The document discusses the importance of being prepared for various crises and disruptive events. It outlines many challenges organizations may face during crises related to infrastructure damage, communications, travel, insurance, and emergency plans. The key is taking an integrated approach to crisis management by linking operations and communications plans, conducting risk assessments, prevention activities, response planning, training, and reputation management before, during and after a crisis occurs. Maintaining communication is cited as the primary challenge during disasters.

1. We Must Be Ready

2. We Must Be Ready

3. When you are walking through the flames

4. You should be thinking about What’s Next?

5. A Crisis of Sorts?

6. Violence Crisis

7. A “Dilbert” View

8. Hazards: The List Continues to Expand Natural Hazards – hurricanes, earthquakes, tornadoes, floods Terrorism – the threat continues to loom large Workplace Violence – becoming more frequent Power Outages – blackouts, brownouts, rolling blackouts Fires, Explosions, Chemical Releases Security Threats- new generation of eCrime

9. New Breed of Damaging Brand Attacks Classic Phishing Vishing (aka: VoIP phishing using phones) SMiShing (test message to a link that installs a Trojan) Malware 419 Scams ( morphed Nigerian letter scam gone cyber) Blended Abuse H1N1 Treatment Products Fraud

10. New Security Threats Economy Driven A DuPont scientist stole $400 million in intellectual property from him employer in the form of 16, 706 documents and over 25,000 scientific abstracts An employee working in a Texas physician’s office that was contracted to treat FBI agents attempted to sell an agent’s health records to drug traffickers for $500. A Federal Emergency Management Agency employee stole the identity information of 200 people and opened $150,000 in credit accounts.

11. 21 st Century Hacktivism Microsoft’s Irish website defaced FBI website defaced Scotland Yard career website defaced Hackers invade Obama website: users redirected to Clinton campaign website Safe website let you embarrass people in high places- ananomize Palin’s Yahoo mail hacked- published on wikileaks.org Blackmail and Extortion using stolen information

12. Understanding Key Terms Emergency Management – An Ongoing Process to: Prevent, mitigate, prepare for, respond to, and recover … From an incident that threatens life, property, operations, or the environment.” Examples Medical Emergencies Fires or explosions Natural hazards Hazardous material spills or releases Security threats

13. Terms Business Continuity An ongoing process to successfully: Identify the impact of potential losses Apply viable recovery strategies and plans Maintain continuity of services Needed When . . . Interruption or loss of: Technology: hardware, software, data, connectivity Operations: critical facility, building, process, system, equipment Transportation: air, land Communication Essential personnel unavailable

14. Terms Crisis Management Crisis: situation threatens to significantly harm: Operations Financial Results Reputation or Image Relations with Key Stakeholders Needed When . . . Accident, Natural or Environmental Disaster Financial Troubles Rumors or Scandals Litigation Strategic/Business Environment Terrorism/Cyber Terrorism Media Reports

15. Developing an Integrated Program

16. Integrated Plan

17. Lessons Learned from Disruptive Events

18. Normal life may be impacted

19. It could be difficult to travel

20. Assistance might be delayed

21. Typical Challenges No electricity Damaged hardware, equipment No plans to relocate remaining equipment No plans to repair/replace/dispose of damaged equipment Incomplete coverage on service contracts No employee evacuation, re-assemblage plans No planned employee communication system No plans for communicating with key stakeholders No plans for emergency equipment acquisition No offsite backup of IT systems

22. Lessons Learned: Power No power, or limited power supplies No time estimates for restoring power Poor location of generators Poor location of redundant power supplies No testing of redundant power supplies No plan for acquiring generators Inadequate fuel supply Inadequate protection for fuels

23. Things you assume will be there- may not

24. Lessons Learned: Infrastructure Located in high risk area Did not foresee risk, vulnerabilities of locations Structural Damage Security, Accessibility problems Storage/Location of critical assets Mold, contaminants Mobile solution didn’t work in affected areas No access to vendor contact information for clean-up

25. Lessons Learned: Insurance Poor or inadequate coverage Did not know what disaster scenarios were covered No documented information for claims adjuster Inventory of Assets Inventory of Event Activities Had not assessed risks vs. coverage Had not insurance-tested various disaster scenarios Keep an inventory of all assets No independent review of insurance coverage

26. Lessons Learned: The Plan Itself Plans Outdated or non-existent Not available - were in the damaged facility Plans were not linked to change management Plans too complex for quick use under stress Not tested; lack of regular team drills No incident command system IT and business change plans not integrated Crisis response structure not organization-wide Teams not set: Incident Command, Crisis, Operational No pre-set locations, equipment to facilitate teams

27. Lessons Learned: Travel Movement takes longer than expected People did not follow local agency directions Limited or no gasoline Limited or no air travel available No rental vehicles available Heavy traffic, contra-flow Limited housing availability No plan for moving key employees and families

28. Lessons Learned: Communications No central number for employees/customers to call Cell phones may not work Cordless phones may not work Internet, Email may not be accessible No plans to address the media, authorities, others No communications with public sector agencies Emergency contact information not easily accessible No emergency notification system Not prepared to handle incoming inquiries

29. Plan to use a range of technologies

30. Lessons Learned: People Employees Not 100% focused Traumatized With or concerned about families Did not know what to do Safety not considered in plans Emergency loans not available Alternate team members not planned Confusion = slow, inadequate decision-making Not prepared to inform families Incoming family inquiries Notify families of injured, deceased employees

31. Operational Challenges Scale: Large magnitude, multi-location event/crisis Infrastructure: Damage or Loss of: Voice, data communications systems Power/Fuel Facilities Rapidly changing environment = unique support needs Competing interests = non-productive behavior: Individual, bureaucratic and departmental interests Stovepipes, silos and measurement issues Complex coordination between company, authorities

32. Operational Challenges (Cont’d) Acquiring Needed Resources: Food Supplies Security Transportation Personnel Funding Sanitation Chaos, trauma, emotional stress, harsh environment Polices, regulations, practices Limited staff with crisis, disaster experience

33. Communications Challenges “ 90 percent of a crisis response is communications” – Barbara Reynolds, Center for Disease Control, USA Responding quickly but accurately Managing both the company and the crisis Coordinating crisis operations and communications Managing rumors Establishing control of communications Media Internet Employees Other stakeholders

34. Crisis Communications: Be Prepared Know your vulnerabilities Have crisis communications plans already in place Immediate response plan 72-hour response plan Pre-set teams One to manage the company One to manage the crisis Pre-set decision structure (rapid-response) Pre-set contact lists (frequently updated) Pre-test with crisis communications drills

35. At Crisis Time Activate the teams – minutes count! Quickly establish: Secured crisis location Command Center (operations and communications) Access to accurate information Control of outgoing information Media Internet Credibility is your most valuable asset

36. Some Thoughts on Crisis Management “ In a crisis, don’t hide behind anybody or anything. They’re going to find you anyway.” -Paul “Bear” Bryant- American Football Coach “ What one decides to do in a crisis depends on one’s philosophy of life, and that philosophy cannot be changed by an incident. If one has no philosophy in crisis, others make the decision.” – Jeanette Rankin- US House of Representatives “ It takes 20 years to build a reputation and 5 minutes to ruin it” – Warren Buffet- “ If it’s not important to senior management, it will not be important to middle management or line management at all” – Denny Lynch, Senior VP of Communications, Wendy’s-

37. Primary Challenge & Priority Maintaining communication regardless of the nature of the event, be it a natural disaster or terrorist incident, is the primary challenge during a disaster

38. Integrated Approach to Crisis Management Operations and communications Risk Assessment – vulnerability audits Crisis Prevention – mitigating the risks Crisis Response Planning – becoming prepared Crisis Response Training – preparing your people Responding to the Crisis – minimizing damage Managing Reputation – before, during, and after

40. EXECUTIVE DIRECTOR CONSULTING & INVESTIGATIONS ANDREWS INTERNATIONAL 469.737.5926 (OFFICE) 972.741.7532 (CELL) [email_address] William M. “Bill” Besse