Tuesday, December 31, 2013

A Slightly Different Perspective on the Crises of 2013

With nearly 25 years of “in the trenches” crisis management experience, the staff of the Institute for Crisis Management has nearly seen it all!

Add the 20 years I’ve been a part of ICM with my previous 30-years of newspaper, radio and television news experience and I can truthfully say it’s been a long time since an organization or the people in an organization have surprised me.  Disappointed me, yes, but not surprised me.

We used to compile a list of the top ten crises each year.  We still publish the annual ICM Crisis Report which includes the top ten most crises prone companies and industries, but that’s a little different from the lists that typically pop up at this time of year.

Professor Daniel Diermeier at Northwestern University’s Kellogg School of Management publishes his annual Top Ten Reputational Crisis List and Bloomberg has its list.  I would not argue with any of their findings.

Where we might disagree is in the assessment of each event’s long term damage and the public’s interest and attention span.

Would you ever have thought we would be talking about Paula Deen and JPMorgan Chase & Co. in the same sentence? As the year came to a close Chase had a tentative $13-billion settlement pending with the U.S. Justice Department over the company’s handling of mortgage bonds and Paula Deen started the year with a Food Network show, restaurants carrying her name, books and endorsements and ended the year with almost no credibility and no income and no prospects for either.

In the last week of 2013 Wells Fargo agreed to pay $541-million to Fannie Mae to settle bad home loan cases. All combined, Fannie Mae has reached settlements of about $6.5-billion with eight banks over dealings that were questionable at best.

There was a Paula Deen Restaurant in a casino about two miles from my home and I did my banking with one of the eight banks.  I had never been to the Deen restaurant and haven’t missed it a bit. And I’m still banking with the same bank.

I have seen social media posts about what awful people manage those banks, and posts condemning and others agreeing with Paula Deen on her attitude toward racism and sexism.

The banks still are raking in the cash and their drive-up windows still have lines backed up every day.

Now, another example of the point I’m about to make.

On the last day of 2013 a Bangladesh court issued arrest warrants for two garment factory owners and four of their employees, charging them with homicide for the deaths of 112 workers in a fire in 2012. In April of 2013 an eight story garment factory collapsed killing 1,127 workers.

The second factory made clothing for Wal-Mart among other American outlets and for a short time there was criticism of stores that used sweat shops in other parts of the world, but those critics moved on to other issues and returned to the big stores to buy low priced clothes.

I cite these examples to make two points.

  1.  The same kind of crises keep making headlines, year after year, with the biggest difference in how fast we hear about them.  As social media usurp the print and broadcast channels consumers of news hear the gory details almost instantly and executives and managers must be prepared to respond ever quicker and more effectively.
  2. Whether organizations respond faster and more effectively, or not, the public and particularly the American public have a shorter attention span and in short order, someone or some organization will do something else to grab our attention for a few days.

Even high profile companies can have a crisis in public confidence or mismanagement, or something can disrupt their business and still recover in a relatively short time.

Boeing profits were up early in the year in spite of battery problems that grounded the company’s giant new 787 Dreamliner.  Sales of other models soared and so did the bottom line.

American Airlines faced a public relations crisis when more than 1,000 flights were cancelled or delayed in one day in 2013, and there were thousands of frustrated and angry customers.  But, when all those people completed their trips and went to the airport to fly home, they ultimately flew home on the same airline.

You still need to anticipate all the things that can go wrong in your organization, whether its manufacturing, healthcare, education, retail sales, food service, finance or not-for-profits. And with that knowledge prepare a plan to manage the most likely problems that can strike, practice with that plan and know what you can say, whatever goes wrong, and who will say it and when.

The Institute for Crisis Management can help you do all of that.




Friday, December 20, 2013

Merry Christmas From Target


Merry Christmas, and oh, by the way, if you used your debit or credit card at any one of the more than  1,700 Target Department stores in the US between Nov. 27 and Dec. 15 your personal credit/debit card information has been stolen.

About three weeks after the first data theft, a blogger “Krebs on Security,” wrote about the intrusion into your personal financial card data.  40-million customer records were compromised in that three week period, But that is not the worst credit card hijacking.  Six years ago hackers got into the T. J. Maxx system and got away with 90-million customer records, and in 2009 thieves made off with 130-million stolen card numbers from the Heartland Payment Systems computers.

The Privacy Rights Clearinghouse claims 621,955,664 credit card files have been reported stolen since 2005, and the group says that’s only the data reported stolen.  The experts say it’s probably many more than that.

There are a number of issues to consider – whether you are a customer of a store like Target, or an investor, or an executive or an employee.

Millions of customers have been potentially ripped off and it took almost three weeks before the company told anyone about it.  That won’t encourage customers to come back, or people to want to work there.

The company posted a formal “letter to customers” on its website, but you had to be alert to find it – the link to the “letter” is in the upper margin of the home page.  When you click on it this is where you end up:

Various so-called experts claim the hackers can sell those 40-million customer records for anywhere from a quarter to $45 each….multiply that by 40,000,000.

My advice to decision makers of retail outlets is to respond quickly if you are a victim.  Secondly you should find a common voice and insist American credit card companies immediately adopt the European “smart-chip technology” which has been spreading throughout much of Europe since 2002.

And every retailer should encrypt their credit card transaction process from the device on which the customer swipes his/her card, through the stores’ network, to their bank and credit card issuer.

And on top of that, every business, small or large, should anticipate what can go wrong and take steps to prevent the “wrong” and simultaneously plan for what you will do and say if it happens anyway.  




Friday, November 29, 2013

Another Potential Crisis That Can Be Prevented

An Alabama woman has filed a $5-million lawsuit against a Kentucky motel where, she claims, she was infected with Legionnaire’s disease.

Why should you care? Read on and I’ll explain.

If you’re like me, you think Legionnaire’s Disease was a big story that surfaced in 1976 at an American Legion Convention in Philadelphia. If you’re old enough you may remember the story: more than 2,000 Legionnaires had attended their three-day convention at the Bellevue-Stafford Hotel.

Within a few days after the end of the annual meeting the first attendees began to die and scores became sick. When health experts finally diagnosed the problem almost six months later, 221 cases had been confirmed and 34 had died.

Needless to say, it was a big story for months. And with the short attention span of most Americans we soon filed that scare away in the depths of our memory banks and moved on to worry about other things.

That may have been a BIG MISTAKE.

Particularly if you own or operate a nursing home, healthcare facility (i.e. hospital, clinic, hospice), retirement community, fitness center, airport terminal, hotels/motels, or about any other facility where people, particularly elderly people or those with compromised immune systems gather, visit or work.

Recently a story crossed my desk about a nursing home in Alabama where at least 14 people had been diagnosed with the pneumonia-like illness and at least one person had died. The source of the disease was traced to air-borne moisture from a commercial air conditioner miles away.

Then I began to see reports from almost everywhere that I had earlier ignored or simply missed.

Sixteen residents and an employee of an Ohio retirement community were diagnosed and two died. Eighteen cases of Legionnaire’s Disease have been reported in Milwaukee, but so far the source has not been identified. And, at least 32 cases, probably significantly more, have been linked to a Veteran’s Administration Hospital in Pittsburgh.

Paul Edelstein, Director of the University of Pennsylvania Microbiology Lab was quoted in the Pittsburgh Tribune saying the true number of Legionnaire cases is more like 56,000 to 113,000 cases annually.

If that doesn’t get your attention, then this should: Attorney’s with the Pritzker Law Firm in Minneapolis, MN, recently won a $3-million settlement for a family with a Legionnaire’s wrongful death lawsuit.

I tell you all this to get your attention.

Remember, the Institute for Crisis Management’s annual crisis report has confirmed for nearly 20-years that on average nearly two-thirds of all business and organizational crises are preventable. The serious illness or death of guests or employees of your organization or neighbors can set of a crisis that many of you may not be able to overcome.

However, if you are aware of the risk, and take the necessary preventive measures you can spare your reputation, save millions of dollars and do right by your customers, clients, guests and employees.

Wednesday, September 18, 2013

I Hate December Layoffs

December and the end of the business calendar year is fast approaching, so you can be sure that some companies and organizations are well into planning for the dismissal or lay-off of scores, if not hundreds of employees.

I was reminded last week of the horror of people losing their jobs and income just before Christmas, when Indiana University Health announced the pending cut of about 800 employees by December 1.

IU Health is Indiana’s largest hospital system with 19 facilities and more than 24,000 full-time employees.  The announcement said some employees would be offered early retirement.

IU Health President James Terwilliger said they have to cut expenses and adapt to trends in health care.  The goal is to save $1-billion in the next five years.

I cannot recall how many times the Institute for Crisis Management has been called in November and December to help organizations through the “bad publicity aftermath” of big lay-offs around Christmas time.

I have been known to get down on my knees and beg management to delay those big lay-offs, even some smaller ones, until early in January – to be sensitive to employees and their families and the devastation that losing a job and an income can have on people anytime of the year, but especially at Christmas time.

The accountants and to some degree the lawyers look at me as if I am as dumb as a box of rocks.

They tell me those lay-offs are mandated by the budget calendar or shareholders or both.  And to delay those personnel cuts would cost money they can’t afford to spend.

I argue in return about the “cost” of ill will for such a Scrooge-like attitude and behavior.  And besides the public reaction to such ill-timed news, the employees who still have their jobs begin to worry if they will be next. Productivity drops, attitudes sour, management-employee trust takes a hit and in some cases customers begin to worry that they can’t count on you anymore and start looking for alternative sources of the products or service that the down-sizing organization provides.
If you are contemplating lay-offs in December, make sure you update your crisis communication plan, prepare a spokesperson to "explain" why you must do this now and be prepared for the negative reaction within and from without your organization.

Thursday, July 11, 2013

How Can You Manage A Crisis Without A Phone?

For years the Institute for Crisis Management encouraged clients to provide pagers for key crisis team members and all of our staff and consultants carried pagers, so no matter when or where we might be, we were always just a phone call away.

Of course mobile phones made a big difference and only a little more than a year ago ICM cancelled our pager service.  Not because we wanted to.  The back-up system of pagers was still a minor expense for such a valuable back-up notification  system. 

We gave up because the major pager companies were not maintaining their relay systems and we could no longer count on them.  So, mobile phones became even more important.

Well, folks, we are all facing a potential communications disaster, and the Boston Marathon bombing should have captured the attention of everyone in crisis management.

ICM has been advocating for years that every organization should have a back-up phone system in their offices because it doesn't take much to isolate the crisis team if your company phone system crashes.  Most modern office, plant, hospital, store and school phone systems are computerized and require electricity to work.  A power outage or a system failure could leave you with no way to call out or manage your crisis.

Again, cell phones are assumed to always be an option, but I wouldn't want to count on them.  If the office phone system is not working, the mobile phone system is likely to fail, soon after.

Stay with me, I'm getting to the really scary parts.

For years we have recommended every organization, no matter how big or small, should have a few old fashion single line business phones available to use if a crisis strikes and takes out the main phone system.  Many of our clients have taken that advice and have from two to eight old fashion, single-line business phones installed and ready if/when the need arises.

Now the first of two even more scary parts:

Within minutes of the Boston Marathon bombing it was almost impossible to make a mobile phone call into or out of the Boston area.  The equipment didn't fail, it was a matter of load capacity.  Everyone was trying to call a loved one or a friend and the system crashed.

When a plant blows up, word gets out there is a shooter in the office, or any other type of crisis strikes, employees immediately grab their mobile phones and start calling out to tell their spouse or friends and simultaneously family and friends start trying to call in and no one can talk to anyone, just like in Boston.

The second scary part:

AT&T -- the phone company -- is beginning to seek permission from regulators to begin dismantling the land-line infrastructure -- the poles and wires that have carried billions of phone conversations for generations -- and replace wired home-phones with mobile service.

Maintaining that system of poles, wires and underground wires eats into the company's profits.

So, the question I must pose:  What kind of communication system will you be able to depend on when all hell breaks lose and you go into crisis mode?

Tuesday, June 25, 2013

Who Is Your Crisis Team Anticipator?

Crisis planning requires someone in the process to be a very good “anticipator.”

It takes a different kind of “anticipator” to help manage a crisis once it hits.

The first kind of anticipator is able to look at the most obvious things that could possibly go wrong and then see beyond that.  One of my favorite examples is a client we had recently started working with when the World Trade Center was attacked.

The company was a large publicly traded company and top management’s idea of a crisis was an accident in one of their plants. 

However, when the World Trade Center Towers came crashing down, there was panic at corporate headquarters.  The CEO, CFO and Corporate Counsel were in New York City that morning for an important meeting near the Towers.

When news bulletins reached the corporate staff as they were arriving for work in a different time zone, they started the futile attempt to contact the boss in New York where all communication was jammed.  It was several hours before they heard from the CEO that all three executives were safe and had walked out of the blast zone and into another part of the city where they found a phone that worked.

No one had anticipated the boss would ever be in such danger, nor what his loss would mean to the company.

Needless to say the death or incapacity of a senior executive can have far reaching impact on any publicly traded company.

The other kind of “anticipator” should be on the crisis management team, and should be someone with institutional memory and the ability to see the “big picture.”  This is someone who knows the organization and the market place, as well as key audiences. 

He or she must be able to look at what is happening and reliably predict what may happen next.  When a statement is being prepared the “anticipator” should be able to look at it and tell the decision maker, “if you say this, this key audience is likely to react this way.”  

“If you do this, it will prompt this reaction from the union…” or other key audiences.

The failure to anticipate what COULD happen and the failure to anticipate reactions to decisions and actions while managing a crisis can make or break any company, organization, school, hospital or not for profit.

Wednesday, June 12, 2013

A Picture Is Worth A Thousand Words!

I've heard the concept -- "A picture is worth a thousand words" all my life. Last week my brother-in-law proved it.

While his neighbor was taking this picture, he saw this funnel cloud out the back door of his house near Adairville, KY

Jeff and Rose Ella are okay.  The tornado changed course enough to miss them, but not enough to spare a number of farms and homes nearby.

A farm is a business.  A general store, a farm implement business, a community super market, a drug store, the town's Wal-Mart -- are just some of the businesses that were or could have been damaged or destroyed by this twister.

You don't have to be a big company, or a shopping center, or a multi-story office building to be severely impacted by a storm or many other crises.

Adairville has about 851 residents at last count. Some work in the community, others drive a few miles to larger communities to work. 

A crisis plan is just as important to the school district there, or to the nearest community hospital or every business in the area as it is to General Motors, Chase Bank or the Holiday Inn. 

Let this picture of a thousand words inspire you to SAVE thousands of dollars in lost business or more valuable things -- and anticipate and plan for the most likely things that can go wrong and let us help you develop a crisis prevention AND recovery plan before the next "picture" strikes even closer to home or work.

Thursday, May 23, 2013

Don't Underestimate The Next Pandemic

I have been talking about the need to plan for the next worldwide pandemic since this time in 2005.

Since our founding in 1989 the Institute for Crisis Management has been warning leaders of all kinds and sizes of businesses and other organizations about the need to plan for crises and prevent as many as possible.

We have had a measure of success in helping businesses around the globe plan and train for the inevitable bumps in the road they are most likely to encounter.  But it continues to frustrate me when we talk about pandemic planning and so many intelligent executives, owners and leaders ignore the threat.

It doesn't matter what you do or how big or small your organization is, a pandemic could have a devastating impact on it.

China has been dealing with a new strain of "bird flu" identified as H7N9. In the past two months 131 people have been infected and 36 have died. It has not reached pandemic status yet, and it may never.  But, if this strain of bird flu is not the beginning of the next worldwide pandemic, there will likely be another strain develop that will.

For hundreds of years and about every 20 to 30 years, the world has experienced a major pandemic, which killed thousands of people. The worst in modern times struck in 1918 and killed 500,000 people in the United States and 50-million worldwide.

Healthcare has advanced significantly since then, but it hasn't figured out how to fully prevent another pandemic. 

If you are not concerned about the human suffering, sickness and death that has accompanied pandemics throughout history, how about the economic impact on the people and governments?

Let's take one segment of the world's economy -- our food supply. 

Beginning nearly ten years ago, supermarkets and a few restaurant chains realized they could take a big hit on their bottom line if the public was afraid to buy and eat some of their biggest and best sellers, such as chicken.  And a few of those companies began to plan for the potential impact of that possibility.

We now have a clear view of the potential impact.  In China, in the past two months, with only a relative handful of deaths and illness from a new "bird flu" virus, the Agriculture Ministry reported this week it has cost the country's poultry industry $6.5-billion because consumers are afraid to buy and eat chicken, turkey and duck.

You don't have to be in the food industry to be concerned.  What if you make cars and trucks?

The normal functions of society were disrupted in the 1918 outbreak with workers too ill to work, others staying home out of fear, hospitals strained to meet the demand for care and basic essentials such as transportation, water, sanitation and power were threatened.

Forward thinking companies should already have a plan.

Planning should proceed on two fronts:
1.      How are you going to maintain a minimal level of service/productivity?
2.      How are you going to communicate quickly and effectively with employees, vendors and   customers?

Human Resources, Purchasing, Transportation, Marketing and Sales all need a plan to keep the business functioning. 

What’s the minimum workforce with which you can continue to operate?  When you have 20-30 percent of your workforce out sick, or afraid to come to work, what can you do to meet production or service demands?  When a number of those sick employees never return to work, where will you find qualified replacements?  How long will it take to train them?

When your vendors are facing the same sickness and absenteeism, and your delivery services are slowed by sickness, how will you maintain operations?
You need to anticipate:
    ·         What will you do
    ·         What will you say
    ·         How will you decide if you have to close a plant, store, distribution center or office, even   temporarily.

The communication challenge is just as significant.
You need a plan in place to communicate with employees, to reassure them, if you can:
    ·         their jobs will be safe
    ·         this will end and life will return to normal (whatever that is)
    ·         the company will stand by them and their families if the worst happens

That's just a starting place!



Tuesday, April 23, 2013

It Was Reported BUT It Really Didn't Happen!

It's been a rough week-plus for the news rooms of the United States, but a wake-up call and lesson for every organization that has social media sites, such as Twitter, Facebook, Vine and web based blogs.

In the early hours after the Boston Marathon bombing, one social media news site posted a false report that a missing student was connected to the bombing.  And, CNN and the Associated Press, along with a handful of other major news organizations reported -- as fact -- a suspect had been arrested for the bombing. 

The report was flat false.

Then, only days later, the Associated Press Twitter account was hacked and someone posted a tweet reporting two explosions had hit the White House  (NOT TRUE) and the President was injured (NOT TRUE).

The @APTwitter account has close to two-million followers, and within minutes after the false report the feed was suspended, but not before several thousand re-Tweets.

Big bad news contributes to at least two things...the AP's reputation and trust factor was brought into question, and the purported news of the attack sent the Dow Jones Industrial Average into a 140 point dive.  Fortunately, as soon as the mistake was reported and confirmed, the Dow shot back up.

Social media accounts linked to CBS 60 Minutes and 48 Hours were hacked Saturday and earlier the same group taking credit for the latest hack struck the Twitter feeds of National Public Radio and the British Broadcasting Company.  The Syrian Electronic Army claims all five attacks.

The experts say we are all too casual about password protection in our digital world, and until we strengthen password access to all of our on-line systems, we can expect these kinds of attacks more frequently.

Wednesday, April 10, 2013

Do You Have A Pandemic Plan?

            Remember how many millions of dollars and countless hours of worry and preparation were spent in anticipation of the Y2K (Computer) Bug back in 1999?
            Remember, nothing much went wrong?  Did you ever go back and review what you did, what it cost and what it might have cost if you had not prepared?
            There is a far greater threat facing the world than Y2K.  And like Y2K, there is not a lot executives, managers and leaders of corporations, small business and other organizations can do to prevent the possible disaster.
            But there is a great deal you can do to prepare, just in case, and without spending the kind of money that was spent on Y2K.
            We are urging organizations around the world to start drafting plans for the potential disruption of a deadly flu pandemic.  The World Health Organization says the world is “overdue” for an influenza pandemic, since mass epidemics have occurred every 20 to 30 years and it’s been nearly 40 years since the last one.
            The worst outbreak of influenza was in 1918 and it claimed 50-million lives around the globe and 500-thousand in the US, alone.  The most recent pandemic struck the US and the rest of world in 1968.
            The US Centers for Disease Control in Atlanta, says the current situation is “worrisome” but not imminent, even though the Chinese government has confirmed a new H7N9 strain in recent days has killed 9 people and triggered the culling of poultry in the part of the country where the human cases have been confirmed.       
            The normal functions of society were disrupted in the 1918 outbreak with workers too ill to work, others staying home out of fear, hospitals strained to meet the demand for care and basic essentials such as transportation, water, sanitation and power were threatened.
            Forward thinking companies should already have a plan for the possibility.
            Planning should proceed on two fronts:
            1.      How are you going to maintain a minimal level of service/productivity?
            2.      How are you going to communicate quickly and effectively with key audiences?
           Human Resources, Purchasing, Transportation, Marketing and Sales all need a plan to keep the business functioning.  Plan for how you are going to keep operating with more than the normal number of people out sick and knowing that some will never be back.
            What’s the minimum workforce with which you can continue to operate?  When you have as much as half your workforce out sick, or afraid to come to work, what can you do to meet production or service demands?  When a number of those sick employees never return to work, where will you find qualified replacements?  How long will it take to train them?
            When your vendors are facing the same sickness and absenteeism, and your delivery services are slowed by sickness, how will you maintain operations?
            You need to anticipate:
            ·         What will you do
            ·         What will you say
            ·         How will you decide if you have to close a plant, store, distribution center or office.
            The communication challenge is just as significant.
            You need a plan in place to communicate with employees, to reassure them, if you can:
            ·         Their jobs will be safe
            ·         This will end and life will return to normal (whatever that is)
            ·         The company will stand by them and their families if the worst happens
           You will need to regularly update employees, vendors, partners, franchisees, customers and shareholders/investors about the progress you are making in overcoming the challenges of the pandemic.
           Be prepared to continuously reassure employees and customers that you will be able to meet their needs and expectations.  But, be honest.  You may be slowed by the illness or work may be temporarily halted.
           Part of the planning process will include determining the most effective and efficient method of communicating with those key audiences and anticipating which forms of communication will be more likely to work with so many people sick and dying.
           For those companies that do business in Southeast Asia, China and Mexico, planning is even more important because conditions in many of those countries and health care shortcomings will exacerbate the impact of a flu pandemic.



Thursday, April 4, 2013

I Told You So

Big banks like PNC, Wells Fargo, and Bank of America have experienced approximately 250 hours of disrupted on-line service in six weeks, according to NBC News.

A bank security analyst with the Gartner Consulting Group indicated the attacks have been almost non-stop for seven months and he claims the attackers could be inflicting more serious disruptions and frustrating more bank customers and security teams if they wanted to.

A group called Izz ad-Din al-Qassam Cyber Fighters has taken credit for the bank attacks, but it isn't clear why.

On the one hand, it could be the work of teenage hackers, on the other it could be practice for a bigger and more devastating attack on U.S. business and government.

Rodney Joffe, a senior technologist at Internet infrastructure company Neustar had warned banks last fall to prepare a sincere-sounding apology and have it ready for the anticipated interruptions.  And in recent weeks American Express and Wells Fargo issued statements explaining that delays in service were the result of outside attacks on their websites.

For the time being there is speculation that the perpetrators are just causing enough trouble to make a point and at any time they could bring websites crashing to a halt.

We are not the only voice in the wilderness calling on businesses and organizations of all kinds to prepare a crisis plan to maintain basic operations if/when their primary computer systems are trashed.

Friday, March 29, 2013

Still No New Crises Just A Quicker Way To Get Hammered

The other day a long-time associate and I were talking about a non-crisis that came close to becoming a real one because of speculation that reared its ugly head on the social media.

As I was briefing her on the non-incident and how quickly it got attention on Facebook and Twitter, she asked if I was willing to admit there are "new" crises?  The Institute for Crisis Management has preached for 20-years there are no new crises.  There is nothing bad that can happen to you and your business or organization that hasn't already happened to someone else.

I assured her that so far, I've still not seen any new crises, HOWEVER, almost weekly we see crises that are variations on the same old themes but requiring almost instant response.

In other words, the same kinds of damaging events keep popping up, but they strike and spread so much more quickly than ever.

For some of our younger readers and clients it may be hard to comprehend the difference in just a few years.  It hasn't been all that many years ago, an organization could have something go wrong and it might take a few days for a newspaper reporter to find out about it.  Then, the first story appeared in print and you had hours to prepare a response and almost 24-hours before the "second" story appeared with your side included.

Then radio news came along and sped up the spread of "bad news" and pressed organizations in trouble to respond quicker.  Television news created a whole new challenge to respond and nothing much has changed in recent years, UNTIL the explosion of  social media.

And, the only thing that has really changed, is how prepared you must be and how quickly you must react and respond if you want to get the problem behind you and get back to normal or the new normal in your company or organization.

There are still the same tried and true rules of engagement, such as identifying your key stakeholder audiences, which will almost always be headed by employees.  Prepare messaging targeted to each key audience including employees, partners, vendors, customers and investors.

One of the most challenging social media issues is how to monitor them 24 hours a day, seven days a week.  An issue that begins to spread on social media in the middle of the night can stir up a significant negative impact hours before your organization is aware and begins to consider a response.

Friday, March 15, 2013

If It Happened to Carnival Could It Happen To Us?

Of course it could/can/will!

Just when you thought Carnival Cruise Lines was over the hump and the cruise crowd was beginning to forget about their most recent "crisis," two more of their ships made headlines within 24-hours of
each other.

About a month after an engine room fire triggered electrical failure on the Carnival Triumph, stranding thousands of passengers adrift for five days, with the anticipated negative news coverage, the Carnival Dream with about 3,000 passengers on board had "technical issues," whatever that is, and could not leave the port in St. Maarten, and a day later the Carnival Legend, with an estimated 2,000 passengers was limping slowly back to port in Tampa with mechanical problems.

The company immediately offered cash back, discounts on a future cruise and air fare to get the St. Maarten stranded passengers back home.

Carnival was already facing at least four lawsuits, including a class action lawsuit, from the Triumph debacle.

If the vaunted Carnival Cruise Line can experience these kinds of back-to-back bad-news events, why would you think your business or organization would be exempt?

It appears Carnival did learn a few things from the earlier "Triumph" problem, but apparently not enough. 

I do not profess to be an expert on cruise ship mechanicals, but three failures on three different ships in little more than three weeks, seems to raise serious questions about inspection policies and preventive maintenance. 

The Institute for Crisis Management maintains that roughly two-thirds of all business crises are preventable, and if we were consulted by the leadership of Carnival, we would encourage them to step up their preventive measures and fine-tune and polish their internal and public response procedures. 

Tuesday, February 19, 2013

Unhealthy Healthcare Hackers

What business or organization collects and stores more sensitive personal information than does your doctor, hospital or other health care provider?

What business or organization is more careless or takes more risk with your sensitive personal information than does your doctor, hospital or other health care provider?

The answer to both questions may be "none."

According to Avi Rubin, a computer specialist and technical director of the Information Security Institute at Johns Hopkins University, he has "never seen an industry with more gaping security holes."  In a December 2012 article in the Washington Post, Rubin said, "If our financial industry regarded security the way the health care sector does, I would stuff my cash in a mattress . . ."

That's the bad news.  The good news is that so far there have been relatively few attacks directed at U.S. health care facilities.  However, the U.S. Department of Homeland Security says health care is a growing target to what they call activist hackers, cyberwarriors, criminals and terrorists.

A DHS memo last year warned "These vulnerabilities may result in possible risk to patient safety and theft or loss of medical information."

Johns Hopkins' Rubin cites aging software, the mandatory adoption of computerized  personal health records and a culture of physicians, nurses and health care staff who routinely ignore basic security measures, including strong passwords, in favor of their own convenience while putting your private information at risk.

He reported a conversation with a nurse who told him part of her job was typing-in a physicians' password in any computer he might want to use in the hospital, so the doctor would not have to, even though it meant leaving terminals "on line" and unattended.

Health care privacy laws are among the most complicated, or at least many doctors and hospitals act like it, but then fail to take even basic steps to safe-guard your personal information once it is entered into their computers.

Rubin told the Washington Post reporter that health care "is an industry with the least regard, understanding and respect for IT security of any I've seen, and they have some of the most personal and sensitive information of anyone."

A year ago, someone hacked into a network server at the Utah Health Department and possibly downloaded Medicaid records for 780,000 people.Utah officials tracked the hackers to computers in Eastern Europe.

Doctors, hospitals and other health care providers cannot afford to be careless with your medical records and personal information.  Their income AND their reputations are at stake.

Monday, February 18, 2013

Burger King Sells to McDonald's -- Twitter Says

The hactivist group Anonymous was quickly identified Monday as the likely source of a successful  take-over of the Burger King Twitter account.

It began with a tweet declaring the fast food chain "just got sold to McDonalds!"

It took an hour before Twitter shut down the account, but not before 30,000 new followers signed in to the Burger King account, and many had fun with the compromised social media site. 

There was probably "no harm -- no foul" in the attack, but there could have been.  And what business wants to be the butt of such drama?

A McDonald's spokesperson told NBC News they were not responsible, and then added "we empathize with our @BurgerKing counterparts. Rest assured, we had nothing to do with the hacking."

Burger King issued a statement at mid-afternoon:  "We apologize to our fans and followers who have been receiving erroneous tweets about other members or our industry and additional inappropriate topics."

Twitter said earlier this month that abut 250,000 user passwords had been compromised, although it was not clear if that contributed to the Burger King attack.

The lesson for all organizations is quite clear -- if you are playing in the digital world, be prepared to cope with an embarrassing moment or two.

Monday, January 28, 2013

Family Business Crisis Planning

      I spent one morning last week with 53 family business owners and came away from the experience encouraged that there are small and family business leaders that are smarter and have more foresight than nearly half of all big business executives.
      That is assuming the best guess estimate that only about 45 to 55 percent of big organizations have a complete operational/communication/continuity-recovery crisis plan in place and ready to use.
       The Family Business Center of the University of Louisville School of Business has an excellent on-going program for family business leaders and they invited me to present a workshop on crisis prevention and crisis management planning.
       Family businesses face the same potential problems and business disruptions that any other business does, but they have a couple of unique issues that non-family organizations don't.
       When several family members share ownership and operational responsibilities there is the added potential for intra-family feuds and disagreements.  And, while all businesses need to have a succession plan, a family business succession plan is not only critical, but it must be carefully considered and shared with all the family members likely affected.
       If the head of the family business dies unexpectedly and has not prepared his/her heirs with the succession plan, there can be turmoil and bitter feelings that can destroy what's left of the business and family relationship.

      To learn more about the U of L Family Business Center visit:  http://business.louisville.edu/fbc/
and for help with your Family Business Crisis Plan: larrysmith@crisisconsultant.com .  

Earthquake Drill February 7

     February 7 is the 201st anniversary of the 1812 earthquake that levelled New Madrid, Missouri.
     The New Madrid Fault shakes parts of seven or more states from time to time and is an ever present reminder that every business and every other organization should be prepared for the inevitable disasters, including earthquakes, tornadoes, hurricanes, and flooding, depending on where you live, work and serve.

     An estimated two-million people in the South and Midwest will take part in the Feb. 7 earthquake drill, just part of Earthquake Awareness Month.

    You can learn more at www.shakeout.org/centralus.

     Where ever you live and work, there is the possibility of some combination of natural disasters and you can develop a plan to help your business or school or not-for-profit get through it and return to normal or near normal operations.

      Every organization should have three crisis plans: (1) an operational crisis plan -- who does
what and how when the fire alarm sounds or other disaster strikes; (2) a communication plan -- who speaks for the organization, who decides what will be said and when and how; (3) and, a continuity/recovery plan that outlines how you will maintain work/service while the crisis is being managed, and how you will recover and return to the new normal once the crisis is past.

      In the best of all worlds, those three plans are integrated into one broad, flexible road map with a designated team trained and practiced with those plans.  A half-day, custom table-top exercise at least once a year is the icing on the crisis planning cake and the team at the Institute for Crisis Management can help you with most of that.