Business Continuity Awards 2011

Crisis Solutions are once again sponsoring a category at next years prestigious Business Continuity Awards.

The category: Crisis Strategy of the Year.

The Business Continuity Awards recognise those business continuity, security, resilience and risk professionals whose innovative strategies and industry savvy make them stand out above the rest.

Judged by an independent panel of experts for exceptional performance, service and results in this dynamic industry, the winners in this year’s 20 categories will be honored and awarded at a gala dinner and ceremony on Wednesday 30th May 2012 – an evening that brings together industry leaders for a night of networking and celebration.

Christmas greetings

The Lizard would like to extend warm Christmas greetings to all Crisis Lounge regulars. Have a great holiday and a great new year.

Near misses and direct hits

The Lizard's alter ego Jim Preen has just had an article published on Continuity Central. Here's a taster:

The argument goes like this. Business continuity is not about the little disturbances and the day-to-day interruptions. That’s incident management; and not to be confused with a major incident that knocks out all your IT or leaves your HQ a smouldering wreck. Incident management is a different beast from business continuity management and requires different processes and resources.

Sure, you can argue about where the line is drawn between incident management and business continuity, but they are different disciplines and not to be confused.

But is this a correct or, even, a useful distinction?

Let’s look at IT for a moment. Systems are often brought down by a series of small disasters that can create more frequent downtime than a really big catastrophe. If you have a number of small-scale outages you may irritate staff and clients as much as if you’d undergone a full-scale incident.

Smaller disasters are often handled ad hoc and if the problem is easily overcome people assume that planning isn’t necessary. Conversely if the issue isn’t quickly resolved the blame game starts and staff complain that plans and training are inadequate.

But there’s more to it than that.

Read more here.

Singapore Sling

Crisis Solutions staff are packing their cases for a trip to Singapore this coming week. The team is delivering crisis management training to a whole host of people at a world-renowned bank, but who knows they may find time for a Gin Sling or two at the Raffles Hotel.

Asia seems to be beckoning quite frequently these days. Watch this space for pictures and updates.

'Unthinkable'

The Lizard is currently reading the fascinating book ‘Unthinkable’ by Amanda Ripley. For a book that takes a cold hard look at crises and disaster it’s surprisingly readable and a real page-turner.

She uses an abundance of interlinked case studies that look at how people respond in a crisis and has some practical advise on how to live to tell the tale. The one big takeaway is that people who have had some form of crisis training have a far greater chance of survival.

There are also some extraordinary stories of heroism that make this a far from depressing book, but it is perhaps the totally counterintuitive ways in which people respond to a catastrophe that linger in the mind. The Lizard gives it 5 stars.

My Blackberry’s on the blink

Tim Flynn feels your pain

Communications
It’s been a torrid few days for Blackberry and their customers who rightly expect their gadgets to get information (SMS, BBM) from their handset to the recipient on time, every time. As with any advances in technology, once you show people what can be achieved that’s the standard they come to expect.

Blackberry have been very poor in communicating with customers which suggest that they just don’t get the importance their products play in people's lives. They haven’t grasped the information needs of their key stakeholders.

In doing so Research in Motion, the company behind Blackberry, have created a very effective information gap down which they have plummeted. All of which creates the very real prospect of corporate customers not renewing contracts and going shopping elsewhere. Scary for any company especially when there are a myriad of similar devices on the market.

Operational Response

As far as their operational response goes it all seems too little too late. My suspicion is that their operation is so complex and the list of potential faults so huge that is it has not been easy for them to diagnose the extent of their problems or how long it would take to fix them.

Complexity

The complexity of their operation is certainly a factor here. If you look at any number of recent crises such as the current debt crisis or the banking crisis of 2007/8, a great deal of it was built on people's inability to understand the big picture. Complexity seems like a good idea during the good times but makes fixing the bad times pretty tricky.

Tim Flynn is a senior consultant at Crisis Solutions

Is bird flu making a comeback?

Sometimes you need to be careful what you wish for. The Lizard’s alter ego Jim Preen wrote an article recently on what makes for a convincing scenario during a crisis simulation.

He had this to say:

So what is my favourite scenario? As with all things scenarios seem to be at the whim of fashion or at least what’s been in the news recently. How long before we start devising an exercise based on widespread rioting and looting?

Some years it’s terror attacks, then the smart money is on damage to data centres, but for me, I miss the ‘good old days’ of pandemic flu. That often seemed the perfect scenario because it was and is potentially catastrophic (how we love a good catastrophe!), could affect any organization, but also allowed for planning, being a rising tide event.

It involves human beings rather than technology, which can be a turn-off to those not technically minded and given the medical evidence also highly credible. No doubt it will stage a comeback in a year or two.

Well bird flu seems to be making a comeback rather sooner than expected. Time is currently running an article headlined:

It’s back: Bird flu returns and this time it’s mutated

During the last couple of flu seasons, we were all worried about H1N1, a new and virulent strain of influenza, but this winter we may have to contend with a much deadlier foe: H5N1 or bird flu. Some Asian countries are reporting this week the first cases of a mutant strain of the virus spreading in poultry.

The U.N. Food and Agriculture Organization reported on Monday that the H5N1 virus has mutated, something that public health officials had feared would happen and that could possibly make the virus more dangerous to people.

In its original form, H5N1 primarily infects wild birds and poultry, including geese, chickens, ducks and turkeys, but only rarely jumps into people. Still, the fact that some people have become infected with H5N1 by eating improperly prepared and contaminated poultry — the virus has killed 331 people and infected 565 since it first appeared in 2003 — led experts to warn that it was only a matter of time before it altered into a form that made it easier to spread to humans.

Read more here

Who's Sari now?

More pictures from the Crisis Solutions Indian Adventure

























Do I eat it or smoke it?

Here's Crisis Solutions' CFO, Richard Whitby, on a recent business trip to India.
He is seen taking possession of the first of our new fleet of company cars.

Can you profile the perfect crisis manager?

What qualities are required in a disaster and is it possible to profile individuals who might be effective crisis managers? Jim Preen writes in Continuity Central.

The recent anniversary of 9/11 reminded us what good looked like in a crisis – it looked like New York City firefighters and of course Rudolf Giuliani, the mayor of New York in 2001.

Prior to the catastrophe Giuliani had been a divisive figure and by no means universally popular, but cometh the hour cometh the man. He seemed up to the job in both word and deed. When asked how many people he thought had died in the tragedy his immediate response was “more than any of us can bear.” Perfectly capturing the public mood at the time of overwhelming crisis.

So what qualities are required in a disaster and is it possible to profile individuals who might be effective crisis managers?

Read more

Perfect profile

The police use profiling to target potential criminal offenders.

The Lizard asks: Can you profile the perfect crisis manager?

There might be an article coming on…

A pilot’s guide to crisis management

Richard Whitby, CFO at Crisis Solutions, has a highly entertaining article in the new edition of Risk UK. Click here to see the article and the rest of the magazine.

Here’s a taste:

A pilot's guide to crisis management

“Final check, then apply full power,” says the instructor. I’m hunched over the controls of the Cessna light aircraft, my palms sweating and my head full of figures. The pilot of a 747 couldn’t be concentrating any harder.

Final Check means a quick glance over the myriad dials in front of me to ensure that ‘temperatures and pressures’ are normal. Then it’s the Big White Numbers check which means making sure the runway number given by air traffic control matches the huge numbers painted on the runway in front of me - thereby ensuring I’m on the correct runway and not about to meander in front of a 737 on its way to Majorca.

Flying is all about logical planning, together with the training and flexibility to deal with any eventuality, which strikes me as the same set of skills you need for crisis management.

Social media policy

A couple of posts back I highlighted an article about social media. I’ve had a couple of comments along the lines of: ‘Well that’s very interesting, but what are we meant to do about it?’

The answer is your company should have a social media policy – so as a public service and to get you started here’s a checklist to get you underway:

• Employee Facebook policy
• Employee personal blog policy
• Employee Twitter policy
• Employee Linkedin policy
• Corporate blogging policy and approval process
• Corporate blog commenting policy
• Corporate YouTube policy

Developing scenarios

Jim Preen provides some advice on how to set up convincing business continuity exercise scenarios.

Terror blasts, white powder attacks, pandemic flu, cyber crime, the list goes on. At the sharp end of business continuity it really is one damn thing after another.

We seem to spend our lives frightening the life out of crisis management teams by dreaming up the best possible scenarios to test their response and the company’s business continuity plan. So what makes for the top scenario - one that really tests the plan and the players?

Read the full story here.

The anatomy of a social media crisis

Good article by Erica Swallow at Mashable on the Altimeter report on soc media crises.
Definitely worth a look. Here's a taste.

Social media crises are on the rise, but 76% of those that occurred since 2001 could have been diminished or averted with the proper social media investments, according to a report by Altimeter Group released on Wednesday.

For the report, entitled “Social Business Readiness: How Advanced Companies Prepare Internally,” Altimeter Group analyzed 50 social media crises that have occurred since 2001 and found that those reaching mainstream media have risen steadily through the past decade, with just 1-2 incidents per year in the first five years and a total of 10 social media crises last year alone. The report also sheds light on exactly how social media crises arise and how companies can avoid them.

Click here to read more.

Is this a crisis or are we just having a bad day?

When the Lizard’s alter ego - Jim Preen - wrote the international best selling page-turner ‘Communication Strategies’ (Write your incident communication plan now) for the British Standards Institution the publisher said that nowhere in the book could the word crisis be used. Now given that our company is called Crisis Solutions that got me thinking.

Is there now no such thing as a crisis? Or if you think there is, then are the two words interchangeable? I have a suspicion they are not.

Would it be fair to say that a crisis is one step up from an incident? Or perhaps you could say that an incident is someone else’s problem and a crisis is something you have to fix yourself. So my crisis is your incident!

Definitions will vary from company to company depending on the business they are involved in, but one colleague suggested that an incident becomes a crisis when it cannot be solved following standard operating procedures. Or perhaps an incident becomes a crisis when it’s not managed correctly.

All of which reminds me of the old joke about the difference between Brits and Americans in a crisis.

To Americans ‘the situation is serious but not hopeless’.

To Brits the ‘situation is hopeless, but not serious!’

If at first you don’t succeed: fail, fail and fail again...

Jim Preen of Crisis Solutions wonders if the best way to avoid failure is to fail constantly.

AT&T’s findings in their annual business continuity survey make for interesting reading and while the report is inevitably US based, it will ring bells with a European audience.
One area of the survey that jumps out at the reader and could stand a second glance is cloud computing.

Read the rest of the article here.

The Crisis Solutions Summer Conference

It takes place on Thursday, 30^th June 2011, onboard HMS President, Victoria Embankment, London.

Here’s the line up of excellent speakers:

Mike Methley, Group Chief Operations Officer, Jardine Lloyd Thompson:

'Assuring global client services during natural disasters and incidents.'

Alice Reeves, Assistant Director for Telecoms Resilience, Department for Business, Innovation and Skills:

'The challenges in setting cyber resilience policy.'

Colonel Ru Watkins, Chief of Staff, Selly Oak Military Hospital:

'Delivering rapid organisational change in response to unexpectedly urgent operational requirements.'

Andrew Davidson, Operations Manager, Currency Division, De La Rue:

'Executive leadership and management during an extended corporate crisis.'

Dr Brad Mackay, Director MBA Programme, Edinburgh Business School:

'The application of scenario analysis in strategic resilience planning.'

Jim Preen, Head of Media Services, Crisis Solutions:

'Social networks and their place in supporting crisis response and recovery.'

Cyber-attacks and Black Swans

by Jim Preen

Cyber-crime is rarely out of the news these days. Sony says that hackers may have stolen personal data belonging to as many as 77 million PlayStation gamers. The company admitted that credit card information, used to purchase games, films and music, may be part of the haul.

Just prior to that story breaking, computer security firm McAfee released a report called ‘In the dark: Crucial Industries Confront Cyberattacks’ which casts a beady eye at the impacts of cyber-attacks on power grids, oil, gas, water and the like.

The survey of 200 IT security executives working for utility companies finds that 40 percent believe their industry’s vulnerability has increased. Around 3 out of 10 believe their company is not prepared for a cyberattack and nearly half expect a major cyber-attack within the next year.

Denial of service attack
Buried deeper in the report; 80 percent of respondents say they have faced a distributed denial of service attack (DDoS), and a quarter report daily or weekly DDoS attacks.

These types of attacks have the potential to compromise websites and email traffic, but researchers say they are unlikely to disrupt energy supplies.

However, one of the report’s authors, Stewart Baker a former US national security advisor, warned power companies not to be complacent. “We asked what the likelihood was of a major attack that causes significant outage. That is one that causes severe loss of services for at least 24 hours, loss of life or personal injury or failure of a company. Three quarters thought it would happen within the next two years," he said.

By now cynics will be muttering that this is no more than a marketing exercise on the part of McAfee, a wholly owned subsidiary of Intel Corporation and one of the world's largest security technology companies. To put it crudely: McAfee has come up with a worrying report that should frighten us into buying their products. But are the cynics right?

Read the rest of the article here.

The Crisis Solutions Summer Conference

Our summer conference takes place in central London on 30^th June. You are very welcome to attend.

We have a distinguished panel of speakers, all of whom will provide thought-provoking insights into the management of real-world crises and the challenges of emerging threats.

• Learn from the COO of a major global insurance broker about how they sustained operations when faced with civil unrest, floods and earthquakes.

• Hear from the COO of an international manufacturing group what it’s like to face sustained attacks on a brand.

• Learn from a distinguished academic about the dangers posed by the growing threat of sophisticated cyber crime.

• Learn about the challenges facing government in designing an effective cyber resilience strategy.

• Hear how the British Army embeds a rapid 'lessons learned' approach to operations in Afghanistan and elsewhere.

• Learn how social networks have been leveraged in the aftermath of major disasters.

Watch this space for further details about the conference.

Is PR undermining the work of BC professionals?

Crisis Solutions' staffer Jim Preen has just had a comment piece on bank stress testing published on Continuity Central. Take a look at it here.

How to use a website during a crisis

Websites are now a critical interface between firms and customers. Thousands of pounds are spent building on-line relationships between a company and its clients.

Unfortunately in a crisis, websites are often forgotten.

Take a look at the on-line presence of some of Japan’s biggest companies in the wake of the earthquake and tsunami.

Toyota’s global home page has a message from the president, who offers his prayers ‘towards the realization of recovery’ but this is now more than two weeks old. Nintendo has a brief message on its Japan homepage but makes no mention of the disaster on any of its other sites. Nissan’s global page has nothing and Sumitomo Mitsui Financial also have other things on their mind.

It seems that Japanese companies still don’t see websites as mainstream communication tools.

In a crisis, a website is a vital resource that should provide essential information to a wide range of stakeholders – staff, customers, suppliers and journalists.

All inappropriate content, including advertising, must be pulled and companies need to have a mechanism for doing that day or night.

Many firms have a dark website that is set up ahead of time, which can be activated in a crisis. If you need help with this or any other aspect of crisis readiness then please go to our website: www.crisis-solutions.com

Scary questions

It can be hard to interest senior management in business continuity. Here’s the general perception:

· It’s dull

· It’s expensive

· And we don’t want to think about crises right now!

So with that in mind here are a series of questions you can drop into conversation with your bosses, which might just persuade them of the importance of crisis readiness.

· How long would it take to get hold of senior management if crisis strikes out of office hours?

· How do we contact employees so they hear about the crisis from us rather than the media?

· Can we update our website out of office hours?

· When was our crisis plan last revised and has it ever been tested?

· Who is our spokesperson in a crisis and who will deputise?

· What companies similar to ours have endured a crisis recently? How would we have coped?

· What would we say in a crisis? Who decides what information to give out and what is the sign off procedure?

Of course, if you have better, scarier questions that promote the cause, then we want to hear from you!

What are the worst corporate decisions of all time?

At Crisis Solutions we've been talking about catastrophic corporate decisions, but what are the worst?

This is what we came up with:

· Decca Records signing The Tremeloes rather than some hairy bunch from Liverpool called The Beatles?

· Coca-Cola changing its magic formula and rebranding itself as New Coke?

· IBM allowing Bill Gates to retain the rights to that unimportant aspect of computers – their software?

All are worthy of being inducted into the Corporate Catastrophe Hall of Fame, but what do you think? Any better ideas?

Crisis Solutions gets coverage on Continuity Central

Trends in business continuity plan testing and exercising


Jim Preen of Crisis Solutions takes a look at some emerging trends in the area of business continuity plan testing.

The most notable change in the crisis management environment is the revolution in instant multi-media communications channels and the resultant need for firms to be able to demonstrate that they are both on top of the problem and can communicate effectively in a way that takes account of the public and stakeholder ‘mood’. As a result, savvy organizations are looking at new ways and methods to scrutinize, test and validate their business continuity plans.

Click here to read on.

Assange as Bond villain

There's an excellent piece on the impact of WikiLeaks in The Guardian, where the writer, Clay Shirky, describes Assange as only a monocle and a Persian cat away from a Bond villain! But he has serious points to make on the balance that has to be struck between government secrets and a citizen's right to know what is being done in our name.

He also makes the point that whether or not the establishment, (in the UK, the US or Sweden) gets Assange and destroys WikiLeaks the genie is now out of the bottle. If WikiLeaks were put out of business, then another conduit would soon be found.

Assange has claimed, when the history of statecraft of the era is written, that it will be divided into pre- and post-WikiLeaks periods. Who dares say he is wrong?
Read the article here.

The perils of social media

The Lizard was amused by the story of the Oxford Street gunman, Twitter and the tricky nature of the English language.

Twitter users sparked a major security alert when false reports of a gunman in Oxford Street were posted on the site. Thousands feared a shoot-out was taking place after information from a police training email was leaked.

But all was not what it seemed. Go here for the full story.