Lootok

Menu

What's new?

How to bring business continuity back to the basics

As business continuity practitioners, it would serve us well to take a cue from writer Antoine de Saint-Exupéry, who stated, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”

Many risk and resiliency initiatives are more robust and complicated than they need to be. Common signs of an over-engineered program may include: lengthy plans packed with procedures and protocol, a BIA that takes months to complete, lengthy internal audits fixated on industry standards, and just a handful of people who actually know what to do in an incident.

Blessed with “the curse of knowledge,” we as practitioners can easily lose sight of how business continuity is perceived by our stakeholders. We fall prey to assuming that others understand the value of participating in program activities, much less have the expertise to decipher industry jargon (how many times in your career have you had to explain “RTO” and “MTPD”?).

Even Wikipedia’s description of “business continuity planning” is prefaced with the warning: “This article may contain an excessive amount of intricate detail that may only interest a specific audience.”

Put yourself in the shoes of a stakeholder who rarely thinks of contingency planning or has yet to experience an incident, and it’s even more critical that you keep your program simple.

What would happen if we were to boil down business continuity to just the basics? What if we began describing concepts in layman’s terms, and it helped to ease understanding and facilitate program adoption?

Lootok back to basics grey

Read Post

Facilitating an exercise? Find out how to reel people in!

Last month, I showed up at a client’s manufacturing site to facilitate an annual tabletop exercise. The company had recently kicked off its crisis management and business continuity initiative, so I wasn’t surprised to walk in and hear several people ask what this meeting was about, and how long it was going to last.

It is commonplace within organizations to have initiative atrophy or program of the month syndrome. People are doing more with less. Everyone is highly skilled at prioritizing work and recognizing false positive initiatives. Crisis management and business continuity can quickly get categorized as a ‘not now’ or ‘postpone as long as possible’ project in this environment. Therefore, it is important for risk and security professionals to allow our stakeholders bring themselves into the program. We need them to want the program and value the work we need them to do.

In my experience, there are usually three different types of people sitting in the room.

First, you have your evangelists, or your program advocates—they’re often the ones leading the initiative or they’ve already experienced some kind of catastrophic event. On the other end of the spectrum are those who have already decided risk management is irrelevant, so they’re checked out and sighing loudly.

But almost everyone in between is a good corporate citizen who has showed up with a printed copy of their plan because they were told to. Other than the occasional email, they’re not used to thinking about risk. You can’t blame them for wanting to just get the meeting over with and get on with their lives.

This mindset, unfortunately, is not uncommon. Whether people are unaware of the program or struggle to understand its value, it’s important to recruit them as active participants. So what are we as risk management professionals to do?

Lootok facilitate an exercise
Facilitate a successful exercise! Reel people in!

Read Post

Crisis management expert, Eric Dezenhall, kicks off the BCI Author Series

The BCI is proud to introduce our first author interview with Eric Dezenhall on April 11th, 8:30-10:30 am, at the Harvard Club in New York City.

From Tiger Woods to Michael Jackson, Eric Dezenhall has been on the front line of high-profile crisis communications and public relations. Come hear his perspective on Trump vs Clinton, BP vs Goldman, fake news and much more. Eric is a world-renowned crisis management and public relationship expert with frequent appearances on NPR, CNN, FOX, CNBC, and MSNBC. He has written for the New York Times, the Wall Street Journal, Business Week, the Los Angeles Times, and USA Today; is a regular contributor to the Daily Beast, Huffington Post and CNBC.com. Learn more about Eric.

Seating limited to 50 seats. Register now!

Eric Dezenhall

Read Post

Risky business: Who cares about risk?

Risky business: Who cares about risk?

Welcome back to my series on risk and risk assessments. In my first post I discussed why it is hard to objectively assess risk, and I suggested ways to look at risk more objectively. If you missed it, check out post 1.

This post explores why we need to think about risk in the first place.

Risk is inherent to doing business, and there are only two strategies that organizations can employ when facing risk:

  1. You can accept your risk
  2. You can reduce or eliminate your risk

Read Post

Risky business: What is risk?

Risky business: What is risk?

Risk lurks in all facets of daily life. Luckily, many risks are small: like crossing against the light when there are no cars or trying the new, Ethiopian restaurant down the block. Other risks are high: like quitting your job and doubling down on a new start up. Through our experience working with global organizations, we’ve seen it all. 

In spite of the ubiquity of risks, we rarely analyze them objectively. We are all imperfect, and we rely on past experiences and our emotions to understand the world around us and guide our decision-making. On the one hand, it makes sense that we are wired this way— if we didn’t rely on experience and emotion, we’d have to consciously evaluate every single situation anew, and we’d become paralyzed. On the other hand, there is a downside to the efficiency of this wiring: it makes us awful at objectively estimating risk. For example, bad experiences cloud our ability to accurately measure the impact of risks, as well as their relevance. Other factors, such as media attention, immediacy, control, and choice (Psychologist Paul Slovic) work to further compound that lack of objectivity.

Read Post

Why we picked ClearView as our BCM software of choice

During the past 10 years Lootok has been in business, we’ve stayed vendor agnostic while implementing many different crisis management and business continuity tools for clients. Humbled by our own trials and tribulations with software, we had yet to meet a vendor we felt excited about.

That changed last fall when we decided to partner with Clearview, our technological counterpart we’ve come to know and trust. We’re proud to say we believe ClearView to be the best software solution in the market. Read why.

Lootok is Clearview’s Americas service provider.
Email us at cvamericas@lootok.com or ring us at +1.646.961.3684 to get your demo.

Lootok and Clearview

Read Post

Avoid the “wait-for-impact”​ culture - on your mark, get ready, get ready, get ready…

In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.

Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.

This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.

Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.

get ready,stay alert, take action, Lootok
Get ready, stay alert, take action!

Read Post