Social Media: Coordinate your message

1. A text message is not exempt from the normal rules for crisis communications: don't just tell me what - tell me why, how it will affect me, and what I should do about it.
2. If you're going to use social media, monitor it and respond to queries. It's a conversation, not a newswire.
3. Your message should include links to more detailed information. You can't say it all in 144 characters and multiple messages don't cut it.
4. If you have more than one social media outlet, coordinate the release of information across all platforms.
5. Either provide updates or provide options for updates as the situation changes.

Public Relations Faux Pas: Yet another TSA lesson in crisis communications

By now you have probably heard about the Nigerian man who succeeded in boarding a Virgin America flight from New York to Los Angeles using an expired boarding pass in another person's name. According to news reports, the man was briefly detained by the FBI on landing and released. He was arrested several days later trying to board a Delta flight to Atlanta using the same method.

One could blog for several days on all the things that went wrong but I'm always more interested in how organizations respond to mistakes than in the mistake itself. In this case, TSA freely admits that "…TSA did not properly authenticate the passenger’s documentation." They further promise, "…disciplinary action is being considered for the security officers involved and all appropriate actions will be taken." 

Accepting responsibility for your mistake and promising corrective action is always a good crisis communication move. However, TSA then proceeds to blow it by trying to minimize the problem by saying, "…it’s important to note that this individual received the same thorough physical screening as other passengers, including being screened by advanced imaging technology…" In other words, "we screwed up but it didn't really matter."

One can certainly make the case that a layered security approach is designed to compensate for mistakes in any one part of the system. There is no doubt that the individual was identified by the flight crew and reported to the FBI. But this occured after he had boarded the aircraft in response to passenger complaints about his body odor.

TSA has a fairly well publicized record of failing its own tests and for letting knives, pistols and box cutters slip through the "thorough physical screening" provided by its officers. (They have, however, confiscated my empty 4 ounce aftershave bottle and numerous one inch Swiss Army knives I forgot to leave at home.) To say that this man posed no threat simply because he went through the same screening process as other passsengers is a bit disingenuous.

The lesson here? Acknowledge mistakes and promise corrective action by all means. But don't try to defend yourself in a crisis by underestimating people's intelligence and relying on a reputation that is disputed by your past actions.

RFP: Why It’s a Bad Idea

It's been a busy few weeks around here, as you may have guessed. Like many consultants I was doing the paper chase – submitting proposals for potential projects. I swore last year that I wouldn't do it again – the chance of winning versus the level of effort required just isn't worth it. But there I was doing it again at the request of a good friend. We came close – had an awesome team assembled and a reasonable 100 page proposal done in less than a week. Even made it to the orals. Then the client decided to pull the RFP.

As I was reminding myself of why I don't do RFPs I came across an article by Michael McLaughlin on Rain Today entitled Why You Should Ignore that RFP. McLaughlin points out that the process is flawed because most RFPs require that you accept that the client's diagnosis of their problem is correct. Without significant one-on-one contact, you really have no way of knowing if this true. The result is that "…the client receives a stack of mediocre proposals to solve an unconfirmed problem."

This has been my experience as well and was part of the reason our potential client was not happy with the proposals submitted by the finalists. In my proposals I always try to develop a statement of the problem and this is sometimes extremely difficult to do. What's more interesting is that a lot of the time the client can't articulate their problem or tell me how solving it would benefit their organization.

So may I suggest that those of you who are still seeking services through the RFP process consider other alternatives? At least read my article Stop Throwing Your Money Away: Eight Tips for Improving Your RFP. Meanwhile, I'm taping McLaughlin's article someplace where I can re-read it next time I'm tempted to respond to an RFP.

National Academy Reports/Books Available as Free Download

Just received this from my colleague, Claire Rubin, who writes the Recovery Diva blog:

As of June 2, 2011, all PDF versions of books published by the National Academies Press (NAP) will be downloadable free of charge to anyone. This includes the current catalog of more than 4,000 books plus future reports published by NAP.

This is a really fantastic deal for those of you who are interested in hard research on a variety of issues. Of particular interest to my readers will be the section on natural hazards in the Earth Sciences category and the category on Conflict and Security and Security issues.

And while you're at it, check out Claire's blog. It's always worth reading!

Risk Management for Small Businesses

Just wanted to share a link to a recent article I wrote for Xvand Technology on risk management for small businesses. It's part of a series on Small Business Disaster Recovery that might be of interest to you.

Risk Management for Small Businesses

Crisis Communications: Why don’t they listen to me?

I was reading an article on the recent tornado in Missouri and was struck by the comment of one of the victims. He talked of how they had heard the warning sirens and had gone outside to look but saw nothing so they took no action. When the sirens sounded a second time, it was too late for him to seek shelter.

Unfortunately, this is not uncommon. I've blogged elsewhere about the hesitation of local officials to sound warnings but it's worth noting that even when they do so in a timely manner, the public doesn't always react. We've got a considerable amount of research showing that people no longer trust official warnings. Instead, they seek verification from other sources, usually within their circle of family and friends.

The lesson for crisis communicators is obvious. We can't assume that because our message has been released through the media that people will act on it. Instead, we need to make sure we are using multiple sources, especially those used by people to communicate with each other. We need to be part of the conversation.

Cloud computing and business continuity

Data is a fragile thing and poses a major Achilles heel to any business. Consequently, we're always looking for ways to better safeguard data. One idea that's been gaining considerable traction lately is cloud computing – the placing of processes and data onto the Internet. This means that a disaster at your site won't affect your IT operation and you can quickly resume business if you can gain Internet access.

However, as with any new technology, we still don't fully understand the risks of cloud computing and may well be exchanging one set of problems for another. This morning Amazon's Elastic Cloud Compute (EC2) service failed, bringing down a whole lot of businesses and services that use EC2. Apparently, EC2 is run out of a single data center in Virginia.

The lesson here is that you need to know whether your backup plan has its own backup. Have you just created a situation where you now have to worry about disasters in two locations? You should demand at least the same level of backup at the vendor site that you would have put in place at your site. After all, trying to mitigate disaster by adding a single point of failure to your backup plan doesn't really make sense, does it?

911 Dispatch Failure Provides Lessons in Continuity

Ever wonder what we're protecting with all our computer passwords? Now don't get me wrong – I'm all for reasonable protections. But sometimes we just don't think things through.

Case in point – this morning's San Francisco Chronicle contained a short article about a failure of the Department of Emergency Service's computer system during a fire on New Year's Eve. The failure came to light almost by accident during a routine hearing before the city's Disaster Council. Failure of the system was, of course, something for which the Department is expected to be prepared. However, the Department was unable to switch to its backup system because the password was not available and they could not locate the only person who knew it. The Department operated for two hours on a manual system before the primary system could be restored.

When queried about the problem, the Department spokesman gave the impression that this was no big deal, implying that system might not be all that necessary. NOT what your elected officials want to hear after a screw up.

There are a number of lessons to be gleaned from this faux pas:

• In planning for crisis, we need to assume key people will be absent and have a mechanism for delegating authorities and providing passwords and keys.
• Having more than one backup plan is a really good idea.
• If you've screwed up, you better take it seriously and fix the problem before it comes out in public. You've got to be able to say, "Yes, that happened. Here's what we've done about it."

Tsunami Fallout: Lost Wealth

Here's one of those "gee, I never thought of that" problems that surface after a disaster. It seems that the Japanese police are having to deal with hundred of metal safes found in the debris after the recent tsunami. Apparently many Japanese keep cash in their home or business. Add to this money found in envelopes, hidden in  furniture, unmarked bags, etc. and it poses an interesting problem in recovery. How do you identify the owners and substantiate claims?

Might be an interesting topic for a tabletop exercise.

Social Media and the Japanese Earthquake

The use of social media in disasters is a hot topic for emergency managers these days. I suspect that at the heart of this debate lies the fact that, while we see the potential, we really don't understand it. Judging from the websites I've seen, we certainly haven't grasped the concept that social media is first and foremost a dialog and not just another method for the release of information.

However, we can't ignore the fact that the recent earthquakes and tsunami in Japan showed how social media is changing the dynamic of how we deal with disasters. Within an hour of the main earthquake, tweets from Tokyo exceeded 1200 per minute. Videos of the tsunami were posted on YouTube as they were occurring and there are over 63,000 videos listed on YouTube under the keywords "Japan tsunami". The mayor of a small community made a worldwide appeal for assistance on YouTube and got it.

More importantly, we're starting to see the emergence of mechanisms for consolidating and making sense out of all this data. Esri, Inc. created a social media map that would certainly be useful in any emergency operations center.

There's no question that social media is of benefit in disaster operations. The real question is how do we filter the data and display it in a way that will enhance those operations. And that's still very much a work in progress.