SBN

How to Act Before, During, and After a Crisis

Article

How to Act Before, During, and After a Crisis

A rise in physical threats requires updated response procedures. Learn what’s behind this increase and what you can do to address crises when they occur.

When did you last review your crisis response plan and threat assessment? Do they address how to respond to threats in today’s increasingly volatile environment?

More than likely, you’ve seen your fair share of corporate security threats — from workplace violence to severe weather and more. Yet, lately, you may have experienced a steady uptick in concerning activity. 

According to Ontic’s State of Protective Intelligence Report by Ontic, eight out of nine executive protection (EP) professionals say their companies are experiencing a dramatic increase in physical threats.

What’s behind the rise in threat activity?

According to Ontic’s Connected Corporate Security Report, geopolitics is the leading cause. Security leaders also blame political risk and unrest for rising threat activities.

Geopolitics
According to the report, 51% of chief security officers (CSOs) ranked geopolitics as one of the top three security risks facing their organization, impacting supply chains, corporate office locations, and executive travel.

Political risk and unrest
CSOs also shared that political risk and unrest are at their highest levels since 2019. Various factors — including hot wars, climate change, population movement, and resource scarcity — are driving the increase.

Based on insights from veteran corporate security professionals, we’ve outlined how to prepare for unexpected crises, respond during the event, and debrief afterward:

Before a Crisis

Preparing your response to a crisis before it happens is a vital first step. Effective preparation is the best way to mitigate risks. Here are a few steps you can take to prepare:

Distribute pre-established protocols 

Everyone in your organization should be on the same page during a crisis. However, you should never wait for a crisis to occur before distributing protocols. Ensure everyone knows how to stay safe in a threatening situation. 

For example, if you’re in an area where large-scale demonstrations occur frequently, document what your team should do to stay safe (like shelter in place or work from home) so they’re prepared and distribute this information to them now.

Run real-world tabletop exercises 

Tabletop exercises or simulations help uncover gaps in your team’s crisis response plan. Role-play crises that might occur given your location or line of business. 

For example, you might walk through your response to a severe tornado. Consider what would happen during worst-case scenarios. For example, how will you communicate with employees in the event of a power outage? What happens if that power outage means your CEO is incapacitated?

Create a list of pre-vetted vendors

The last thing you should do is research a product in a time of chaos. Build a list of vendors and other external organizations that can help during a crisis now. This list should include cost estimates, implementation information, and more that an executive can quickly approve if required. 

Jim Mowry, lead for the Global Security Crisis Preparedness Center of Excellence at Eastman, shared that when the war in Israel started, he grabbed his pre-vetted list of vendors with budget estimates in front of his CEO.

“When the Israel conflict took off, we had already been thinking ahead,” Mowry said. “I had built folders where I’ve already talked to the vendors and have the estimates. 

Morwy explained that his team noticed suspicious behavior during the conflict at one of their company sites. Foreign nationals who didn’t have the correct documentation tried to gain access to a manufacturing facility. Mowry said that after this event, his CEO approached him, asking him to make more investments in security. Because of his preparation, he quickly sent the list to the company’s chief legal officer for approval.  

“How do [security teams] bring value? Well, sometimes it’s the catalytic event where your value shines and all of a sudden they bring a blank check and say, Hey, we want more of what you do,” he said. “When that happens, don’t say, well get it to you in two weeks. Have it ready because the money will flow.”

During a Crisis

Communication is key when navigating a crisis. Often, multiple communication channels are used to gather and distribute real-time information. Here are steps you can take during a crisis:

Make contact

Establish initial contact with affected individuals and distribute clear guidance. For example, in the event of a political demonstration in the area, you might text employees with alternative routes to the office or ask them to stay home — pre-scripted notifications from your GSOC help. 

Learn the context of the situation

After you establish contact with impacted individuals, learn the context of the situation in relation to your protectees. This will help you continue to provide the best possible guidance. Based on the information you gather, you might suggest that folks shelter in place. In other cases, evacuation might be warranted. It’s tough to make these calls in the moment without real-time insight and alerts.

Communicate with relevant stakeholders 

Maintain clear and continuous lines of communication with all stakeholders — from legal to HR to communications. Each department might have access to different information that can create a holistic picture of the crisis and inform your response.

Patrick Kane, senior director of security at Atlas Air, shared a story about seven crew members who found themselves in the middle of civil unrest that quickly escalated. Kane faced various communication challenges during the crisis, including the lack of SATCOM and unreliable cell service. Instead, he used alternative channels to stay in contact with his crew. 

With continuous reassessment of the situation through constant communication with the impacted individuals (via backup channels), Kane’s team ruled out several routes out of the country, including the airport. Eventually, his team formed a plan to evacuate the crew on their own aircraft.

“It was challenging because it was an ongoing thing, we had to constantly evaluate what was happening on the ground in that environment along with all our other operations,” he said.

After a Crisis

During a crisis, you’re focused on the task at hand. You’re not thinking about what is going right or wrong and ways to improve, nor should you be. That’s why a complete debrief and examination of lessons learned is essential after the event. 

Immediately review the team’s response while it’s still fresh in your mind.  Gather members from your team, marketing, communications, HR, legal, and anyone else involved to discuss what occurred. 

Questions to ask the team include: 

  • What was the catalyst?
  • When did the situation reach the point for intervention? 
  • Were the proper security protocols followed? If so, what was the outcome? If not, why?
  • Where were the weak points in our response? 
  • Where were the strong points in our response? And how to optimize it? 
  • What do we do today to prepare for another crisis like this? 

It’s also critical to document everything you’ve done to mitigate the impact of crises. With solid and consistent reporting, it’s easier to prove the value of your program and gain the support you need to continue carrying out your duty of care.

“If we put a BOLO out for somebody and we catch them. That was a save. If we didn’t report that, do you think the C-suites ever going to have any clue that we did our job and that we were right of bang instead of left of bang? You’ve got to highlight those,” Mowry said.

Addressing physical threats will remain a constant in your work. Your response, however, can’t be. It’s important to always review, benchmark, and update your crisis response plans and threat assessments — especially when corporate security threat activity continues to rise.

Learn More

Ontic’s Converged Security Operations Console

The post How to Act Before, During, and After a Crisis appeared first on Ontic.

*** This is a Security Bloggers Network syndicated blog from Articles - Ontic authored by Ontic. Read the original post at: https://ontic.co/resources/article/how-to-act-before-during-and-after-a-crisis/

Application Security Check Up