What’s Next: Crisis Communications Planning

What’s next? We asked ourselves this question after 9/11 and after the great recession, and we’re asking again, now in the midst of a pandemic. The answer, of course, is no one knows. It could be another terrorist attack, another pandemic or another financial crisis, or more likely, something we never imagined.

One thing is certain: we need our organizations to be prepared. It’s better to plan for the worst and hope for the best.  Those with a Business Continuity Plan/Emergency Preparedness Plan, Crisis Response Plan — or whatever you want to call it — will be better equipped to respond quickly and effectively.

Communications are a big part of any plan, and whether you have a stand-alone crisis communications plan or one integrated in an overall BCP, you should have one. And now, while we’re all thinking about the impact COVID-19 has had on our organizations, is a perfect time to get started. Below are some guidelines to get started.

Learn from the past

Start by taking a look back at how your organization responded to the COVID-19 outbreak. What did you do right? More importantly, what did you do wrong? What resources will you need if something like this happens again? What are the risks to your business?

For example, were you equipped to communicate quickly and accurately with your clients? If you were contacted by the media, did you have media response protocols in place? Were you effective in keeping your employees informed and productive? Was there a process in place to timely convey mission-critical messaging to vendors, suppliers or your sales force?

Gather a team

You’ll respond as a team, so prepare as a team. Put together a crisis response team that covers executive management, legal, human resources and those responsible for communications and relationships with your key stakeholders—clients, shareholders, employees, media, etc.

Evaluate your risks

Next evaluate your risks. Where is your organization vulnerable? What type of crises could damage its reputation? Are those responsible for managing and responding to a crisis trained and ready to do so? By answering these questions, you’ll know what you need to do to prepare.

Write the Plan

There are several key components to a crisis communications plan:

  • Introduction: Why the plan is important and how it fits into your organization’s overall missions and structure.
  • Scope and Objectives: What the plan is designed to accomplish, what it covers and what it is does not.
  • Vulnerability Assessment: As discussed above, where the organization is vulnerable what that means for the plan.
  • Crisis Communications Team and Responsibilities: Names, contact information and responsibilities of each team member. Include external resources such as public relations agencies, legal counsel and other experts.
  • Media Response Procedures: Who are the primary and secondary spokespeople and what is the protocol throughout the organization in responding to a media inquiry. Social media should be addressed as well.
  • Plan Triggers: What type of event will trigger the plan, from contagions, data breach to natural disasters to unexpected legal action or negative media coverage.
  • Communications response: Step-by-step guide to activating the plan (team member contact, assessment and next steps), planning and execution (determining a response and delivering messaging) and evaluation and follow-up.
  • Messages and prepared communications: While messaging will be tailored to each situation, some core messaging around specific types of crises can be done in advance to ensure consistency with brand and reputation.

A crisis communications plan, like a BCP, is a living, breathing document that should be practiced with tabletop exercises or other training tools, and updated at least once a year and always after a new crisis.

It’s also a good time to contact a crisis communications professional and tap into his or her expertise. It’s an investment that can pay dividends when the unexpected happens.

#WheresZuck and the Issue of Trust

no fb

Five days. That’s how long it took for Mark Zuckerberg to respond publicly after the revelation that Facebook data was used by U.K.-based Cambridge Analytica to aid the Trump campaign. During that time, Facebook stock lost more than $30 billion in value and #deleteFacebook swept other social media platforms.

Did he respond as fast as possible, gathering all the facts and developing a plan? Or did he wait too long? I’m always a fan of a fast response in the face of a crisis, but also of a response that is strategic and made with all the facts. So, look at the Facebook timeline:

On Monday Paul Grewal, deputy general counsel at Facebook, made the first comment, saying in an email that the company is taking action to make sure the data harvested has been deleted: “We are in the process of conducting a comprehensive internal and external review as we work to determine the accuracy of the claims that the Facebook data in question still exists,” he said. “That is where our focus lies as we remain committed to vigorously enforcing our policies to protect people’s information.”

Monday’s news read like this CNBC report: “The future of Facebook as an advertising platform was called into question by marketers, lawmakers and privacy activists on Monday after revelations that its data on 50 million users was harvested and used by Donald Trump’s political ad firm in 2016.” A hashtag also appeared: #WheresZuck, a sign that the world was waiting for the founder to speak.

On Tuesday, Facebook went further in a statement: “Mark, Sheryl and their teams are working around the clock to get all the facts and take the appropriate action moving forward, because they understand the seriousness of this issue. The entire company is outraged we were deceived. We are committed to vigorously enforcing our policies to protect people’s information and will take whatever steps are required to see that this happens.”

Their strategy was clear: to say that they, too, were victims who were violated and they would take strong action. They also promised Mark would speak on Wednesday—by which time #DeleteFacebook was trending, a WhatsApp cofounder had joined the movement and tens of thousands of users had, indeed, deleted Facebook. Plus, governments on both sides of the Atlantic were calling for more regulation.

When Mark finally spoke on Wednesday, putting a long statement on Facebook, he took responsibility and laid out a plan to ensure this doesn’t happen again. But he stopped short of apologizing (which he did later in media interviews).

So, was five days too long to wait for the Facebook response? It seems so. Even if they needed time to gather all the facts and formulate a plan, Zuckerberg could have posted this himself, because it seems his audience only would hear from him, something he should have known. And what was never addressed was why nothing was disclosed about a problem that may have known about since 2015.

Dante Disparte outlines the problem nicely:

The coat of Teflon that usually shields Facebook and its affable leader, Mark Zuckerberg, who has matured into a techno statesman in the public eye, is beginning to wear thin. Facebook now joins a growing number of firms embroiled in a trust deficit with a case of reputation risk whiplash. …Facebook’s eroding market confidence appears to be self-induced by 5 days of silence and lax third-party risk management. Reports of more than 50 million personal records being accessed by Cambridge Analytica… is not only a terrible violation of consumer privacy, it highlights how trust (the new thrift of the modern economy), is hard to earn and easy to lose. (Read more in Disparte’s Wednesday article in Forbes.)

Losing the trust of regulators, business partners and the public—that’s what happens when your response to a crisis is too little, too late.

 

How can hotels use social media during a crisis response?


Photo credit: Mark Emery Photography via Foter.com / CC BY-NC-ND

The majority of hotels recognize the critical need for crisis response planning. But have they factored in social media? Over at Hotel Executive, Gary explains eight ways hotels can be effectively using social media during a crisis response.

 

Will it all come out in the wash?

I’m on my way back from The Clean Show, where there was tremendous interest in my TRSA-sponsored educational session, “Crisis Communications: A Practical Guide to Protecting Your Reputation.” Whether they were commercial laundry operators or others in the textile industry, attendees recognized the importance of communicating effectively in a crisis.

A massive, cylindrical washing machine

Space ship or tunnel washer? You decide.

Among the highlights of my presentation were:

  • Having a crisis response plan that includes communications protocols for media, customers and other key audiences.
  • Identifying a spokesperson who can represent the company well.
  • Dos and don’ts of media interviews, focusing on honest, open communications.
  • Preparing talking points that drive all answers in media interviews.
  • Incorporating social media in a crisis communications plan
  • The role of leadership in navigating a crisis effectively.

Following the presentation, TRSA hosted a press conference to unveil results of a new survey that reported business and consumer perspectives on service professionals wearing uniforms. The conference also unveiled the new TRSA animated video we developed with videographer Tom Donnelly.

Opening day on the trade show floor was eye opening with the size of the equipment and advanced technology used by the commercial laundry industry TRSA represents. For me, it was a valuable window into an important, far-reaching industry.

A large green banner depicting a women clutching plastic saying "sometimes I feel like I'm drowning in plastic."

The laundry industry has a bright green streak.

How to integrate social media in crisis communications


ePublicist / Foter / CC BY-ND

A crisis is a time of uncertainty that requires the careful management of information. If you don’t move quickly to present the facts and explain your position, then others will do it for you – and that puts the accuracy of the words and images they use beyond your control.

The words and images you use can either spell success and strengthen your future or damage your company’s reputation for years to come. The impact of social media on the crisis communications process has been significant.

Today information flows faster is more complex and independent. It is spread through multiple channels, and as a result, is often less reliable and more difficult to control. You often have just a few hours or minutes to communicate.

Social media must be fully integrated in your crisis communications plan. That means, your social networks are of equal import as other audiences and your community manager should be an effective communicator, as well as a media-savvy professional with appropriate technical skills.

Messaging must be also consistent with other channels, but appropriate for social networks. Candor is expected and an authentic voice is critical.  And, as crisis communications is a two-way process, listening through your social networks can inform your communications with many different audiences.

Above all, you need to consider and plan for all contingencies. Each type of crisis should be considered. Social media will play a critical role in communicating during and after natural disasters, terrorist attacks, cyber breaches and, of course, crises created by social media. But also consider its role in financial crises, human resources issues and (in the insurance world) claims and service issues.

Join me on Thursday, Feb. 12, 2015 at 11 a.m. EST for the IMCA webcast, “Integrating Social Media in Crisis Communications,” where I’ll explore these issues in more detail.

Three Crisis Communications Mistakes Companies Make

morner / Foter / CC BY-NC-SA

In the shadow of the Boston Marathon tragedy, it’s painfully apparent – if it wasn’t before – that crisis scenarios are part of our collective new normal. From threats of terrorism and senseless acts of violence, to economic chaos and world events, crisis events can easy overtake the best-laid plans of any business.

At these times, there is a balance to be struck between business operations and consideration of outside events. Customers don’t want to be marketed to and reporters don’t want your new product press release in times of crisis. In addition, your own employees – even many miles removed from events – might struggle to cope with news from towns like Boston, Aurora, Colo., Sandy Hook, Conn., West, Texas, and others.

What do you say or do as a business owner or manager? Your response in such times must be genuine, sensitive to events and true to the culture of your organization. There is no one-size-fits-all communication solution.

However there are three things you should not do in a crisis. Don’t:

  1. Continue Your Social Media Strategy as Planned. The moment you start receiving breaking news alerts via smartphone apps, email or after watching the news, you need to assess the impact of your planned social messaging. Think about how your messages might be received against the backdrop of what is happening in the news. In most situations, you should pull your planned content immediately and take a wait-and-see approach for at least the first 30 minutes of the news event. This means deleting or rescheduling posts in HootSuite, TweetDeck and other social dashboards.
  2. Assume It’s Not a Big Deal for Your Brand. Gather your public relations and marketing teams to evaluate next steps. Create a plan for what your external messaging (including social media) needs to look like in the first hours and, in some cases, the next several days after a national or global event. Poor planning can lead to significant customer backlashes and damage your brand. You need only look at American Apparel, GAP and others whose early social media efforts during Hurricane Sandy not only failed, but angered customers by appearing insensitive to those in Sandy’s path.
  3. Ignore Your Crisis Communications Plan. If you have a Crisis Communications Plan, use it. This valuable tool will detail a methodical strategy and tactics for handling relevant crisis situations. Don’t try to wing it in the middle of a crisis. You’re more likely to miss something, and the risks can be enormous. If your plan is out of date or, worse, if it doesn’t exist, set a goal for updating or creating one and use the current scenario as a case study (for better or worse) to help guide your Crisis Communications Plan development later.

While you cannot plan for every eventuality, a good Crisis Communications Plan will best ensure your brand is protected while also being sensitive to events outside of your control.

Photo credit: morner / Foter / CC BY-NC-SA

Hack of a Whopper

On Feb. 18, 2013, Burger King's Twitter account was hacked garnering national media coverage and the ire of brand followers.

On Feb. 18, 2013, Burger King’s Twitter account was hacked garnering national media coverage and the ire of brand followers.

Crisis happens. When the crisis involves social media, it can have one heck of an impact on brand.

When Burger King’s Twitter handle was hacked today, the brand’s logo was changed to that of McDonald’s. The hackers also posted crude language, @ messages to questionable accounts, and video and photographs that had little to do with the brand and no doubt annoyed followers. Oddly, they boosted Burger King’s followers by more than 20,000 before the account was suspended.

Twitter followers noticed, as did CNN, ABC News and Fast Company’s Teressa Lezzi who published stories about the hacking within minutes.

If you manage a Twitter account for a brand and that account is hacked, what steps should your crisis plan include?

At the first indication of trouble, immediately log in and change the password. If you are able to log in and change the password, go into your settings and review all of the third-party apps connected to your account. Revoke access to all third-party apps until you can better assess the situation. (Be sure to revisit these apps once the situation is under control to ensure all brand account functionality.)

If you are not able to access the account and change the password, go to the Support Request section of Twitter and under Account Access select the “Hacked account” option. This will give Twitter the necessary “heads up” to suspend your account and avoid endless amounts of spam being sent to your followers. It will also allow you to reset your password.

While you work to regain control of your Twitter account, post a notification to your brand’s blog, website and other social platforms. This notification should simply state:

  • Your Twitter account has been compromised
  • You are working to remedy the situation, and
  • Your Followers should not click on any posted links until otherwise notified.

Such action lets your followers know you are aware of the situation. It can even foster good will among followers irritated by the hacking event.

As a precaution, make sure you use a secure password including letters, numbers and capitalization that cannot be easily determined. This password – especially if multiple people have access to the account – should be changed regularly.

Using dashboards like SproutSocial or HootSuite can also help minimize risk. We also suggest you follow @Safety or @Spam to stay alert to the latest spammer activity or malware.

Some crises can’t be avoided. But they can be mitigated through close monitoring, training and ensuring a workable plan is in place.

Interested in training your team to handle a social media crisis? Email us at info@kimballpr.com for information.

Sandy, Superstorm, Frankenstorm—How Agencies Should Handle Any Storm

Solitude / Foter / CC BY-SA

Like many fellow communications professionals, hearing the words “Frankenstorm” didn’t scare us away from our workdays this week. Some of us may have faced the effects of Hurricane Sandy head-on like one Philadelphia editor, but, for many of us, we could sit at home and work right from our smartphones and laptops without having to feel a raindrop (hopefully.)

So, when the business world is taking a “hurricane day,” what do you do? The answer to this is something agencies hopefully had prepared yesterday.

PR agencies can’t put a “Closed” sign on their email accounts or turn off their smartphones just because they can’t drive to work. Unless major wires are destructed or phones lose the last of their battery life, PR agencies can remain open for business.

Employees need to be prepared to deliver to their clients, communicate effectively with one another and, most importantly, protect themselves, whether a record-breaking hurricane hits or the power just happens to blow out on a perfectly sunny day.

The Quiet Before the Storm

Just as you would prepare for a client—prepare your own crisis communications plan before the event of a crisis. The news and National Weather Service prepared us for a worst case scenario for this #Superstorm, so agencies should be just as ready for their clients and themselves.

As Entrepreneur.com suggests, assess any possible risks your company may face, including weather events and property damage. Moreover, consider what to do if key employees are absent or unavailable; keep contact lists and passwords in a safe, accessible place.

Make the communications plan known to employees throughout the year so your team can navigate as smoothly as possible through a workday with turbulent weather.

On the Big Day

Just like any regular morning meeting, the first step in tackling a storm is to set up a virtual team meeting and prioritize. Over a conference line or chat room, discuss top deliverables that must be completed.

Next to consider is your clients. Alert your clients via email, Twitter—any channel necessary to inform them that you are available to fulfill their needs.

Throughout the day of a disaster, keep your co-workers and clients continually updated on work progress, as well as your safety, and follow these tips from PR News to work from home most successfully.

Finally, keep yourself safe and pass work onto others if you begin lose access to forms of communication. And, if you find yourself sitting in the dark, pull out your nearest candle, take out the old ereader—I mean book—and just wait until the storm passes.

Photo credit: Solitude / Foter / CC BY-SA

Ten Years Later – Are You Ready for a Crisis?

*Originally published in IMCA’s membership newsletter

In March 2002 I walked into conference workshop on behalf of an insurer to do a presentation on crisis response. It was the same conference and topic that I had presented the year before to about 40 people. This year there was 250 people. They moved me into a ballroom.

Once I got my nerves under control I asked myself what had changed? September 11, 2001, of course. The World Trade Center attacks had put crisis preparedness on everyone’s agenda.  There was a mass wake-up call that we had to be prepared for the unexpected.

Ten years later, I’m not sure we are. In talking to friends in the industry, it is surprising how many companies still define a crisis too narrowly, forget to make communications a cornerstone of the plan, or don’t update their plans to account for new developments like social media.

Even in insurance, an industry that is all about evaluating risk, it is too easy to get complacent. That’s big mistake.

Here is a quick checklist to see if you are really prepared:

Your crisis response plans take into account all types of crises.

The point of a crisis is that it often comes on quickly and unexpectedly. Two things we do know is that you can’t fully predict how a crisis will unfold and you can’t start planning once it happens. So a crisis response plan should cover any eventuality – even if you don’t think it will happen. That means terrorist attacks, natural disasters, medical emergencies (think H1N1), internal corruption, financial issues, employment issues and more.

Your plans include input from everyone who should be involved.

A planning team should include not just public relations and operations, but your lawyers, customer service, human resources, outside emergency management officials and more. You want everyone from every department involved in planning – and engaged in the response.

Communications is a cornerstone of the plan.

Too often a crisis plan hinges more on logistical, financial and legal issues and not on communicating with all your stakeholders – customers, community, shareholders, employees, partners, vendors, etc. In today’s world you are judged by how well you communicate. Be ready, do it well, and you can improve your image during the crisis.

Your media response and social media plans are solid.

You must have designated spokespeople and clear protocol to ensure your company is speaking with one voice, and one consistent and effective message. Get media training for all key players, taking into account all media. And make sure social media is integrated in your plan – how will you monitor and respond using social media?

You have a strong leader who can be your spokesperson and communicate effectively.

You need strong leadership in a crisis. Rudy Guiliani made his mark after September 11. Is your CEO the right one to communicate in a crisis? While he or she is the first and obvious choice, it may not be the best. Remember BP’s CEO Tony Hayward?

Your plan is updated annually and takes into account new developments.

There is nothing worse than creating a good plan and sticking it on the shelf to collect dust. Plans only work if there are frequent updates and practice. We used to estimate that you had to be able to communicate effectively within 24 hours of a crisis. Now, with social media, you must be able to act in an hour. That’s not a lot of time.

If you can’t check off everything in this list, then it’s probably a good idea to take a fresh look at your crisis response planning.  Remember, those first hours after a crisis are crucial to how your stakeholders will perceive your company’s image. Don’t skimp on the time and money in good planning – or you’ll be paying a lot more later to clean up the damage.

Sony’s Hacking Response: The Good, the Bad, the Vague

As you have probably heard, Sony has revealed that their customer databases have been hacked twice in the past month, potentially affecting users of their PlayStation Network, Qriocity and Sony Online Entertainment products. Not only have legions of gamers been dealing with a blackout of services that they pay for and fear that their credit card information may have been stolen – but Sony failed to inform them of this massive cyber attack for a week.

According to news reports, Sony learned that they had been hacked on April 19th, took down PlayStation Network service on the 20th, and told customers seven days later, on the 27th. Sony maintains that they were unaware of the breadth of the attack until much later, but I’m not sure that is a good reason for their failure to inform customers more quickly.

Sony gamers, internet security experts, and the odd politician are angry that Sony waited so long. From a PR perspective, the outlook is equally troubling. Sony had an opportunity to take control of the situation and keep this group of highly engaged customers as happy as possible considering the circumstances. Instead, they have turned a challenging situation into a major image problem.

However, I do think some of the lambasting from the press is unwarranted. Sony could have provided more information up front, but they have made great use of the PlayStation blog to consistently communicate with their customers, including lengthy customer Q&As. Of course, the content of that communication could have been better early on.

What do you think? Could Sony have communicated better about this security breach?