- Security TWENTY
- Women in Security
Author Melissa Agnes
Review date 16/01/2019
No of pages
Publisher Melissa Agnes
Publisher URL https://melissaagnes.com
Year of publication 04/05/2018
Crisis preparedness, reputation management, and brand protection speaker and writer Melissa Agnes blogs and is a contributor to Forbes. The Canadian's put together her thinking in a book (electronic and paper) for sale through Amazon, Crisis Ready.
She sets out how social media and mobile communication as used by business - or as Twitter users talk about a brand - is a risk (like any other). A crisis can come at any time (or put another way, never during office hours). The old ways of crisis management, 'no longer cut it', she writes. You are not ready, she says, if you have a crisis management plan waiting to be activated; in fact if you reach for that plan, 'you risk already being behind, losing control of the narrative of the incident', whether a train crash (metaphorical or if you are a train operator, actual) or even something not true, but that makes you or your company look bad and lose reputation and therefore share value. Short-term damage often leaves long-term scars; even if the organisation doesn't know it. Such is the nature of invisible, quicksilver social media.
The conversational tone and style of the book are in keeping with her message. As an example of how up to date she is and as an indication of her thinking, she blogged recently on the Facebook-Cambridge Analytica 'crisis' - a crisis, that is, for the two companies. She blogged that the affair was 'a giant missed opportunity' for Facebook. Instead of being 'highly attuned with the risks that plague your organisation', Facebook is now hounded by politicians and lawsuits. As that case and her blog shows, crises now are not so much about physical loss - through fire, flood or crime, although they can be - but turn on the intangibles such as (lost) trust between service provider and customer and consumer. She describes that crisis as foreseeable; even inevitable, and hence a risk that the social media firm could and should have acted on - before it now has to. She writes: "I also know from my work in advising some of the world’s largest, most risk-prone organizations, how easy it can be to fail to evaluate the risks that lie in front of your business, especially when those risks have gone unnoticed for years and business is soaring. But the risk is there none-the-less and when it catches up to you, the consequences can be direly impactful."
She argues that no matter your level of security, due-diligence, or control, the reality is that we live in uncertain times. Organisations are prone to a multitude of risks that can attack from every angle. When your team is crisis ready, your organisation is prepared for anything.
To take one snippet of her book. Who should you include within your crisis management governance? Consider a cybersecurity crisis. She writes: "In such a crisis, your IT team may be the first to detect the incident. But upon initial assessment, they aren’t the right group, in and of themselves, to determine whether the incident constitutes a corporate crisis. They can only see the situation through their lens, which does not provide the full scope on potential impact to the organization. Therefore, you want to make sure to have a subset group of internal experts that the IT team knows to call in, to help them assess the potential scope and breadth of the situation and decide whether escalation is necessary. For a cybersecurity crisis, this group may include someone from your legal department, your compliance department, your risk management department, and any other department that the situation impacts.
"The goal here is to have a group of qualified individuals that will quickly gather to determine whether the incident needs escalation. You want to ensure prompt escalation in the event of a potential crisis while also ensuring that you do not call leadership out of their busy schedules when a situation does not merit their attention. Not every situation is black and white. You need to account for many potential gray zones, and this is the group responsible for assessing them."
Email email@example.com or firstname.lastname@example.org.
See also Charlie Maclean-Bristol's blog.