Communicating to staff and customers during a major incident
Chris Phillips says that although the business community can do little about the threat of terrorism, it has a duty of care to look after its staff and customers should a major event occur.
The number of catastrophic weather events and large-scale incidents seem to be becoming more commonplace and frequent. Maybe it’s the speed of the various media sources but it does seem that floods and tempest is more and more affecting our planet. Of course, in my own area of counter terrorism, attacks are increasingly common and there is no reason whatsoever to think these types of incident will subside. In fact we are likely to see more attacks across the West and East.
One thing we do know is that the business community can do very little about the threat. You can’t control the weather and you really can’t do very much about group of terrorists that are intent on attacking your city or town. However, you can – in fact you must – do something about your vulnerabilities. You are responsible. You have a duty of care and must look after your staff and customers if a major incident occurs.
Most businesses have some form of security in place. Often it is not well thought out, but at least they have done something. Where it gets more complicated is when I ask the questions: “What would you do if there is a terrorism incident? What have you put in place now that will warn and inform your people and keep them safe during and immediately after an incident?”
These are simple questions, but that have a dizzying number of answers, depending on industry, location, number of employees, existing crisis management scenarios and more. But what can we boil all of these down to? What are the general themes and policies businesses can follow to keep employees safe?
Let’s go beyond the security question and talk about reaction to incidents. Most of us, counter-terror professionals or otherwise, are familiar with business continuity plans – contingencies designed to keep the cogs moving even in the event of complete chaos – but beyond this there’s a more human element, how upper management and the board can fulfill their duty of care to their own employees, customers and others who have access to their building to ensure they have done everything possible to keep them safe in the event of such attacks.
Hopefully you are aware of the Police Run, Hide, Tell advice documents and many of you should have seen the video. But there is much more to this subject than that.
Businesses are multi-located and most businesses will have personnel travelling or working from home. What are you doing to make sure that they are safe and don’t inadvertently get caught up in a terrorism or another major incident. How are you locating them to see if they are safe? In this age of digital technology, you should be able to communicate almost instantly with them to check on their welfare and offer them advice.
What follows are my own simple steps any company, large or small, can use as a general guideline to help ensure they’ve done what they can to keep their own employees safe.
This isn’t the sum total of all incident preparedness, but it is a good starting point.
Have a mass notification system
It is vital that you have a good, dependable mass notification system with multiple redundancies in terms of messaging your employees (SMS, e-mail etc).
Inform and alert
Probably the most important element is to inform staff and alert them of any impending dangers via some sort of one-way communication channel with multiple redundancies. This direct communication helps to minimise the sort of rumour-filled misinformation that naturally arises as a result of terror incidents and, more importantly, to reassure your employees that the company is aware of current events is monitoring them closely.
This is where the concept of upper management’s duty of care really comes to the fore. Ensure that you have some sort of system that employs a two-way communication channel running alongside the one-way channel mentioned above.
This allows you to ping out a request for a response across multiple messaging methods with a simple question like: “Are you currently at the muster point?” or: “Are you safe?”
Mass notification and response systems that afford this sort of functionality are invaluable and mean you don’t have to deal with more chaotic response plans that tend to involve individually locating each person at a muster point (note that the muster point approach to crisis management is fraught with its own dangers in this modern age of terrorism regardless).
This also gives the incident manager a clear view of who is safe and who potentially is not.
Locate non responders
After the incident manager has issued a call for status response, the most important task is the identification of who hasn’t responded and why.
Most modern mass notification systems allow you to sort responders by their status, which then allows the incident manager contact each one, or each one’s point of contact (their spouse, for example). This appraisal of the status of non-responders is important as it allows the incident manager to tick off people who have been listed as at-risk but who are, say, working from home instead.
In essence, this whole process is designed to prioritise those who may be at most risk.
Instruct and reassure
One thing you learn quickly while working in the anti-terror sector of law enforcement is that the panic that will undoubtedly set in must be accounted for in contingency planning. It is human nature, especially in our uncertain climate, to fear for one’s safety when one knows there is an unfolding terror attack taking place nearby.
As a result, the incident manager’s role should not be to broadcast for the sake of alerting and accounting for. He or she should also be prepared to reassure staff that the situation is being dealt with as quickly as is possible and that the best response from staff is to remain calm and listen to his or her alerts and updates.
Keep information flowing
This is more of a supplementary point to the above, but it’s important enough to deserve its own subtitle.
As already stated, misinformation naturally arises as a result of any terror incident, but it becomes more damaging when the institutions people usually look to for advice and answers are silent. The city of Munich’s recent use of mass notification technology to keep city residents advised of news and information on their search for a marauding gunman meant dubious reports on Twitter weren’t allowed to carry as much currency.
The same rules apply to a business incident manager, especially if the business is at the forefront of an attack: Namely to keep information flowing to the staff as soon as he or she receives it, and not to be playing catch-up to someone else’s account of what is actually transpiring.
There is no time like the present to get prepared. Make sure you will be able to communicate in a crisis. Make sure you have information available at the time you need it. Don’t wait until it’s too late. Lives may depend on it.
Chris Phillips, GCGI