Lootok

Menu

What's new?

Breaking the Business Continuity Mould

Breaking the Business Continuity Mould

Embrace the process, not the destination

Business continuity and crisis management is moving from its traditional roots and by-the-book implementation, to a much more disruptive—and much more effective—process. Business continuity planning has become more complex, nonlinear and inclusive of multiple third parties, and the growing ecosystem of cloud and as-a-service providers has moved much of the risk outside of the immediate control of the risk manager. This is all complicated by the inherent difficulty in getting buy-in and participation in what is often a project nobody really wants to be a part of.

It becomes even more complex when planners must prepare for a wider group of possibilities, which includes not only natural disasters, labor disputes and equipment failures, but cyber-disasters which are often not as well defined and even more unpredictable, and are based on environments and actors which have no physical boundaries.

Read Post

Lootok Resiliency Summit: The best risk managers don’t do it alone

The best risk managers don’t do it alone

How can I ensure our internal stakeholders are properly trained on risk management? How can I make sure the quality of plans is consistent within a global organization? How do I get people to care when they’re facing limited resources, budget, and time?

This is what every global risk, crisis, and security leader asks—and they’re disappointed when I tell them there aren’t easy answers. There’s no magic pill that transforms someone into a thoughtful continuity planner or an informed risk management advocate. The fact is, it takes time to educate and train stakeholders on important initiatives, and effort to establish the processes and protocol that facilitate consistency. It also may mean giving people dedicated time (especially if they’re strapped for time already) to devote towards proper training and development.

 

Read Post

Lootok: Three must-know lessons from my last business continuity site visit

Three must-know lessons from my last business continuity site visit

I often serve as an extension of our client’s risk management team. Recently, I visited a client site to implement a continuity program focused on manufacturing recovery. Approaching new sites can be a challenge, particularly for recently established programs. I’m always reminded that first impressions—of people and of programs—are lasting, and it’s not easy to spark engagement and support from local teams. In my experience, here’s what works in winning them over…

 

 

 

Read Post

Press Release: ClearView named a leader in Gartner’s 2017 Magic Quadrant

Clearview

 

ClearView is proud to announce that it has once more been positioned in the Leaders Quadrant in Gartner’s July 2017 Magic Quadrant for Business Continuity Management Program Solutions, Worldwide.

CEO Charles Boffin comments, ‘We are delighted that we have once more been recognised as a leader in the market as we continue to focus on our core principles of delivering a sophisticated and functionally-rich platform in a way that makes it easy to use and intuitive for all users, irrespective of role in an organisation. We believe our continued placement in the Leaders quadrant demonstrates our ongoing commitment to remain a key player globally in this field.’

Gartner subscribers may download the full report here.

Read the full press release on clearview-continuity.com

Read Post

Lootok CEO to share a revolutionary approach to crisis and risk management at two industry events

See Sean Murphy speak at OSAC Crisis Management Forum and APTA’s Risk Management Seminar this August


Sean Murphy, CEO of the crisis management and business continuity consulting and technology company Lootok, will share his expertise and insights at two high-profile events this year. On August 7, he will present at the American Public Transportation Association’s (APTA) Risk Management Seminar in San Diego. Immediately following the APTA Seminar, Murphy will be a featured speaker at the U.S. Department of State’s Overseas Security Advisory Council (OSAC)’s Crisis Management Forum in Minneapolis on August 8 and 9.

The APTA Risk Management Seminar is the only risk management seminar dedicated to risk management professionals involved in transit risk management. This year’s agenda features new and creative thinking for risk managers—presenting cutting-edge concepts and challenges. With transportation and public entity risk managers at all levels of experience, the seminar includes several sessions on issues that transit risk managers face on a daily basis. Sean Murphy’s session will explore a modern approach to crisis and business continuity management that allows companies to maneuver in today’s complex world of threats.

Read Post

Press release: Lootok and Nettitude partner to provide cybersecurity and crisis management services

Nettitude logo

The threats impacting businesses today are complex, insidious, and almost always have an up or downstream impact on technology. Cyber attacks are also borderless and can impact core operations as easily as business partner and supply chain operations. Therefore, when companies look to increase their resiliency they must weigh equally their operational and technological vulnerabilities.

One challenge that many organizations face is that there is no single entity governing cybersecurity and crisis management. With different reporting structures, separate budgets, and uncoordinated planning, they struggle to stay in sync. This partnership takes aim at breaking down those silos and helping organizations to get an honest and holistic view of their risk landscape.

Read Post

Press release: New leadership team paves the way for the future of Lootok

For more than 10 years Lootok has pushed the boundaries of traditional crisis management and business continuity (BC). “I launched Lootok with the singular vision of doing BC differently,” said Lootok CEO, Sean Murphy. “Global volatility and increased competition have escalated the need for companies to prepare for disruptions. While everybody knows that they should have a BC program, nobody wants to do the work. BC is only important when it’s too late, and when an incident does occur, any data and plans that have been collected typically remain untouched.”

Lootok continually confronts these challenges by offering fresh points of view on industry standards and new ways to transform programs to meet today’s highly networked environment. Sean Murphy explains: “I knew that BC was an essential part of business. The negative returns I so often saw were not the result of BC itself, but rather how it was implemented. At that point, I saw a major opportunity in going beyond the cookie-cutter approach and offering something of lasting value.”

With this goal, Lootok based its services on a deep understanding of industry expertise and interdisciplinary sciences.  Why integrate interdisciplinary sciences? It is a simple answer, according to Sean: “We get better results. Through integrating cognitive sciences, gamification, and branding concepts we capture higher-quality data, buy-in at all levels of the organization, and sizable costs savings through self-service and automation.”

2017 marked a reflective period in Lootok’s history, where the company restructured areas of the organization to yield even greater innovation and sharpened its services to Lootok clients. Lootok is excited to announce that there are four changes in its talent pool that set the stage for this evolution. 

New Lootok Leadership Team

Read Post

Crisis management: fly the plane or fix the problem, don’t do both

Learning to either manage the crisis or run the company, but not do both, is a hard lesson for most executives, as they want to do it all. Executives achieve their position through hard work, overcoming extreme obstacles, success, confidence, and leadership. It becomes difficult to let go of the organizational reigns to focus on the crisis. Likewise, it is just as difficult to let others manage a crisis while they focus on the organization. This post is a reflection of a number of executive crisis management trainings I facilitated where the executive (e.g., CEO, business unit president, segment leader) wanted to ‘fly the plane’ and ‘fix the problem.’

fix the plane

 

Read Post

How to bring crisis management back to the basics

This is a continuation of my Business Continuity Basics article.

Consider the Basics for Crisis Management Program - as with most initiatives and programs, we tend to over think when we design them. The basics reminds me of one of my favorite quotes from Antoine de Saint-Exupéry, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.

Let’s keep it simple: crisis management

When it comes to crisis management the majority of crisis teams need seven means to make timely and effective decisions based on applying judgment to available information. We need a command and control framework, critical information requirements (identification of gaps in our knowledge), intelligence, situation awareness, common operating picture, common ground, and intent.

Back to basics Lootok Crisis Management

 

Read Post

Facilitating an exercise? Find out how to reel people in!

Last month, I showed up at a client’s manufacturing site to facilitate an annual tabletop exercise. The company had recently kicked off its crisis management and business continuity initiative, so I wasn’t surprised to walk in and hear several people ask what this meeting was about, and how long it was going to last.

It is commonplace within organizations to have initiative atrophy or program of the month syndrome. People are doing more with less. Everyone is highly skilled at prioritizing work and recognizing false positive initiatives. Crisis management and business continuity can quickly get categorized as a ‘not now’ or ‘postpone as long as possible’ project in this environment. Therefore, it is important for risk and security professionals to allow our stakeholders bring themselves into the program. We need them to want the program and value the work we need them to do.

In my experience, there are usually three different types of people sitting in the room.

First, you have your evangelists, or your program advocates—they’re often the ones leading the initiative or they’ve already experienced some kind of catastrophic event. On the other end of the spectrum are those who have already decided risk management is irrelevant, so they’re checked out and sighing loudly.

But almost everyone in between is a good corporate citizen who has showed up with a printed copy of their plan because they were told to. Other than the occasional email, they’re not used to thinking about risk. You can’t blame them for wanting to just get the meeting over with and get on with their lives.

This mindset, unfortunately, is not uncommon. Whether people are unaware of the program or struggle to understand its value, it’s important to recruit them as active participants. So what are we as risk management professionals to do?

Lootok facilitate an exercise
Facilitate a successful exercise! Reel people in!

Read Post

Crisis management expert, Eric Dezenhall, kicks off the BCI Author Series

The BCI is proud to introduce our first author interview with Eric Dezenhall on April 11th, 8:30-10:30 am, at the Harvard Club in New York City.

From Tiger Woods to Michael Jackson, Eric Dezenhall has been on the front line of high-profile crisis communications and public relations. Come hear his perspective on Trump vs Clinton, BP vs Goldman, fake news and much more. Eric is a world-renowned crisis management and public relationship expert with frequent appearances on NPR, CNN, FOX, CNBC, and MSNBC. He has written for the New York Times, the Wall Street Journal, Business Week, the Los Angeles Times, and USA Today; is a regular contributor to the Daily Beast, Huffington Post and CNBC.com. Learn more about Eric.

Seating limited to 50 seats. Register now!

Eric Dezenhall

Read Post

Crisis Management, Business Continuity, and Entrepreneurship

This presentation was presented at the D.C. Analyst Roundtable. I was asked to speak on crisis management, business continuity, and how to run a program like a business. You can download the presentation from SlideShare.

yellow house

Read Post

Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum in NYC

Join me at the Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum. I will be moderating a panel on ‘The General Counsel’s Role in Business Continuity Management’. To register, contact 1-800-308-1700. Hope to see you there!

Thomson Reuters Conference NYC 2016

One of the sad realities of the “new normal” is the escalating specter of terrorism-related crises in the workplace. Though not exclusively tethered to data privacy concerns or security incidents, a business executive’s ability to manage unforeseen trauma is an essential (and largely unspoken) part of the modern day job description. This interactive workshop offers timely, practical, scenario-based coaching on how to handle the unforeseen at a moment of supreme hardship. Participants will walk away with a clear understanding of core tenets of business continuity management, as well as key techniques for coping with or better understanding terrorism’s ineffable vicissitudes.

Where: The Metropolitan Club
When: November 16, 2016, 1:45pm to 2:45 pm
Topic: Darkness Descends: The General Counsel’s Role in Business Continuity Management

 

Read Post

Lootok presents at the DC Analysts’ Roundtable

Join me at the DC Analysts’ Roundtable on November 14th!  I will be presenting on Business Continuity & Crisis Management.

The DC Analysts’ Roundtable is a collaborative body of practitioners in the fields of intelligence and risk analysis from the private sector and federal, state, and local agencies. The Analysts’ Roundtable promotes the professionalization of the intelligence and risk analysis communities through the sharing of best practices, information, and analytical training. Sign up by contacting DC.Analysts.Roundtable@gmail.com. Look forward to seeing you there!

Location: Lockheed Martin Global Vision Center Auditorium, 2121 Crystal Drive, Crystal City (Arlington), VA
Date: November 14, 2016, 12:30pm - 5:30pm
See full event details here.

DC Analysts Roundtable 2016

 

Read Post

Lootok presents at the Enterprise Risk Management Summit

Join me at the Enterprise Risk Management Summit in Las Vegas on November 2, 2016!

I will be speaking with Andrew Miller from ADP about linking reputation management, business continuity and crisis planning to strengthen risk resilience.

Where: Rio All-Suite Hotel & Casino in Las Vegas
When: November 2, 2016, 9:00am
What: Linking reputation management, business continuity and crisis planning to strengthen risk resilience

ERM conference 2016
We look forward to seeing you in Las Vegas!

Read Post

What is the best way to tell stories as means to communicate - Cliff Atkinson on Fresh Perspective

 

Read Post

How would a physicist approach risk management - Mark Buchanan on Fresh Perspective

 

Read Post

How to use Scenario Planning in Risk Management - Thomas Chermack on Fresh Perspective

 

Read Post

Gartner names ClearView a leader in its 2016 Magic Quadrant for BC software

Lootok is proud to announce that ClearView, our trusted software partner,  has been positioned in the Leaders Quadrant in Gartner’s July 2016 Magic Quadrant for Business Continuity Management Planning Software, Worldwide.

Gartner: Magic Quadrant

CEO Charles Boffin comments, “We are delighted that we have been recognized as a leader in the market as we continue to focus on our core principles of delivering a sophisticated and functionally-rich platform in a way that makes it easy to use and intuitive for all users, irrespective of role in an organization. We believe our transition from the Challengers to Leaders quadrants demonstrates our continuing commitment to remain a key player globally in this field.”

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Snowflake Syndrome: when should we be unique vs. boiler plate?

One of the challenges we have in risk management, crisis management, and security management is striking a balance between customized and standard solutions. Customized solutions and approaches tend to be more expensive now (implementation) and later (maintenance). However, customized solutions resolve specific requirements. Standard solutions tend to be cheaper, but we don’t get exactly what we want. Our challenge is balancing requirements and spend to get the most out of our budgets.

When is good good enough?

Jeremy Stynes, Lootok’s CCO / CTO, has coined a term he calls Snowflake Syndrome. Snowflake syndrome is when someone believes that they are so unique they demand special attention and design - but reality is ... they’re not special. They believe their project/initiative/program is one-of-a-kind, a snowflake. The challenge of the Snowflake Syndrome is rooted in people’s mental models. People can suffer from the syndrome when they confuse their personal uniqueness, or desire to be unique, with the organizational program they are responsible for. It can also come from working in organizational environments that lack standardization and procedures; therefore snowflake solutions are everywhere. It is easy to believe you are a snowflake when everything and everyone around you is a snowflake. Snowflake thinking can lead to overly complex (unique) design and processes. Anytime we see inconsistent design or costly overruns the snowflake syndrome is close by.

Snowflake
Snowflake syndrome

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

Does a centralized crisis management structure make sense?

My colleague Christopher Rivera attended an inter-agency exercise where he had a few heated discussions on the topic. He argued in favor of a decentralize model with centralize support (Lootok’s philosophy), whereas a number of his colleagues at the table argued for dedicated central crisis management team that did everything. His colleagues at the table believe in Power to Center, where Lootok believes in Power to the Edge.

The desire to centralize is our natural predilection to try to simplify things and codify procedures to create predictability and reduce errors. The problem with Power to Center, an autocratic centralized model, is that it requires control, prediction, time, and universal knowledge of everything. Unfortunately, control is not possible in complex adaptive environments where there are many independent actors. Control requires prediction as well adequate levers of manipulation. Both requirements are in little supply in the crisis environment. Time is always working against us in today’s global 24/7 environments. In global organizations, knowledge of the local environment and threat effects are necessary to be able to optimally manage and respond to a spectrum of threats. The centralize desire to take the human element out of everything, which is the most important factor in the equation, is almost irresistible.

In complex environments, orderly processes and centralized decision making are ineffective. We also can’t codify a set of procedures for a nonlinear complex event because we have to take the context into account. Independence and improvisation are essential. Decentralize structure (local, country, regional) works best when the threat is within the leadership command and control accountability and responsibility.

Centralized structure
Does a centralized crisis management structure make sense?

Read Post

History of Lootok: Where did it all start?

“I have come to the frightening conclusion that I am the decisive element. It is my personal approach that creates the climate. It is my daily mood that makes the weather. I possess tremendous power to make life miserable or joyous. I can be a tool of torture or an instrument of inspiration, I can humiliate or humor, hurt or heal. In all situations, it is my response that decides whether a crisis is escalated or de-escalated, and a person is humanized or de-humanized. If we treat people as they are, we make them worse. If we treat people as they ought to be, we help them become what they are capable of becoming.” - Johann Wolfgang von Goethe

Lootok began at the end of my corporate consulting career ten years ago. The company I worked for was facing yet another management regime change, and I was at a point where I just could not take it and its inevitable political alliances, new taglines and mantras, unrealistic goals, and working 70 hours a week without recognition. We had a saying around the office: “The beatings shall continue until moral increases.” I finally called bull$%*& and starting saying and doing what I thought was right. It was my Jerry Maguire moment, and I was soon shown the door.

Lootok yellow logo

Read Post

How soon do you need to communicate after a crisis?

I was working with an executive team on a crisis scenario, when one of the leaders asked a question on crisis communication. He asked, “How soon do we need to communicate? 5 minutes, 10 minutes, 1 hour, 1 day, …?” He was looking for a precise number to evaluate a few past incidents that were on top of mind for everyone in the room. I gave the common answer, but right answer, of “it depends”. He gave a look of dissatisfaction and made a discrediting posture. I went on to share a few basic statistics from Daniel Diermier’s research (author of Reputation Rules) such as “online news stories suggest that the typical window is only eight hours; 20% of all news stories on a given issue are published within an eight-hour period; so forth.” Some time has passed since the exercise. After some thought, I want to provide executives with six (6) crisis characteristics to consider when determining when and how to communicate.

Crisis communication meeting
When should you communicate?

Read Post

Lootok lights up the RIMS’16 Go Beyond conference

Please join us at RIMS’ annual conference in San Diego, April 10-13, 2016.  Lootok’s CEO and President, Sean Murphy, will be speaking at three separate events. The schedule for his sessions is listed below.

You can also get a sneak peak of Sean’s session on “Five Essential Crisis Management Capabilities” live on Twitter through RIMS live tweet chat. Join the conversation by following and using #RIMS16Chat on March 9, 2016 at 2:00pm EST.

RIMS organization logo
RIMS’16 Go Beyond

Read Post

What are the signs of an organization at risk for crises?

For some organizations, a crisis is the only catalyst for change.

Sharing a few thoughts on recognizing the signs of an organization at risk for crises. I have not performed a thorough analysis; however, I have a few reoccurring observations. I have observed three (3) common corporate attributes that lead to big corporate crises, which can be used to justify investments into our risk management programs—beyond credit, liquidity, and market risk:

  1. Incidents and near misses
  2. Targets and spending
  3. Incentives and self-regulation
person in crisis
Signs of a crisis

Read Post

Fresh perspectives: insights

What happens when we’re in a crisis we haven’t seen before, and our experience is insufficient? Such a situation requires us to gain “insight,” or develop new patterns that change the way we understand things and consequently, change the actions we consider. Research psychologist Gary Klein investigated the different ways that people form insights, and the factors that prevent us from having them.

Read Post

Fresh perspectives: crisis management team

There are certain challenges that face a crisis management team in the “Golden Hour,” the moment when team members convene to make critical decisions. Research psychologist Gary Klein discusses the need for team members to size up not only the situation, but also each other’s capabilities, roles, and responsibilities at time of event. That’s why it’s key for a crisis management team to regularly practice and train together.

Read Post

Fresh perspectives: uncertainty metaphors

How do most organizations handle uncertainty? They gather more information. Research psychologist Gary Klein explains why this isn’t always the best course of action. After all, it’s easy to gather information and sit on it; it’s harder to know how to make sense of events, and make a coherent story based on the data we have.

Read Post