Incident Response

10 Mistakes Businesses Make During a Crisis

Every business should be prepared to handle a crisisIt’s more important than ever that every business be prepared to handle a crisis. A 2017 survey of 164 CEOs showed just how prevalent they are: 65% of the CEOs surveyed reported experiencing at least one crisis since 2013. In the same survey, 40% expected to experience a crisis in the next three years and an additional 33% expected multiple crises. When it comes to crises, everyone in an organization needs to be on board with how to respond. Unfortunately, many organizations are not adequately prepared or aware of the appropriate steps they need to take to respond to a crisis.

Below are 10 of the most common mistakes businesses make when responding to a crisis:

  1. Having no plan in place.

This may seem like an obvious mistake to make but an incredible four out of ten organizations don’t have a crisis plan in place at all. Depending on the type of business your organization runs, your incident response plan will vary, but it should include components such as a mandatory internal notification system, evacuation plans and disaster recovery strategies. 

  1. Not preparing for variety.

Any plan you develop should be broad enough to cover any kind of crisis—whether an operational disruption, a cyber-breach, a natural disaster, an accident, a product failure or an executive’s poor choice of words at an event. This doesn’t mean that you need to prepare for each situation separately, just that you should create a well-designed plan that is led by people who are strong observers and rapid organizers who can respond accordingly. While the plan should be broad enough to cover a variety of crises it should also fit into your company’s practices and strategy.

  1. Being vague about roles.

The last thing you want to be doing is establishing a team and assigning roles as the crisis is occurring. Roles should be clearly defined prior to any event or incident. It’s important that every member of the company is aware of and comfortable with their role during and event for incident notification, response and remediation. Without that level of clarity, any response to a crisis will be chaotic.

  1. Restricting crisis response to a few key players.

Crisis response plans are not only about the C-suite making decisions, controlling the narrative and responding to the crisis—it’s about people across organizational boundaries and different networks collaborating. Plan group sessions, retreats and other networking opportunities to promote collaboration across organizational boundaries. Additionally, crisis managers should have ongoing conversations with any outside stakeholders, such as local law enforcement officials, emergency management offices and public relations professionals. This will help prepare them to act effectively during a crisis.

  1. Overlooking prevention and mitigation.

Prevention and mitigation are key to reducing the impact of a crisis. Proactive steps could include safety and operational audits, business continuity planning, and, on the cybersecurity side, using intrusion prevention tools to detect unusual network behaviour.

  1. Underestimating an incident.

Most crises begin as small incidents. Don’t underestimate the power of these incidents. It is important that your company be able to realise the potential impact of incidents and respond appropriately to prevent a crisis.

  1. Not responding quickly.

During a crisis, it is important to respond quickly and efficiently. Delaying a response not only can make the issue harder to resolve, it may result in reputation damage—as it can demonstrate to authorities and the media a reluctance to take responsibility. 

Ensure that all the appropriate people are notified quickly, that all notifications are received and read and that everyone is on the same page in order to coordinate response in an efficient manner.

  1. Overlooking compliance.

Compliance is a key component of crisis preparedness. Companies should be aware of any state and /or federal regulations that could impact operations, notification requirements and response. These must be implemented into any crisis response and business continuity plan.

  1. Skipping regular crises trainings.

Without trainings in place, a great plan loses its intended impact. Employees need to be prepared through regular training, including exercises with employees to discuss the roles of each individual and each department as well as virtual crisis simulations.

  1. Not communicating clearly and efficiently.

Transparent, secure and candid communications are a critical aspect of crisis response. Organizations need to have a system in place to communicate to all affected stakeholders during a crisis and ensure that the organization can maintain control of the narrative without fear of leaks. Notifications to relevant people should be able to be automated for efficiency and reach them on whatever device is most relevant to them.

At Vaporstream we are committed to providing you a secure communications platform that enables you to communicate during crisis response. To learn more about how we can help download our data sheet Optimize Secure Incident Notification and Response Coordination. 

Contributor: Kristi Perdue Hinkle