’t work in affected areas No access to vendor contact information for clean-up
www.andrewsinternational.com
Lessons Learned:Insurance
Poor or inadequate coverage Did not know what disaster scenarios were covered No documented information for claims adjuster
– Inventory of Assets
– Inventory of Event Activities Had not assessed risks vs. coverage Had not insurance-tested various disaster scenarios Keep an inventory of all assets No independent review of insurance coverage
www.andrewsinternational.com
Lessons Learned:The Plan Itself
Plans – Outdated or non-existent– Not available - were in the damaged facility– Plans were not linked to change management– Plans too complex for quick use under stress– Not tested; lack of regular team drills
No incident command system IT and business change plans not integrated Crisis response structure not organization-wide Teams not set: Incident Command, Crisis, Operational No pre-set locations, equipment to facilitate teams
www.andrewsinternational.com
Lessons Learned:Travel
Movement takes longer than expected People did not follow local agency directions Limited or no gasoline Limited or no air travel available No rental vehicles available Heavy traffic, contra-flow Limited housing availability No plan for moving key employees and families
www.andrewsinternational.com
Lessons Learned:Communications
No central number for employees/customers to call Cell phones may not work Cordless phones may not work Internet, Email may not be accessible No plans to address the media, authorities, others No communications with public sector agencies Emergency contact information not easily accessible No emergency notification system Not prepared to handle incoming inquiries
www.andrewsinternational.com
Lessons Learned:People
Employees– Not 100% focused
• Traumatized• With or concerned about families
– Did not know what to do – Safety not considered in plans– Emergency loans not available
Alternate team members not planned Confusion = slow, inadequate decision-making Not prepared to inform families
– Incoming family inquiries– Notify families of injured, deceased employees
www.andrewsinternational.com
Operational Challenges
Scale: Large magnitude, multi-location event/crisis Infrastructure: Damage or Loss of:
– Voice, data communications systems– Power/Fuel– Facilities
Rapidly changing environment = unique support needs Competing interests = non-productive behavior:
– Individual, bureaucratic and departmental interests– Stovepipes, silos and measurement issues
Complex coordination between company, authorities
www.andrewsinternational.com
Operational Challenges(Cont’d)
Acquiring Needed Resources: – Food– Supplies– Security– Transportation– Personnel– Funding – Sanitation
Chaos, trauma, emotional stress, harsh environment Polices, regulations, practices Limited staff with crisis, disaster experience
www.andrewsinternational.com
Communications Challenges
“90 percent of a crisis response is communications” – Barbara Reynolds, Center for Disease Control, USA
Responding quickly but accurately Managing both the company and the crisis Coordinating crisis operations and communications Managing rumors Establishing control of communications
– Media– Internet– Employees– Other stakeholders
www.andrewsinternational.com
Crisis Communications:Be Prepared
Know your vulnerabilities Have crisis communications plans already in place
– Immediate response plan– 72-hour response plan
Pre-set teams – One to manage the company– One to manage the crisis
Pre-set decision structure (rapid-response) Pre-set contact lists (frequently updated) Pre-test with crisis communications drills
www.andrewsinternational.com
At Crisis Time
Activate the teams – minutes count! Quickly establish:
– Secured crisis location – Command Center (operations and communications)– Access to accurate information– Control of outgoing information
• Media• Internet
Credibility is your most valuable asset
www.andrewsinternational.com
Some Thoughts on Crisis Management
“In a crisis, don’t hide behind anybody or anything. They’re going to find you anyway.” -Paul “Bear” Bryant- American Football Coach
“What one decides to do in a crisis depends on one’s philosophy of life, and that philosophy cannot be changed by an incident. If one has no philosophy in crisis, others make the decision.” –Jeanette Rankin- US House of Representatives
“It takes 20 years to build a reputation and 5 minutes to ruin it” –Warren Buffet-
“If it’s not important to senior management, it will not be important to middle management or line management at all” – Denny Lynch, Senior VP of Communications, Wendy’s-
www.andrewsinternational.com
Primary Challenge & Priority
Maintaining communication regardless of the nature of the event, be it a natural disaster or terrorist incident, is the primary challenge during a disaster
www.andrewsinternational.com
Integrated Approach to Crisis Management
Operations and communications Risk Assessment – vulnerability audits Crisis Prevention – mitigating the risks Crisis Response Planning – becoming prepared Crisis Response Training – preparing your people Responding to the Crisis – minimizing damage Managing Reputation – before, during, and after
www.andrewsinternational.com
EXECUTIVE DIRECTORCONSULTING & INVESTIGATIONSANDREWS INTERNATIONAL469.737.5926 (OFFICE)972.741.7532 (CELL)[email protected]
William M. “Bill” Besse