Crisis ManagementMay 1, 2013

Don’t Wait Until It’s Too Late to Safeguard Your Attendees and Secure Your Information By
May 1, 2013

Crisis Management

Don’t Wait Until It’s Too Late to Safeguard Your Attendees and Secure Your Information

It’s the worst of all planner nightmares: A crisis suddenly strikes a meeting or event, and meeting planners and their staffs scramble furiously to figure out what to do, whom to call and how and what to communicate to attendees. A delayed and ineffective response may worsen the crisis, affect the safety and security of attendees, and create a public relations nightmare for the planner and corporate client. The underlying problem? The lack of a thorough crisis management plan.

When planners have the opportunity to control the things they can, the best way to accomplish that is to have a bona fide crisis management plan in place before a crisis strikes.

When the Nightmare Is Real

The nightmare turned real in Boston when tragedy struck on Patriots Day, April 15. The bombings at the Boston Marathon were a somber reminder of how vulnerable we are at any given time in any given place. Despite the dreadful events, almost all the meetings and events went on as scheduled. Why? Many of the organizations and the venues such as the Greater Boston Convention & Visitors Bureau and the Hynes Convention Center, among others, had a crisis management plan in place.

Apparently, only some attendees and speakers were thwarted from getting to Boston on time for conferences because transportation was shut down for a few days.

Vice President Of Convention Services and Sales for the Greater Bos­ton Convention & Visitors Bureau Beth Stehley reported that Boston was back in business very quickly: “We are so proud and thankful for the resiliency of the companies that had meetings scheduled and did not cancel or postpone them.”

For example, Watertown, MA-headquartered athenahealth, a provider of electronic health record, practice management and care coordination services, held its annual conference as planned. A spokesperson for the company, Amanda Guisbond, on April 25 related by email: “We’re hosting our annual’s User Conference today and tomorrow at the Hynes Convention Center in Boston, MA, aka Back Bay and the Boston Marathon finish line. The area just opened up yesterday and is definitely ‘back in business.’ We have more than 1,300 users — mostly physicians — at our conference from all over the country.”

In addition, promises of assistance came from all corners of the globe. “Since the tragic events on Marathon Monday, the Boston hospitality community has experienced an outpouring of support from around the world,” says Stehley. “Many cities have reached out to us with both financial and emotional support for the victims and families, and for that we are eternally grateful.

“Over 30 international destinations sent a letter to our mayor pledging support to promote travel to Boston. This complements the offer of various third-party distribution channels to assist in promoting Boston as the place to hold their next meeting or conference,” adds Stehley.

Many planners are vulnerable to such a nightmare because they lack a crisis management plan or have one that is insufficient. Bruce McIndoe, CEO of iJet International, an Annapolis, MD-based provider of risk and crisis management solutions to Fortune 500 corporations, notes that a crisis management plan “has not been top of mind among most meeting and event planners” with whom he’s worked. “During venue selection and events planning, the physical, security and health risks are largely ignored. Most policies we see are around contracts and financials,” he says.

McIndoe adds that crisis management planning is starting to be more widely discussed among planners due to the violent social and political upheavals around the world such as the recent tragedy in Boston. Natural disasters such as Hurricane Sandy have also contributed to more awareness of the need for crisis planning, notes McIndoe. “There were small and large meetings that corporations had to abandon and reschedule. It forced some planners to invoke the force majeure clause. They dealt with stranded attendees. They scrambled because they had no procedures and capabilities to communicate with attendees, so they struggled through it.”

In addition, security experts advise planners to adopt a crisis management plan for these reasons:

  • It avoids wasting time after an incident occurs, which can make the difference between life and death.
  • It can prevent a crisis from escalating.
  • It can help insulate independent planning firms and corporations from lawsuits.

Indeed, decades of case law and legal precedent have established that meeting planners are among the many professionals that have a “duty of care” obligation that should meet reasonable standards, say security experts.

Good Plans Mitigate Bad Incidents

A good crisis management plan can keep a bad incident from getting worse. A detailed and effective plan helped Rocky Mountain Connections (RMC), an Aspen, CO-based DMC, respond rapidly to a potentially catastrophic incident. During a corporate group’s rafting trip, a strong wind gust threw a raft into a tree. “One woman broke her neck, and another severely damaged an ear,” says RMC owner Shawn Thomson-Palmero. “Because we were prepared for this type of situation, we were able to evacuate them very quickly with a vehicle. Because of the communication between us and the river guide company, the injury was taken care of quickly.”

Mike May, president of Irving, TX-based Spear One, a meeting, incentive and event planning company, averted a potential information security crisis because his company has a comprehensive crisis management plan that works. According to May, a computer that May’s staff used to register attendees was stolen at a meeting in a gaming destination. “It was locked and under a desk in our office. It had two levels of encryption, and the information was backed up on a secure server. But we had the financial loss of the computer and lost a business tool we needed. Fortunately, we had four other computers and enough staff. But if we had no information security and fewer computers and staff, it would have been a hardship,” says May.

The loss of computer equipment is among the many areas covered in the Spear One’s crisis management planning. “Any time we start a project with an existing or new client, we do a discovery interview with lots of meeting planner-type questions plus those covering security and information protection,” says May. “We put more focus on avoiding the accidental than the sinister crisis. It’s usually not somebody intentionally trying to do harm, but things like falls, health and theft.”

Overcoming Obstacles

McIndoe sees signs that corporate planners are interested in learning more about crisis management plans. But what about management? One of the common questions that he gets from corporate planners during question-and-answer discussions following his presentations at professional conferences is, “ ‘How do I get management’s attention on this?’ They have problems getting executives to focus on it and fund it. I tell them to tell management that they need to see crisis management from the angle of preventing potential reputational risk to the company,” says McIndoe.

Unfortunately, McIndoe adds, corporate planners typically get the green light on crisis management plans only after something bad happens or a close call. “After 12 years, I can think of maybe a couple of cases where we have been brought in when that wasn’t the case,” McIndoe says. “Virtually 100 percent of the time, we are called in only after a near-miss or an actual incident happened,” says McIndoe.

For example, McIndoe remembers an incident at a corporate meeting for 75 attendees in a city in Central America: “Two guys wandered off the property and ended up getting badly beaten up and their money stolen,” says McIndoe. “The two men complained that they were never warned about the potential danger and wouldn’t have ventured into the area had they known. We were called in after the fact because there was no process or procedure to communicate to attendees about safety and security.”

Another key roadblock to crisis management planning stems from the misperception that preparing a plan is difficult, time-consuming and very costly. It does take time, says Christopher Burgess, president of Prevendra LLC, a security consultancy based in Woodinville, WA. However, he adds, a finished plan is a template that can be adapted to all meetings large and small. “Once you go to the trouble of thinking through how you will react to given situations and have a plan, you can replicate it. Also, a plan serves as a marketing differentiator to separate you from competitors who don’t have one,” says Burgess.

Start With Brainstorming

One of the first and most important steps in creating a crisis management plan is brainstorming about everything that could go wrong before, during and after a meeting. Steven B. Fink, president and CEO of Lexicon Communications Corp., a Pasadena CA-based crisis management and crisis communications firm with several financial firms as clients, offers the following advice: “You must do worst-case planning in order to come up with the nuts and bolts of the plan. Try to come up with every potential crisis that can happen to a meeting, starting with people flying in.”

That’s exactly what McIndoe does as part of crisis management measures for Minneapolis-based Carlson Wagonlit Travel. McIndoe’s firm monitors the number of meeting and incentive attendees who are on the same flight leg to a destination. “Let’s say they bring the top 100 performers into a venue. In that last flight leg there might be 20 attendees on the same flight. The risk exposure of that flight is huge. What if the flight crashes? The likelihood of that happening is pretty low, but it has happened. Why take the risk of not being prepared when you can do a little bit of planning and be ready,” says McIndoe.

Monitoring the flights of meeting participants is one of many “just-in-case” actions that planners take to guard against physical threats. Protecting personal and business information, especially online data, is also a crucial part of the job.

The Other Side of the Coin

Protecting attendee and planner personal and business information is a crucial part of crisis management. Planners who work for corporations generally have company procedures and the technology to protect online information, while many independents have less sophisticated protection, says May. However, he adds, all planners must control access to information.

Part of controlling access involves defining the informational rights and roles of staff and others associated with meetings and allowing them appropriate levels of access. “Corporations are pretty good about defining rights and roles to information, but planners with higher level privileges need to be careful to guard them,” says May. “They shouldn’t let junior staffers and others log in under their passwords and pull a report because they are busy.”

Rocky Mountain Connections practices tight electronic security for personal information such as credit card data collected from attendees. “Our accounting department deletes all personal information,” says Thomson-Palermo. “We also have an information technology company that once a week destroys personal information on our servers in all offices. We also shred papers in our offices weekly. It’s funny but planners rarely ask about our company’s information security measures.” More advice from experts to protect attendee and planner information includes these pointers:

Have two layers of encryption for online data. “Most meeting planners are accustomed to doing registration site and (obtaining) social security or passport (information) and credit card numbers,” says May. “We all know the data needs to be stored on a secure site. But we must also encrypt the transit of the information. That is not something most meeting planners know how to do. It takes an information technology person.”

Don’t store sensitive information on spreadsheets. That’s particularly important for financial companies, says McIndoe. “I am totally flabbergasted by how many times I see people download an unencrypted Excel meeting registration spreadsheet with social security numbers and credit card numbers on it and have it just sitting open on somebody’s laptop,” he says.

Have a procedure for handling data in a worst-case scenario. “Say a hurricane hits,” says Burgess. “If servers are in an encrypted format, then turn them off. If the data is not encrypted and at risk of compromise, then you should have a protocol that destroys the data on the server as part of shutdown; the same kind of shutdown you would do if shipping a server.”

Guard against “desk stalkers.” May constantly reminds his meeting staff to “keep antennas up” for desk stalkers who hover around registration areas distracting workers so they can steal a document or laptop, or peek at information on a computer screen. Such thieves may work in teams and distract registration staff with tactics such as asking questions and outright flirting, says May.

Watch out for meeting “tailgaters.” If somebody tailgates into a meeting with stolen or falsified identification or by other means, then conversational confidentiality is lost, cautions Burgess. “There is a general human acceptance that, in the enclosed environment of a company event where people wear event badges, sharing can occur. Think about what an interloper would learn by standing near a group of executives and just listening,” he adds.

Basic Recipe for a Crisis Plan

Good crisis management starts with creating a plan, and, according to McIndoe, it should cover the following 10 areas:

Policies and procedures. Have policies in place and procedures to follow them. “Most meeting organizations we work with have very limited policies and procedures,” says McIndoe. The main problem with crisis management plans is the lack of them, he says.

Train meeting staff. Lack of training tends to be the weakest link in virtually all crisis management plans, says McIndoe. Staff must know how to implement the plan within each meeting venue.

Data management and collection. Planners must ask two key questions: What data is collected, and how will it be managed and protected?

Risk assessment. This step involves analyzing and researching the destination and venue. “We examine the general safety of the building and its security and evacuation measures. We look at local risks in the destination like the availability and time of medical response, and a hotel’s food and water handling,” says McIndoe.

Communication and notification. “What if there is a shooter on the premises? How do you communicate with staff?” asks McIndoe. Have at least three ways to communicate with staff during emergencies — two-way radio, cell phones and the public address system as backup.

Risk disclosure. Prior to the meeting, notify corporate groups about potential risks and mitigation plans. For example, serving alcohol at an open bar presents risks that include access control, age validation and drinking too much.

Risk mitigation. Plan actions ahead of time to minimize potential threats. “Say a medical facility is an hour’s drive away. You could mitigate the risk by providing onsite emergency care,” McIndoe suggests.

Risk monitoring. Stay updated on any situation that could impact the meeting. Examples are potential social unrest and weather forecasts that may impact a destination.

Risk response. This step involves actions taken immediately after a crisis or threat. Responses must be as detailed as possible.

Risk incident management. This step combines, risk assessment, risk disclosure, risk mitigation, risk monitoring and risk response into a cohesive strategy for handling risks.

Work With Your DMC and CVB Partners

Security experts advise that, in addition to having their own crisis management plan, planners should work with CVBs, DMCs and vendors that have specific plans in place. Some CVBs and DMCs consider knowledge of local security measures to be part of their expertise on a destination. “It is imperative that we be experts at getting assistance when it needs to happen,” says Thomson-Palermo. “We must know how to make our plan apply to whatever crisis happens. People hire us for our knowledge of the destination and that knowledge includes how to protect the health and well-being of guests to the area.”

To that end, each of RMC’s seven offices throughout Colorado — some based in resorts and others with their own separate locations — has a crisis management plan tailored to its branch. “The plans provide for a range of things, including medical and transportation emergencies, safety emergencies, earthquakes, hurricanes, viral threats — every type of crisis that you can imagine,” says Thomson-Palmero.

You Never Know

Planners who lack crisis management and information security plans and don’t address the issue may never face a serious problem. On the other hand, a crisis could strike at the very next meeting, ruin it, and, at the very least, damage a planner’s reputation for preparedness. That’s why security experts urge all professional meeting planners to include crisis management as an integral part of planning every meeting or event from the very beginning. I&FMM

Back To Top