Communicate
Dave thought for a moment- obviously the IT Security and Crisis Management teams, as well as others, had to be notified, but an email alert might also tip the hackers. Dave logged in to Crisis Commander, a system hosted and maintained outside the company network by Crisis Commander USA, and immediately went to the notification window. Dave selected the appropriate contact lists, chose the “SMS and Voice” notification option, and instantly alerted hundreds of team members, via text and voice messages to their cell phones, homes and offices, of the situation and of a virtual meeting to develop an approach to address the situation. Almost all the team members accepted the invitation, and the conference call began momentarily.

Notification Window

Collaborate
As he initiated the conference call, Dave also activated the meeting agenda for “Possible Data Breach” in Crisis Commander. As team members logged in to the call, they were told to access the meeting agenda as well, and were able to see meeting agenda items, decisions made and responsibilities assigned in real time during the call. Even better, all of theses items, as well as the notification and notification receipts, were logged securely in Crisis Commanders’ central log. Once the team realized the extent of the problem, they decided to activate several pre-established plans for malware infection and data breach that were stored in Crisis Commander.

Data Breach Meeting Agenda

Coordinate
After the meeting the team immediately activated the appropriate plans in Crisis Commander. Using the plans they were able to assign plan tasks to individuals, track status and completion, and monitor progress. All tasks, decisions and communications were logged automatically by Crisis Commander throughout the crisis.. In addition Crisis Commander’s flexible plan structure enabled the team to modify the plans on the fly to customize the plans for the current crisis and to adapt to changing circumstances. All these activities occurred in a highly secure environment outside of the company’s IT Infrastructure.

Anti-Malware Plan

The team worked through the weekend and into the following week, using Crisis Commander to Communicate, Collaborate and Coordinate team activities throughout the crisis. Using Crisis Commander enabled them to respond quickly and securely, using pre-set plans, agendas and contact lists, as well as ones established during the incident.

For more information on Crisis Commander, contact Michael Hardie, 410-517-1232, michael.hardie@crisiscommanderusa.com

I have researched two social media search engines: Topsy (www.topsy.com) and Social Mention (www.socialmention.com) Kurrently, an effective and efficient search engine that only monitors Facebook and Twitter, is “currently” not functioning, with no explanation. Social Mention monitors 15 social media sites, including YouTube. Topsy has similar coverage. Both work very well and cover a lot of ground , particularly with the video component added by YouTube. Try both and see which you prefer. Either way, you should consider deploying one or both during a major incident to monitor the “buzz”. Once your organization begins your response, stay tuned to these sites for feedback to see if your approach is effective or needs to be re-calibrated.

Finally, should your searches reveal inappropriate, illegal or threatening social media posts, you can often identify the perpetrators by using sites like Pipl (www.pipl.com). Try searching against names, nickname, twitter feed, etc. Once again, be sure your employee handbook clearly prohibits posting negative or threatening information about your organization. This will enable you to take quick action should an employee be responsible for negative posts about your organization.

Here are my thoughts:

Monitor: You should absolutely monitor what is being said about your organization on Twitter, Facebook etc when you are faced with a crisis, incident, etc that goes public. Many news organizations now monitor Twitter and Facebook etc searching for stories, so you should be on there too. Ideally, this would be done by the PR/communications members of your crisis teams. Hopefully they are doing this already on a day to day basis, and perhaps posting information about your company during normal day to day operations. In a crisis they should be prepared to try and counter/correct misinformation on your company on the social networks. But remember, this type of communications can easily “Go viral”. My advice: outbound communications on these channels is risky and should be handled by trained PR/ Communications people

Accuracy: Remember that the openness of these media and the anonymity of users raises real concerns about the accuracy of the data on them. Professionals following Facebook and Twitter are following trends rather than individual posts. See the excellent article in the February 2011 edition of Security Management for more information, at www.securitymanagement.com

Authenticity: Be aware that some of the people posting misinformation about your company may be employees, contractors, etc. Review your policies on this, and make sure employees know certain types of activity on the web/social media are grounds for dismissal. Try to be as clear as possible in your policy, it will help you in the event you must take disciplinary action.

Security: There is a lot of talk about the vulnerability of these sites to hackers. Many large organizations are not using these channels for outgoing communications in a crisis because of the fear of misappropriation of messages, or the possibility of hackers breaking in to a Twitter or Facebook account and posting misinformation. Know how to shut your company accounts down before a crisis occurs so you can do it quickly.

Notification: I think there is a role here for notification, however, in a limited way. One can envision a scenario where you would “Tweet” team members and direct them to a secure messaging system for information- thus driving your legitimate crisis team members to a communication channel where they can be authenticated, and then providing them the info on the authenticated channel. One example of this would be a “Tweet” directing Crisis team members to the Forum in Crisis Commander- where they could access a secure blog on the incident. Your initial “tweet” should not contain a lot of details, just instructions to login to a secure channel.

This topic is going to remain open and hot for some time- follow up here for more information, and please post replies to this blog if you have questions or comments, or like/ dislike what you read here.

I recently attended a presentation by Howard Gwon, Chair Emergency Management Committee and Administrator, Emergency Management Response/Recovery for the Johns Hopkins Hospital (JHH) and JHU School of Medicine. Mr. Gwon discussed their response and its implications and outlined some changes they will be making.

I have attached Mr. Gwon’s presentation for your information, courtesy of the Johns Hopkins Hospital (JHH) and JHU School of Medicine. Below are my take-aways from the presentation:

· Have multiple modes of communication: JHH had 5: Text(EAS), Notifind, JHH email, loudspeakers, pagers (only one mode reached my wife, e-mail)
· Multiple update messages are required throughout the incident
· Plans must be in place before there is an incident of workplace violence – there is no time to plan during the event
· Send messages every 15 minutes to reassure people and let them know what was happening. Some people will not believe the messages that are being sent and think it is only a drill. It was difficult to send messages to all the pagers because their system could only send to 100 at a time.
· Have a member of your own Security and the Principal Information Officer at the location where the Police establish their Incident Command. That way the members of your staff can know what is happening and communicate information back to your Incident Command Staff.
· You will need to take care of the situation for 5 minutes at least before the Police will be able to arrive.
· Roads around your location may become a problem for staff to get to and enter your organization because the police may set up roadblocks to restrict people from coming into the affected area
· People will be using Twitter and Facebook to communicate about this event even if you have a policy that only one person is authorized to speak to the media.
· Many government agencies will come to your location not just the Police. You need a way of dealing with them.
· Have and wear badges so that you and the Police will know who is who.
· Decide who will take care of the victims and how to communicate with their families. It is important to tell employees that they should not help victims unless the area is safe to enter. This responsibility is already assigned to the paramedics employed by the local jurisdiction.
· JHMI held a Town Meeting right after this with all employees and then again four months afterward to let people know the action that had been taken

Of particular note to me is the reduced tolerance of aggressive, threatening behavior by employees, patients and their families etc. This ties in strongly with the Tuscon shooting incident, and I hope will drive us all to consider what changes in actions we should take towards those that exhibit this type of behavior.

1. Leadership and strategic communications: having a leader who can effectively frame  events in their context, and manage expectations from the very start of a crisis.  As someone once said, you can say anything to anyone, as long as you say it the right way.  Highly effective leaders provide context and direction in their communications to ensure they are heard the right way.

2. Delegation and networking:  This is really what we are all planning for, isn’t it?  To have clearly defined responsibilities among teams across the organization, and a network that we can access when things don’t go as planned.

3. Reputation management is Critical:  this is what we learned from Tylenol- transparency, expertise, commitment and empathy  and don’t forget honesty, are the keys.

4. Take a long term view:  Short-term oriented decisions can further harm reputations in a crisis.

5. Information Management is key:  Those of you using Crisis Commander know how important it is to have the right information available at the right time to make the right decisions.  Having a structured way to prepare, gather information and respond is absolutely critical.

The article ends by exhorting readers to make the necessary investments to manage risks and crises.  Click here to view the full article, it is well worth a read, and a forward around your organization.

The implementation of the new software is a critical step towards a safer London. City of London’s ‘Safer City Partnership’ is a UK-wide initiative whose current objectives include protecting people and businesses against a range of incidents, including pandemics, natural disasters, terrorism, anti-social behaviour, crime against people and economic crime. A team of officers from the City of London Corporation and City of London Police supports the work of the Safer City Partnership. The unit is located within the Security and Contingency Planning Group of the City of London.

The new Software-as-a-Service (SaaS) is called Crisis Commander and will initially be used to manage and control the City of London Corporation’s response to major incidents or any disruption within the Square Mile, such as pandemics, rail accidents, floods and power outages.

ECDC is an EU agency whose aim is to strengthen Europe’s defences against infectious diseases and its mission is to identify, assess and communicate current and emerging threats to human health posed by infectious diseases.

ECDC works in partnership with international health protection bodies across Europe to strengthen and develop continent-wide disease surveillance and early warning systems and the implementation of the new software is a critical step towards a safer Europe.

The new Software-as-a-Service (SaaS) is called Crisis Commander and will initially be used to manage and control ECDC’s response to infectious diseases and pandemic threats and allow ECDC to pool Europe’s health knowledge, so as to develop authoritative scientific opinions about the risks posed by current and emerging infectious diseases.

The new Software-as-a-Service (SaaS) is called Crisis Commander and will be used by between 10 and 25 staff, to help manage and control the company’s complete incident management and emergency response process.