ASIS webinar: Risk management strategies and crisis communications

Presenters Bruce Blythe (owner and chairman, R3 Continuum) and James Satterfield (president and CEO, Firestorm Solutions) were actually in the early stages of evacuation as Hurricane Irma approached Florida when they gave the webinar.

The presentation focused on using a strategy called C.I.A. (Core assets, Impacted stakeholders, and Anticipation) Focus.

According to this strategy, organizations should first determine the core assets at risk, such as property, finances and reputation.

“As a security manager [or] a manager of an organization … your job is to protect those assets,” said Blythe.

Intellectual property may be at risk because more employees will be working remotely after a crisis, which can lead to cyber breaches.

Meanwhile, reputation can also be at risk if communication is mishandled. According to a study by the Center for Risk Communication, the most important quality of good crisis leaders is “caring.”

“If you come across as uncaring, your crisis will escalate,” Blythe explained.

However, a company’s “biggest exposure” is “what you don’t know you don’t know,” said Satterfield.  To identify this, companies should determine the assets they know are at risk, and then use open-sourced intelligence.

The strategy then calls for identifying the impacted stakeholders and addressing their concerns.

Lastly, to anticipate what might happen, it is important to know the common failures in a crisis.

One of the biggest pitfalls is failing to have crisis management plans at home. If employees don’t have a plan at home, they will take more time to come back to work, as they often need to address issues such as home security.

One way companies can make their employees feel more secure is by providing a guard service for their homes if they are vulnerable due to hurricane damage.

Finally, Satterfield and Blythe discussed the impact of crises on security.

When asked if security professionals should assume ordinary risks will diminish in crises, Satterfield responded that reactions will vary as stress increases.

If employees feel the company doesn’t care, behaviours will start to escalate into threats, which will escalate into violence.
    
“It’s much easier to intercede early in the process,” he added.

In fact, statistics indicate that if someone has ill intent, 80 per cent of the time, somebody else knows, and 67 per cent of the time, two or more people know. Consequently, an anonymous reporting system could reduce the risk of violence.

In the past, he said, disasters have resulted in violence, so “security has an expanded role to play.”