Time is a fickle thing. It can be your friend. And it can also be your worst enemy; such as in a crisis where response time is often the critical factor making the difference between mitigating the situation or allowing it to have a long-term adverse impact on the organization. Decision-making in these moments needs to be swift and authoritative.
Companies that respond effectively always have a well-thought-out and tested security plan in place long before a crisis hits. They also have decision-making protocols for when the moment arrives thus avoid wasting valuable time trying to figure out what decisions to make and who should be making them.
The problem faced by many organizations without an in-house security team is that the responsibility for emergency preparedness is not clearly assigned. It is the classic case of “it’s not my job.” If everyone on the executive team thinks this, then no one owns security decisions and preparing for the unexpected. And that can be disastrous.
A good first step is understanding where your company stands. At your next executive meeting, ask each other these questions:
Who in the company owns the process for ensuring we are prepared for a security incident?
Are we ready to handle a range of emergencies, that while they may seem unlikely, will have deep impact on our people and our business?
If these questions are met with silence, then the company is likely unprepared and should assign an individual to oversee the development of a security plan. Once developed, these plans need testing through tabletop exercises and introduced to employees through broader workforce security training.
Click here to learn more about how to go about building this plan.