Lootok

Menu

What's new?

Avoid the “wait-for-impact”​ culture - on your mark, get ready, get ready, get ready…

In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.

Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.

This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.

Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.

get ready,stay alert, take action, Lootok
Get ready, stay alert, take action!

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

5 fresh perspectives: seeing the world differently

Why do we even need a fresh perspective on BCM?

As we grow and learn from our experiences, observations, and interactions with other people, we form frameworks that help us understand the world around us and give us cues as to how to respond or behave. These frameworks give us our own personal blueprint as to how and why things work.

For example, most people have automatically come to understand that when your phone rings, you answer it and say, “Hello?” When someone sneezes, it’s likely you’ll hear someone else say, “Bless you.” If you want to make an omelet, you need to break a few eggs. Et cetera.

The problem is, frameworks are built on individual experience. And sometimes we get it wrong. And when we get it wrong, we’re presented with challenges that are extremely difficult for us to understand and negotiate.

This is the first in a series of e-books that examines the typical ways we’ve found people think about risk management. A fresh perspective is important, as many of the frameworks we’ve built around the process—as well as the product—tend towards the negative. Our goal is to identify how and why we’ve developed these frameworks so we can do something about them.

Isometric grey image

Read Post

Debunking myth #4: It gets cheaper and easier

Keeping a BCM program alive doesn’t get cheaper or easier over time. In this eBook, we’ll talk about why.

Download It gets cheaper and easier, the fourth myth in Lootok’s series on the five myths of business continuity management (BCM)!

It gets cheaper and easier
Myth #4: It gets cheaper and easier

See Myth #1: The plan is the promised land.
See Myth #2: You need a business impact analysis (BIA).
See Myth #3: The risk matrix measures risk.
See Myth #5: Best-in-class BCM software exists.

Read Post

Debunking myth #3: The risk matrix measures risk

The risk matrix is a standard tool commonly used in risk assessments. It’s straightforward to use, and easy to explain. The only trouble is, the risk matrix doesn’t actually forecast or measure risk.

When used as a quantitative tool, the risk matrix is misunderstood. Our challenge as practitioners is to recognize the limitations of the risk matrix, so we can use it in a way that increases understanding of the threats around us. In this eBook, we explore how.

Download The risk matrix measures risk, the third myth in Lootok’s series on the five myths of business continuity management (BCM)!

The risk matrix measures risk
Myth #3: The risk matrix measures risk

See Myth #1: The plan is the promised land.
See Myth #2: You need a business impact analysis (BIA).
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Debunking myth #2: You need a business impact analysis (BIA)

Many of us business continuity management (BCM) professionals are convinced that a business impact analysis (BIA) is a “must-have” for any company. On top of that, we often believe the more information we gather, the better. But after the enormous effort to collect mountains of data and conduct endless interviews, we end up with little value to show for it.

Doing a BIA is expected of us, but do companies actually need a BIA? I guarantee that conducting an extensive BIA project is a quick way to exhaust your resources, stall your program agenda, and taint the reputation of your program. But if you’re willing to question why you’re doing a BIA, and then facilitate the process in a practical way for participants, you can maximize your investment. This eBook explores how to do this, and why it matters.

Download You need a business impact analysis (BIA), the second myth in Lootok’s series on the five myths of business continuity management (BCM)!

You need a business impact analysis (BIA)
Myth #2: You need a business impact analysis (BIA)

See Myth #1: The plan is the promised land.
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Debunking myth #1: The plan is the promised land

As BCM professionals, we’ve long believed in the myth that a plan is our key to recovery during a disruption. Often, we hyper-focus on the plan as undeniable proof that the right actions will be taken in an incident. This is the worst possible approach. Learn why in our eBook, The plan is the promised land, the first in Lootok’s series on the five myths of business continuity management (BCM)!

The plan is the promised land
Myth #1: The plan is the promised land

See Myth #2: You need a business impact analysis (BIA).
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

10 lessons in crisis management

When bad things happen, companies can’t afford to just react on the fly. Successful management of a crisis requires understanding how to handle an event, before it occurs. Staying competitive in the marketplace means taking a more proactive approach to crisis management. Here’s how.

A matter of hours or days is all it can take for a crisis to destroy a company’s reputation.

Read Post

Emergencies happen. Are you ready?

September marks the 10th annual National Preparedness Month – a nationwide, month-long effort sponsored by the Federal Emergency Management Agency (FEMA) to encourage everyone to prepare and plan for emergencies. Across the country, there are a host of free educational events focusing on topics such as CPR training, preparedness outreach, and family safety.

family safety
family safety

 

Read Post

Preparing for Nemo: What to do when a severe winter storm hits

With the winter superstorm Nemo rapidly approaching the Northeast with expected impact in major hubs like Boston and New York City, make sure your people know what to do in the event of a severe winter storm. Here are some last minute tips on what to do when it strikes.

nemo
A different kind of Nemo

 

Read Post

Have yourself a crisis-free christmas

Ah, Christmas…. a time of yuletide cheer, decorating the tree, opening presents, office holiday parties, and of course, eggnog. All the things that make the holiday season so special… and so dangerous? If you’re feeling overcome with Christmas cheer, leave it to the business continuity professionals to put a damper on those holiday spirits with this list of top holiday risks.

Read Post