How to Prepare Now for Your Next Crisis Post-COVID

Posted on by

As business leaders remain hyper-focused on navigating through the pandemic, few have sufficiently considered how to prepare for the next major crisis. There are many steps leaders can take, some of which include reassessing their risk management plans, constructing cohesive frameworks that proactively identify potential gaps, and identifying protocols and procedures to fill those gaps in preparation for future crises, no matter how big or small. 

Reflect and Optimize

Very often, companies have not taken the time to assess how they responded to previous crises because they are either too busy afterwards, or too happy to have survived with minimal consequences. But the pandemic has shown that this is a dangerous game to play. While we have seen that most organizations had some of the core elements of crisis management success—whether a crisis management plan and team, mass notification technology, risk and intel monitoring capabilities, or business continuity plans and teams—many had (and still have) not connected these parts into a successful framework. Moreover, they have not reflected on those plans to improve them and optimize their crisis and risk management approaches.

Businesses must evaluate their preparedness for and response to past crises and use lessons learned in those reviews to optimize their responses moving forward. Given COVID-19’s unexpectedly “long tail,” companies should review and reflect on their plans now, rather than wait months or years.

Create or Enhance Your Plan

While enhancing an old crisis plan or developing a new one will take work (and cost money) upfront, it is a process that will pay massive dividends in the long run. Once businesses have a concrete crisis management plan in place, have practiced the plan, and are prepared, the cost will realize itself both in terms of the monetary outlay and by mitigating potential risks that could prove highly detrimental to the business down the line. While different companies take varied approaches to crisis management planning, certain plan elements have proven their value during COVID-19 and likely will again during future crises. This is demonstrated in “the 3 S’s”: scenario analysis, stakeholder analysis, and standing media agenda.

  • Scenario analysis: Scenario analysis encourages companies to focus on the best, worst, and most-likely case scenarios when confronting a crisis and planning for various organizational responses. At the beginning of COVID-19, many companies saw the crisis as a “China problem,” and did not actively prepare for its potential global impact. Preparing in this way would have enabled them to have a broader, more proactive approach to crisis management, rather than getting caught in constant response mode, as many companies were. 
  • Stakeholder analysis: In times of crisis, businesses must quickly identify the key internal and external players that will be impacted and require critical attention. The companies that do so will be able to quickly identify their specific needs and/or interests and build their crisis responses around them. Not doing so often results in disorganized management of key stakeholders, exacerbating the impact of the crisis and/or causing additional work for the crisis team.  
  • Standing meeting agenda: Standing meeting agendas are crucial for helping to keep meetings on track, ensure discussions are impact-based and holistic, and guarantee key facets of the response are consistently revisited until resolved. Organizations that do not utilize standing meeting agendas often find their meetings to be frustrating, disorganized, and never-ending as conversations go around in circles.

Practice Responding to Crises

It would be easy to believe that you do not need to practice your crisis responses and exercise your plans after navigating a massive crisis like COVID-19, but that would be a mistake. Every crisis has its own unique characteristics, impacts, and challenges, and crisis exercising has proven to be one of the most effective means of preparing organizations and their leaders for navigating the next crisis or managing multiple, smaller crises at once. Just as with physical exercise, crisis exercising keeps organizations nimble and helps develop organizational muscle memory to ensure businesses and leaders are prepared for a real crisis.  

Do Not Forget Travel 

While most business leaders are thinking about bringing people back to the office, few have considered that many, ironically, are going to be looking for opportunities to leave it again—getting back on the road and visiting suppliers, customers, etc. So it would be short sighted for companies to only focus on policies and procedures around returning to the office, when they should start thinking about policies around returning to travel too. This will bring exponentially more challenging situations given the lack of consistency and (likely) inequity of vaccine distributions across the world, especially in developing nations where many employees may be traveling. Business leaders should be thinking about this now and planning for how to enable and support employee travel when it is safe to do so.

Take Risk Management and Monitoring Seriously

Risk management programs can no longer be developed with a “check-the-box” approach. As COVID-19 proves, high impact-low probability events are not only possible but probable, and so companies must take risk management and monitoring seriously. During this time, companies have started to build information and intelligence monitoring capabilities to help them digest the large volume and varied kinds of information they are receiving. This has included agreeing on scenarios and triggers that, when met, result in particular organizational action (e.g., reopening the office when case counts are at a certain level or enough people have received the vaccine). The last thing companies should do is stop monitoring when it seems as though the pandemic or any other crisis seems to be slowing or ending. In fact, organizations should not only maintain this monitoring but expand it to include other risk types identified during the crisis that could create another significant disruption down the line. This will allow the organization’s leaders to make data-based, proactive decisions rather than waiting until a crisis happens.

Crisis and business continuity planning has never been more important. The COVID-19 pandemic has dramatically shifted the way businesses operate and has created new problems that business leaders must solve. To effectively plan for the next crisis, leaders must prioritize these capabilities, creating a holistic framework that addresses various types of threats. Taking these steps now will better prepare organizations for the next major crisis, however unlikely and no matter the scope and scale.

Strengthening Diversity, Equity and Inclusion Efforts

Posted on by

Improving diversity, equity and inclusion in the workplace seemingly remains an elusive goal for many companies. This persists even as many business leaders have stepped up to demonstrate that they value diversity and inclusion by making public commitments and dedicating time and money to training and development for their teams.

Society has a legal and moral obligation to extend equal opportunity to all people—regardless of gender, gender presentation, sexuality, sexual orientation, skin color, social class, religion and age, among other factors. But there is also a strict business dollars-and-cents reason for doing so: judging people on their talents and their potential, regardless of any of the factors above, means that you are getting the best people available. Discriminatory hiring practices simply dilute the talent pool.

A diverse workforce also brings a range of viewpoints and perspectives to a company. If employees feel safe to bring their authentic selves to work, they will feel empowered to help develop new ideas, products and missions to support the business and cater to its customers. Medium’s HR Blog and Resources published an article showing that diverse companies have increased revenue, more innovation, improved decision making, higher rates of job acceptance and better performance compared to competitors.  

Additionally, a 2018 analysis by McKinsey painted an even clearer picture:

  • Companies in the top 25th percentile for gender diversity on their executive teams were 21% more likely to experience above-average profits.
  • Companies with more culturally and ethnically diverse teams were 33% more likely to see better-than-average profits.

While most leadership teams believe that it is important to prioritize diversity and inclusion, they may also think it is something that will just fall into place. In reality, it will only succeed if it is deliberate—companies must plan for it, buy into it and incentivize it. It is also easy for businesses to believe they are doing a good job promoting inclusion and unwittingly stumble. Unconscious bias is real, and even people with the best of intentions can be guilty of microaggressions and other offenses against underrepresented groups.

Organizations seeking to embrace inclusion need to do so from the very top, and the practices, language, norms and processes that support these inclusionary goals need to move directly and effectively down the organizational chart. Something along the lines of superficial copy written in a policy memo will not do. Too often those kinds of actions are taken to “tick a box” without ever moving the needle. Company leadership needs to clearly set the tone and be certain managers and supervisors are not only onboard, but executing these missions on a regular basis. As with any for-profit project, achieving diversity is a goal that requires a comprehensive plan identifying the deficiencies and setting goals and a timeline to correct them.

Ensuring that promotions and new hires reflect diversity are obvious goals, but how does a company achieve them if it does not recognize that groups are still underrepresented in its workforce despite following what it believes are anti-discriminatory practices? A few years ago, a Silicon Valley startup called GapJumpers developed a platform to allow companies to hold blind auditions for openings in lieu of the traditional application and resume review process. They developed this process from an initiative that many of the world’s classical music orchestras undertook in the 1970s to try to diversify groups of predominantly white male musicians. The results were eye-opening: 60% of the applicants that made it through the selection process for interviews were from underrepresented groups. This approach may be out-of-the-box thinking for many organizations, but the fact that many companies are still struggling to achieve their diversity goals indicates that this is the time to throw out the old playbook.

Goals need to be set high enough so they are challenging while remaining realistic considering the company’s size and turnover rate. Achieving diversity is not a quick, one-size-fits-all fix and it is not going to happen overnight. However, as with many goals worth achieving, mindfulness, perseverance and commitment can prevail.

On Data Privacy Day, Catch Up on These Critical Risk Management and Data Security Issues

Posted on by

Happy Data Privacy Day! Whether it is cyberrisk, regulatory risk or reputation risk, data privacy is increasingly intertwined with some of the most critical challenges risk professionals face every day, and ensuring security and compliance of data assets is a make or break for businesses.

buy prevacid online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/prevacid.html no prescription pharmacy

In Cisco’s new 2021 Data Privacy Benchmark Report, 74% of the 4,400 security professionals surveyed saw a direct correlation between privacy investments and the ability to mitigate security losses. The current climate is also casting more of a spotlight on privacy work, with 60% of organizations reporting they were not prepared for the privacy and security requirements to manage risks with the shift to remote work and 93% turning to privacy teams to help navigate these pandemic-related challenges. Amid COVID-19 response, headline-making data breaches and worldwide regulatory activity, data privacy is also a critical competency area for risk professionals in executive leadership and board roles, with 90% of organizations now asking for reporting on privacy metrics to their C-suites and boards.

“Privacy has come of age—recognized as a fundamental human right and rising to a mission-critical priority for executive management,” according to Harvey Jang, vice president and chief privacy officer at Cisco. “And with the accelerated move to work from anywhere, privacy has taken on greater importance in driving digitization, corporate resiliency, agility, and innovation.”

In honor of Data Privacy Day, check out some of Risk Management’s recent coverage of data privacy and data security:

CPRA and the Evolution of Data Compliance Risks

Also known as Proposition 24, the new California Privacy Rights Act (CPRA) aims to enhance consumer privacy protections by clarifying and building on the expectations and obligations of the California Consumer Privacy Act (CCPA).

Frameworks for Data Privacy Compliance

As new privacy regulations are introduced, organizations that conduct business and have employees in different states and countries are subject to an increasing number of privacy laws, making the task of maintaining compliance more complex. While these laws require organizations to administer reasonable security implementations, they do not outline what specific actions should be taken. Proven security frameworks like Center for Internet Security (CIS) Top 20, HITRUST CSF, and the National Institute of Standards and Technology (NIST) Framework can provide guidance.

Protecting Privacy by Minimizing Data

New obligations under data privacy regulation in the United States and Europe require organizations not only to rein in data collection practices, but also to reduce the data already held. Furthering this imperative, over-retention of records or other information can lead to increased fines in the case of a data breach.

buy ocuflox online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

As a result, organizations are moving away from the practice of collecting all the data they can toward a model of “if you can’t protect it, don’t collect it.”

3 Tips for Protecting Remote Employees’ Data

As COVID-19 continues to force many employees to work from home, companies must take precautions to protect sensitive data from new cyberattack vulnerabilities. That means establishing organization-wide data-security policies that take remote workers into account and inform them of the risks and how to avoid them. These three tips can help keep your organization’s data safe during the work-from-home era.

What to Do After the EU-US Privacy Shield Ruling

It was previously thought that the EU-US Privacy Shield aligned with the EU’s General Data Protection Regulation (GDPR), but following the CJEU’s recent ruling, the Privacy Shield no longer provides a mechanism for legitimizing cross-border data flows to the United States. This has far-reaching consequences for all organizations that currently rely on it. In light of the new ruling, risk professionals must help their organizations to reevaluate data strategies and manage heightened regulatory risk going forward.

The Risks of School Surveillance Technology

Schools confront many challenges related to students’ safety, from illnesses, bullying and self-harm to mass shootings. To address these concerns, they are increasingly turning to a variety of technological options to track students and their activities. But while these tools may offer innovative ways to protect students, their inherent risks may outweigh the potential benefits. Tools like social media monitoring and facial recognition are creating new liabilities for schools.

2020 Cyberrisk Landscape

As regulations like CCPA and GDPR establish individuals’ rights to transparency and choice in the collection and use of their personal data, one can expect to see more people exercise these rights.

buy doxycycline online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/doxycycline.html no prescription pharmacy

In turn, businesses need to ensure they have formal and efficient processes in place to comply with such requests in the clear terms and prompt manner these regulations require, or risk fines and reputation fallout. These processes will also need to provide sufficient documentation to attest to compliance, so if businesses have not yet already, they should be building auditable and iterative procedures for “data revocation.”

Data Privacy Governance in the Age of GDPR

As personal information has become a monetizable asset, risk, compliance and data experts have increasingly been forced to address the regulatory and operational ramifications of the rapid, mass availability of personal customer and employee data circulated both inside and outside of organizations. With new data protection regulations, Canadian and U.S. companies must reassess how they process and safeguard personal information.

Key Features of India’s New Data Protection Law

Among the new data protection laws on the horizon is India’s Personal Data Protection Bill. While the legislation has not yet been approved and is likely to undergo changes before it is enacted, its fundamental structure and broad compliance obligations are expected to remain the same. Companies both inside and outside India should familiarize themselves with its requirements and begin preparing for how it will impact their data processing activities.

Supply Chain Stability and COVID-19 Vaccine Delivery

Posted on by

As COVID-19 vaccines are rolled out around the world, effective risk management coupled with predictive analytics can help ensure supply chain stability to quickly and safely deliver them. Pharmaceutical companies and stakeholders around the world are scaling their vaccine roll-out, and concerns are emerging around logistical challenges of how to manage quick global distribution. One thing is clear: the entire supply chain’s stability needs to be monitored carefully, as a single fracture can have catastrophic effects on distribution of this time-sensitive vaccine.

Pfizer has designed an innovative logistical method to control vaccine distribution from manufacturing to local cold-storage facility. Much has been written about vaccine producers’ heroic efforts to secure upstream components such as glass vials, stoppers, and crucial vaccine ingredients, as well as the distribution packaging, including dry ice capacity, specially manufactured cold-boxes for vials, airfreight logistics and more. But very little has been reported on the downstream, or on-the-ground distribution of the vaccines around the world. As the vaccine touches down in states across the United States and countries around the world, the real distribution challenges begin.

As in every industry, risk originates in many places along the supply chain. Geopolitical risk, fraud, and third-party financial risk all must be understood if the vaccine is to reach the greatest number of people in the shortest amount of time. While some believe responsibility for distribution lies solely with individual localities, they are forgetting that the entire supply chain and logistics industry has a moral imperative to ensure that the vaccine is properly and fairly distributed.

Even with the best planning, plenty can go wrong, including:

Geopolitical Risk: If history has taught us anything, it is that some in power will manipulate the distribution of life-saving relief to their political advantage. Examples include the United Kingdom’s blockades of food to Ireland and India, Sierra Leone military juntas interfering with United Nations food relief, and Somali intelligence officers kidnapping the World Food Program’s local chief, among others. Closer to home, President Donald Trump tried to manipulate the distribution of PPE away from states that did not support his politics. Once life-saving vaccines arrive in local facilities, it will be a monumental task to distribute them fairly, and in a manner that does not give more power to local officials who seek to use them to further entrench corruption.

Financial Risk: Many organizations can stumble while rolling out distribution programs. Without proper chains of custody, fast financing, and quick due-diligence on third-party logistics suppliers, even the most well-oiled machines could fail to deliver the vaccine in a successful manner. The scale of vaccine demand is massive. Shortages are already present for raw inputs, and for critical infrastructure components. To meet these unique challenges, access to fair financing and payments should be guaranteed to all participants in the supply chain (i.e. no 90-day contracts for truck drivers who are moving the vaccines.)

Geolocation: Risks like natural and manmade disasters, lack of last-mile distribution, and poor infrastructure can all cause a single point of failure. The technology exists to ensure that vaccines are sent to the most geographically ideal local distribution hubs, and predictive forecasting should be employed to ensure the most timely deliveries.

Since risk can originate anywhere along the supply chain, everyone involved in the logistical aspect of vaccine storage and distribution needs to assess the existing systems to calculate and correlate risk. Leveraging technology is the best way to gain visibility. Rather than rely on gut instincts to determine supplier and partner risk, those in charge should use data to make decisions and consider implementing automated intelligence technology to actively predict and correlate how a change in geopolitical risk will affect the financial health of suppliers. Proactive planning is not only crucial for continuing rollout of vaccines for the current pandemic, it is also paramount in being prepared for the next pandemic.