Lootok

Menu

What's new?

Lootok CEO to share a revolutionary approach to crisis and risk management at two industry events

See Sean Murphy speak at OSAC Crisis Management Forum and APTA’s Risk Management Seminar this August


Sean Murphy, CEO of the crisis management and business continuity consulting and technology company Lootok, will share his expertise and insights at two high-profile events this year. On August 7, he will present at the American Public Transportation Association’s (APTA) Risk Management Seminar in San Diego. Immediately following the APTA Seminar, Murphy will be a featured speaker at the U.S. Department of State’s Overseas Security Advisory Council (OSAC)’s Crisis Management Forum in Minneapolis on August 8 and 9.

The APTA Risk Management Seminar is the only risk management seminar dedicated to risk management professionals involved in transit risk management. This year’s agenda features new and creative thinking for risk managers—presenting cutting-edge concepts and challenges. With transportation and public entity risk managers at all levels of experience, the seminar includes several sessions on issues that transit risk managers face on a daily basis. Sean Murphy’s session will explore a modern approach to crisis and business continuity management that allows companies to maneuver in today’s complex world of threats.

Read Post

Join Lootok in Philly for RIMS 2017!

As you are making plans for the RIMS 2017 Conference in Philadelphia, make sure you don’t miss Lootok’s Sean Murphy and Jeremy Stynes speaking on Monday, April 24th. They will be exploring the psychology of risk, sharing innovative ways to market your program, and breaking down traditional myths of Business Continuity Management. All in our signature, non-conventional Lootok way. We hope you come and join us!

RIMS 2017: April 23-26th, 2017 | the Pennsylvania Convention Center | Philadelphia

Lootok Sessions on Monday, April 24 :
12:00 – 12:25 pm | Market Your Program Like a Product | Jeremy Stynes, President
1:00 – 1:25 pm | Five Myths of Operational Risk and Business Continuity Management | Sean Murphy, CEO
3:00 – 4:00 pm | Risk Shrink: Exploring the Psychology of Risk | Sean Murphy, CEO, Lootok; Hester Shaw, Internal Control Framework Director, GSK

Lootok Rims 2017 Philadelphia cheesesteak
Join Lootok for some juicy sessions on Business Continuity!

 

Read Post

The future of resiliency is not resiliency

Zona Walton [ADP - Global Business Resiliency] and I spoke at a private conference last month. The title of our session was The Future of Resiliency. We explored the idea that the future of resiliency isn’t resiliency; that is, it will be something else.

Lootok future of resiliency
The future of resiliency is not resiliency.

Read Post

Facilitating an exercise? Find out how to reel people in!

Last month, I showed up at a client’s manufacturing site to facilitate an annual tabletop exercise. The company had recently kicked off its crisis management and business continuity initiative, so I wasn’t surprised to walk in and hear several people ask what this meeting was about, and how long it was going to last.

It is commonplace within organizations to have initiative atrophy or program of the month syndrome. People are doing more with less. Everyone is highly skilled at prioritizing work and recognizing false positive initiatives. Crisis management and business continuity can quickly get categorized as a ‘not now’ or ‘postpone as long as possible’ project in this environment. Therefore, it is important for risk and security professionals to allow our stakeholders bring themselves into the program. We need them to want the program and value the work we need them to do.

In my experience, there are usually three different types of people sitting in the room.

First, you have your evangelists, or your program advocates—they’re often the ones leading the initiative or they’ve already experienced some kind of catastrophic event. On the other end of the spectrum are those who have already decided risk management is irrelevant, so they’re checked out and sighing loudly.

But almost everyone in between is a good corporate citizen who has showed up with a printed copy of their plan because they were told to. Other than the occasional email, they’re not used to thinking about risk. You can’t blame them for wanting to just get the meeting over with and get on with their lives.

This mindset, unfortunately, is not uncommon. Whether people are unaware of the program or struggle to understand its value, it’s important to recruit them as active participants. So what are we as risk management professionals to do?

Lootok facilitate an exercise
Facilitate a successful exercise! Reel people in!

Read Post

Crisis management expert, Eric Dezenhall, kicks off the BCI Author Series

The BCI is proud to introduce our first author interview with Eric Dezenhall on April 11th, 8:30-10:30 am, at the Harvard Club in New York City.

From Tiger Woods to Michael Jackson, Eric Dezenhall has been on the front line of high-profile crisis communications and public relations. Come hear his perspective on Trump vs Clinton, BP vs Goldman, fake news and much more. Eric is a world-renowned crisis management and public relationship expert with frequent appearances on NPR, CNN, FOX, CNBC, and MSNBC. He has written for the New York Times, the Wall Street Journal, Business Week, the Los Angeles Times, and USA Today; is a regular contributor to the Daily Beast, Huffington Post and CNBC.com. Learn more about Eric.

Seating limited to 50 seats. Register now!

Eric Dezenhall

Read Post

Avoid the “wait-for-impact”​ culture - on your mark, get ready, get ready, get ready…

In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.

Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.

This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.

Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.

get ready,stay alert, take action, Lootok
Get ready, stay alert, take action!

Read Post

Inspiring commitment over compliance: the elusive dream of all risk managers

Why can’t risk management, crisis management, and business continuity be a rewarding experience that people actively desire to be involved with?

Lootok Experience Model

This question led us down a path of evaluating the phenomena of experience. What makes an experience good or bad or great? Why do we love some brands and hate others? Why do we join some groups and not others? Why do we love that cash-only, poor-service, overpriced empanada spot in a run-down building on the Lower East Side, but we would be outraged with the same service and accommodations at another restaurant? Unlocking the answers to these questions begins with understanding your target audience.

  1. Who are they?
  2. What do they care about?
  3. What do they struggle with?
  4. Why should they care about your program?

While the Demand Model® evaluates the engagement level of an audience, the Experience Model™ gives us the tools to increase that demand.

Read Post

Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum in NYC

Join me at the Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum. I will be moderating a panel on ‘The General Counsel’s Role in Business Continuity Management’. To register, contact 1-800-308-1700. Hope to see you there!

Thomson Reuters Conference NYC 2016

One of the sad realities of the “new normal” is the escalating specter of terrorism-related crises in the workplace. Though not exclusively tethered to data privacy concerns or security incidents, a business executive’s ability to manage unforeseen trauma is an essential (and largely unspoken) part of the modern day job description. This interactive workshop offers timely, practical, scenario-based coaching on how to handle the unforeseen at a moment of supreme hardship. Participants will walk away with a clear understanding of core tenets of business continuity management, as well as key techniques for coping with or better understanding terrorism’s ineffable vicissitudes.

Where: The Metropolitan Club
When: November 16, 2016, 1:45pm to 2:45 pm
Topic: Darkness Descends: The General Counsel’s Role in Business Continuity Management

 

Read Post

Lootok presents at the DC Analysts’ Roundtable

Join me at the DC Analysts’ Roundtable on November 14th!  I will be presenting on Business Continuity & Crisis Management.

The DC Analysts’ Roundtable is a collaborative body of practitioners in the fields of intelligence and risk analysis from the private sector and federal, state, and local agencies. The Analysts’ Roundtable promotes the professionalization of the intelligence and risk analysis communities through the sharing of best practices, information, and analytical training. Sign up by contacting DC.Analysts.Roundtable@gmail.com. Look forward to seeing you there!

Location: Lockheed Martin Global Vision Center Auditorium, 2121 Crystal Drive, Crystal City (Arlington), VA
Date: November 14, 2016, 12:30pm - 5:30pm
See full event details here.

DC Analysts Roundtable 2016

 

Read Post

Lootok presented at Continuity Insights 2016

Last week, Lootok presented with Matt Jarm from Mars Inc. about supply chain resiliency at the New York Continuity Insights Conference.

In our session, we covered the critical aspects of rolling out and maintaining a global supply chain operational risk – business continuity program.  Supply chain leaders are naturally gifted at managing risk, as it is part of their daily lives. But, supply chains are naturally dynamic (i.e., disruptive), which makes many of our traditional operational risk – business continuity techniques ineffective. Supply chain leaders need risk management techniques and tools to help them make decisions, solve problems, and communicate in complex environments.

Learning objectives covered:

  • Common pitfalls (i.e. too fast, too big) of risk and resiliency supply chain rollouts.
  • The necessary methodologies, tools, and roadmaps to be successful in today’s complex, nonlinear, supply-chain environments.

Download full presentation

Supply Chain Resilincy Lootok Continuity Insights 2016
Download full presentation

Read Post

Lootok presents at the Enterprise Risk Management Summit

Join me at the Enterprise Risk Management Summit in Las Vegas on November 2, 2016!

I will be speaking with Andrew Miller from ADP about linking reputation management, business continuity and crisis planning to strengthen risk resilience.

Where: Rio All-Suite Hotel & Casino in Las Vegas
When: November 2, 2016, 9:00am
What: Linking reputation management, business continuity and crisis planning to strengthen risk resilience

ERM conference 2016
We look forward to seeing you in Las Vegas!

Read Post

What do dog food and risk management have in common? Lootok’s Demand Model®

“Nothing happens until someone sells something to someone.” Thomas J. Watson (1874–1956), Chairman and CEO, IBM

Would a company sell a product or service that no one wanted? It’s an absurd question with a simple answer: absolutely not. You need demand. People have to want what you’re offering. At Lootok, we apply this same basic principle to risk management, business continuity, and crisis management programs.

Of course, most practitioners—people like you and me—see the value and the importance of their role in such services. But if you go outside this tight circle, demand quickly wanes. Rather than march to a linear project plan or industry standard, let demand drive the pace of progress.

Before you rollout, change, or update a global program, begin by assessing demand. Organizations tend to prefer immediate success and tangible artifacts (e.g., risk assessment or business impact analysis), but if you think of your program as a business, assessing demand would be the first thing you would do.

Out of this concept came Lootok’s Demand Model®, developed and refined over the past decade.

Lootok Demand Model

Read Post

How do you create situation awareness—Fresh perspectives with Mica Endsley

I had the privilege of sitting down with Mica Endsley —author of Designing for Situation Awareness: An Approach to User-Centered Design. Mica is the president of SA Technologies. Previously she was the Chief Scientist for U.S. Air Force.

Mica shares with us lessons learned from her book—Designing for Situation Awareness. I asked her nine (9) questions to solicit her thoughts on situation awareness, technology, and mental models.

Mica Endsley
Mica Endsley

Read Post

How do you use Nudge (behavioral science) in risk management?

Interesting presentation by Harvard Law School Professor Cass R. Sunstein on using behavioral science to change behavior:

From Behavioral Economics to Public Policy

He co-authored the book Nudge.

It is becoming increasingly necessary in risk management and business continuity management to be better, faster, and cheaper. We need to better Return on Investment (ROI), better participation, better end-user experience, faster change, greater reach and adoption, and enhanced techniques and concepts. We need people to do more with less and with higher quality and participation.  To accomplish any of this we need behavioral science.

Cass Sustein
Cass Sustein

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Lootok’s 8Rs™ of Resiliency: easy and effective model to communicate, employ, and remember

When working with the masses [end-users; not experts in risk management, business continuity, crisis management], I find it beneficial to present clear, concise, and concrete packaged solutions. People need guidance and structure to help them think through problems and build effective plans. This is one of the reasons Lootok created the 8Rs™ of Resiliency. The goal the 8Rs is to reduce uncertainty, simplify complexity, structure thinking and dialogue, build common ground, and establish preparatory activities. The 8Rs facilitates planning with a plan as the end deliverable (i.e., plans are the byproduct of planning). The 8Rs are designed to provide people with a set of options they can employ to continue operations under various threats and timelines. The 8Rs™ of Resiliency comprises of the following:

  1. Relocate - physical moving assets (e.g., people, technology, equipment) to another location
  2. Reassign – transferring processes (i.e., work) to another location
  3. Repair / Replace – capabilities in place to fix the problem at time of event
  4. Reinforce – fortify, strengthen, assets to tolerate greater impacts and occurrences
  5. Replicate – simultaneous production (i.e., processes, technology, work) at two locations [duplication]; active-active
  6. Redundancy - extra capacity and inventory
  7. Risk Transfer – shift risk to other entities through insurance, contracts, and risk pooling
  8. Relinquish – do nothing [e.g., too cost prohibitive]; risk acceptance strategy
Lootok's 8Rs™
Lootok’s 8Rs™

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

Lessons learned from Mayo Clinic - risk management is the organization’s immune system

Since starting Lootok, once a year I go to Rochester, Minnesota, my home State, to take my annual executive physical at the Mayo Clinic. It gives me a good reason to get back to Minnesota to visit family and friends, while maximizing my medical checkups. In just two days, more than fifteen doctors evaluate me. Risk management shares many similarities with the medical field, and it’s where you find the best analogies and metaphors. I wanted to share few of the insights I have gleaned over my time at Mayo.

Risk management is analogous to the immune system. It is not a thing or part. It is a system that co-exists within other systems that must properly function with a larger system called the organization | organism. You cannot just fix the immune system, buy it, or expect miraculous resiliency overnight. The immune system must be earned, strengthened and maintained every day. You need healthy habits, positive attitude and healthy living and work environments, proper planning and long-term vision and dedication, so forth. Risk management works the same way. Risk management also has the same challenges as our immune system: we don’t think much about it until something goes wrong.

Immune system
Immune system

Read Post

Disaster Recovery for America interview on the Federal News Radio

I appeared on Federal News Radio and shared my thoughts on new approaches to risk management and how to develop an effective approach to business. You can stream the recording for free here: Interview with Sean Murphy

Look forward to hearing your thoughts and comments!

Sean Murphy on Federal News Radio
Sean on Federal News Radio

Read Post

Shaking Up the Status Quo: Innovations in Risk Management

Chris de Wolf (Mars) and I got back together in April at the RIMS’16 conference for an overwhelmingly well-received session where we talked about transforming the risk function from a program to a business.

“Shaking up the Status Quo - Innovations in Risk Management” gave us the opportunity to tell the story of how we reinvented risk management - business continuity. Long story short: We were looking for a better way.

 

Read Post

Lootok lights up the RIMS’16 Go Beyond conference

Please join us at RIMS’ annual conference in San Diego, April 10-13, 2016.  Lootok’s CEO and President, Sean Murphy, will be speaking at three separate events. The schedule for his sessions is listed below.

You can also get a sneak peak of Sean’s session on “Five Essential Crisis Management Capabilities” live on Twitter through RIMS live tweet chat. Join the conversation by following and using #RIMS16Chat on March 9, 2016 at 2:00pm EST.

RIMS organization logo
RIMS’16 Go Beyond

Read Post

In D.C.? Meet Lootok at the Mid-Atlantic Disaster Recovery Association

In Washington, D.C.? Lootok’s Sean Murphy will be presenting at the Mid-Atlantic Disaster Recovery Association (MADRA) on “Quick, creative ways to energize your business continuity management program” and “Command and Control: A framework for crisis management” on July 8 at 12 noon.  Here are the details.

Read Post

How can I raise business continuity awareness?

Business continuity can be a challenging thing to get people to pay attention to, especially when a disruption feels distant or unlikely. However, it’s critical that your staff knows about your company’s business continuity program and is familiar with its recovery strategies and plans—prior to an incident—in order for your planning to be effective. So how can you raise business continuity awareness at your organization?

Read Post

Celebrate business continuity awareness week with these thematic posters

Looking for free resources for Business Continuity Awareness Week (BCAW)? Check out these thematic posters that illustrate this year’s BCAW theme.

posters
Download awareness posters

 

Read Post

Emergencies happen. Are you ready?

September marks the 10th annual National Preparedness Month – a nationwide, month-long effort sponsored by the Federal Emergency Management Agency (FEMA) to encourage everyone to prepare and plan for emergencies. Across the country, there are a host of free educational events focusing on topics such as CPR training, preparedness outreach, and family safety.

family safety
family safety

 

Read Post

Preparing for Nemo: What to do when a severe winter storm hits

With the winter superstorm Nemo rapidly approaching the Northeast with expected impact in major hubs like Boston and New York City, make sure your people know what to do in the event of a severe winter storm. Here are some last minute tips on what to do when it strikes.

nemo
A different kind of Nemo

 

Read Post

How to create behavioral change for your business continuity program

Major change initiatives like business continuity take time, but many programs are often declared failures and abandoned before they are given a chance to succeed. For this reason, it’s crucial to show immediate signs of success, particularly for programs that are newly initiated or being re-launched. New behaviors also take time to become habitual, so in order for a business continuity management program to be self-sustaining, it must be gradually built and adopted as part of the company culture.

In order to accomplish this, people also need what Fogg calls “triggers.” Triggers can be thought of as a cue, prompt, call to action, or request that leads to a chain of desired behaviors. In other words, as Fogg states, “Triggers tell people to ‘do it now!’”

Read Post

What relationship do employees have with risk management, if any?

As risk managers and business continuity management (BCM) practitioners, we obviously see and understand the importance of the programs we help facilitate. But what about employees who are otherwise outside of the BCM/risk management realm? Realistically, how do these employees view the initiatives we help implement?

We posed the question to a group of BCM and risk management professionals on LinkedIn. Here are a few of their responses.

Read Post

Can risk management ever be a revenue generating activity?

It seems like selling risk management projects internally can be like pulling teeth. So what would it take for people to be willing to pay for risk management initiatives? We posed the question to a group of risk management professionals on LinkedIn in preparation for our upcoming Building a BCM Brand webinar. Here’s some of what they had to say.

Read Post

Have yourself a crisis-free christmas

Ah, Christmas…. a time of yuletide cheer, decorating the tree, opening presents, office holiday parties, and of course, eggnog. All the things that make the holiday season so special… and so dangerous? If you’re feeling overcome with Christmas cheer, leave it to the business continuity professionals to put a damper on those holiday spirits with this list of top holiday risks.

Read Post