Risk ManagementMay 1, 2014

Assure Personal Safety and Data Security With a Solid Crisis Management Plan By
May 1, 2014

Risk Management

Assure Personal Safety and Data Security With a Solid Crisis Management Plan

IFMM-2014-00506MayJun-CrisisManagement-860x418As the Italian philosopher Machiavelli once said, “Never was anything great achieved without danger.” While he may have been referring to Renaissance politics, the same could be said for planning a meeting. That danger can come in many forms that not only can affect the safety and security of your attendees, but it also can put your company’s private data and proprietary information at risk. The best way to minimize that risk is to develop an effective crisis management plan and then, even more important, make sure that it’s implemented.

Brian Avery, president of Event Safety & Security Services LLC in Mait­land, Florida, has been in the business for 25 years, both as an event safety and security consultant and as an expert witness in injury cases. He finds that many companies don’t have a risk management plan in place. “But,” he says, “accidents can and do happen. The more frequently that you’re exposed to something, the higher the probability is that you’re going to have an incident occur as a result of that exposure.

“It’s just luck of the draw, so to speak,” he continues. “If you have a hazard and you don’t identify it and you don’t deal with it, it’s just a matter of time before someone is going to be exposed and injured by it. Whether it’s severe or not, that’s the unknown. If you’ve got a young person that trips over a cord that’s in the middle of the aisle at a meeting or an event, the odds are they’re going to be embarrassed, shake it off and walk away. If you’ve got that same situation with an 80-year-old in a walker, they could fracture a hip and wind up hospitalized and near death.”

Quiz the Venue

One strategy he recommends is for planners to have a discussion with the management of the hotel or venue where their meeting or event will be held. “Ask them what safety policies and procedures they have and to share them with you. Ask the management, especially when you’re in a foreign country, ‘What’s your emergency exit procedure? What do you do in the event of a fire here? What is your 911 system? Is it the same as ours? How do you contact it?’ At some of these larger properties, when you think you should be calling 911, you’re actually doing a disservice because the property is so big that when the fire department arrives, they don’t know where you’re at. You need to follow a procedure about how you call security at your property so they can pinpoint your location and bring fire and EMS to you in a timely manner, especially in these large convention centers and large hotels.”

Avery also recommends that planners check for potential safety hazards during their site inspection and bring any concerns to the attention of management to be addressed before agreeing to hold the event there. An Event Site Planning Checklist created by the International Special Events Society (www.ises.com) headquartered in Chicago includes items to evaluate such as entrances and exits, fencing and barriers, emergency evacuation exit routes, emergency vehicle access, disability entry and exit routes, locations of the main power, water and gas controls; trip hazards and the accessibility of first aid facilities. The list also includes verifying legal certification for tenting and other temporary structures, the availability of an indoor-outdoor public address system, fire extinguishers and secure storage for hazardous and dangerous materials.

The Big Slip-Up

Avery says that slip, trip and fall incidents account for nearly 70 percent of safety issues that occur at events. “You need to be observant. Make sure you don’t have any trip hazards. Make sure you’re picking up after yourself.” He advised that move-in and move-out times for an event can be especially hazardous. “Regardless of whether the show is open or not, everything always needs to be kept tidy, because there’s that one instance when someone is walking through and they trip, and the next thing you know you’ve got a claim on your hands.

“I know that we take notice in the industry of these very large catastrophic accidents that we have, like the Indiana State Fair (stage collapse) or when a major fire breaks out at a hotel and kills people. But it’s the minor stuff that we’re not paying attention to that’s actually costing us a small fortune, in my opinion,” he adds, citing spills at food and beverage stations or improperly installed rigging as other examples. “Even something as simple as a power cord can cause a problem. “(People say) ‘Well, I taped it down,’ but anything over a ¼-inch elevation change in a walkway is a trip hazard.”

Vendor Insurance

Avery says that another area where companies put themselves at risk is when they fail to verify that the third-party vendors they’re hiring have sufficient insurance. “When the big fish is putting on the event, and they hook in 30 outside vendors and they’re not checking everybody for insurance, maybe one of the 30 causes an incident on your floor, and they don’t have a policy. Who is going to take the blame for it? The company that has the event. This is where people are getting burned hard. This is where I see high-dollar judgments coming in.”

Protect the Execs

Stephen Barth, professor of hospitality law at the University of Houston and founder of HospitalityLawyer.com, says that another area planners need to focus on is executive protection.

“(It’s about) getting people to the meeting, not all on one plane, not all in one car, not all on one bus, because you constantly have to think about business continuity. Let’s say the entire executive team is going to share a town car or they’re going to share a limousine, which a lot of people like to do. That’s one of the poorest choices you can make when you’ve got your entire intellectual property and the business continuity team in one place. So getting them there and back (separately) is something that I see overlooked a lot. It really risks the business continuity.”

Information Security

Barth continues, “The other thing that I see more and more today is how do you keep the content of your meetings private? When you think about risk management, you can’t just think about people, you’ve got to think about your data and your intellectual property, your IT.”

When you think about risk management, you can’t just think about people, you’ve got to think about your data and your intellectual property, your IT.” — Steven Barth

Caleb Merriman, chief information security officer for BlueCross BlueShield of Tennessee in Chattanoo­ga, agrees, “We are often lulled into a false sense of security at conferences and meetings. Since they are often offsite, they frequently lack the security controls that we enjoy when working from the office. The best way to protect sensitive data is to avoid bringing it to company meetings and events unless it is absolutely necessary. If you must bring sensitive information, do it on company-owned encrypted assets.”

“Typically, hotels are places of public accommodation, so anybody can walk in,” Barth cautions. “Your competitors are going to know when your meetings are, so you really have to take pretty significant steps to ensure that the only people that get into the meeting are the people that are supposed to be there. I see that very loosely done in meetings. Somebody has to control the badges. Somebody has to control entrance into the meeting rooms themselves.”

He adds that it’s also important to verify the security of data connections because financials and other sensitive data may be presented in PowerPoint presentations. “Is the Wi-Fi secure? When you tap into that hotel’s Wi-Fi, is it possible to hack into it? And then the other thing that you want to make sure of is that you have restrictions on video and audio recording in the room itself.” Barth advises that these restrictions also should apply to employees. “If you get an employee that knows they’re going to be leaving, sometimes they might want to walk off with the information from the meeting.”

PwC’s Info Security Survey

The accounting and consulting firm PricewaterhouseCoopers (PwC) recently released its key findings from “The Global State of Information Secu­rity Survey 2014.” The report is titled “Defending Yesterday,” a reference to the fact that most organizations are focused on defending against security threats identified in the past, even as “their adversaries look to exploit the vulnerabilities of tomorrow.”

The study, which PwC conducted with CIO and CSO magazines, received more than 9,600 responses from executives around the world who answered more than 40 questions related to privacy and information security safeguards. The report found that security incidents have increased, as has the cost of these security breaches. In addition, the report states that “smartphones, tablets and the ‘bring your own device’ trend have elevated security risks. Yet efforts to implement mobile security programs do not show significant gains over last year, and continue to trail the proliferating use of mobile devices.” The survey found that in the U.S., 17 percent of the companies surveyed do not allow non-corporate-supplied devices to be used in the workplace or to have network access.

Looked Good on Paper…

But the threats aren’t only electronic. “Avoid printed materials since they can be left behind and picked up by outsiders,” Merriman recommends. “Avoid whiteboards and butcher paper, since information can be left behind or seen by others. Be cautious about projecting sensitive information when it can be viewed by others outside of the meeting room. Also,” he adds, “prohibit hotel staff or other service personnel from entering the room if sensitive information will be discussed. Ensure that everyone in the meeting room has a need to know. And remember that the elevators and restrooms are filled with people who don’t need to know your company’s’ sensitive information.”

This caution extends to the competition, says Barth: “The other piece of the pie on a risk standpoint is trying to build into your agreement a restriction on who else can host a meeting at the same time you’re having a meeting.” He says that this will help eliminate the risk of having your competitors within close proximity while your event is going on.

Venue Security

Barth also stresses the need to monitor the physical security of the meeting at the venue. “You always want to have in the contract who’s going to provide security, and what the level of security provided by the conference center, the meeting venue or the convention center will be. My experience with convention centers is they have very little security, and so if you want security, you have to install it. You’ve got to pay for it. I would ask these questions: ‘Is there a closed circuit television system on the property? Is it monitored, and, if so, how often?’ When I say monitored, I mean watched every minute. Also, does it offer total coverage of the property? You just need to know that you have another set of eyes. You want to always talk about the entrances and exits. How are those monitored? Are they locked? When are they opened? How do you restrict access? (You need to consider) things like that.”

Learning From Others’ Experiences

Avery says that during the planning process, it can also help to reach out to individuals who have held similar events to get their perspective about any problems they incurred during their event and to learn about any concerns they may have had post event. Learning from the challenges others have faced can help planners avoid having the same problems.

Planning Pays Off

To paraphrase Mr. Machiavelli, great things can be accomplished in spite of the dangers that exist, and that includes meetings. It just takes building an awareness of the risks involved, and then creating and implementing an effective plan to mitigate them. I&FMM

Back To Top