Your workplace preparedness playbook
Workplace threats are numerous and most happen unexpectedly. While it may seem obvious that workplace preparedness is important, there are a lot of less clear benefits that come out of a comprehensive preparedness strategy. And as the type of threats that workplaces face evolves, preparedness programs need to grow alongside it.
Security teams aren’t the only ones concerned with workplace safety. A study published during the pandemic revealed that most workers (73%) worried about going back into the workplace. More than half of those surveyed said they would consider leaving their job if their employer didn’t prioritize their safety.
While the workplace has again become a place where employees gather to connect and collaborate in person, companies still need to be vigilant about keeping their space safe. Beyond a pandemic, there are many other workplace threats they need to be ready to prevent, detect, and respond to. It’s not only critical to providing employee safety and peace of mind; it’s crucial to company continuity. Use this guide as a playbook to understand the types of critical events that threaten the workplace and how to prepare for them.
About the author
Everbridge is a global software company that provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to Keep People Safe and Businesses Running™. Over 5,300 global customers rely on the company’s Critical Event Management Platform to quickly and reliably aggregate and assess threat data, locate people at risk and responders able to assist, automate the execution of pre-defined communications processes through the secure delivery to over 100 different communication devices, and track progress on executing response plans.
Health crises and cyberattacks are just a few of the security incidents businesses must prepare for.
The types of workplace threats
Workplace security threats are inevitable. One survey revealed that 100% of companies said they suffered at least one critical event in the past 24 months. In fact, companies often dealt with multiple critical events in that timeframe (more than four, on average). The events varied from natural disasters (33%) to supply chain disruption (22%).
Secure workplaces protect all their stakeholders from serious physical and financial harm. This includes employees, customers, partners, assets, and investors. If they don’t, the ripple effects of even one critical event can result in organizational damage. This includes hindering a company’s operational activity and putting personnel at risk. To prepare for a critical workplace threat, companies first need to identify the different security risks they face.
Prevention and mitigation planning are both important to effectively minimize disruptions from workplace threats. Organizations need to be able to identify emerging problems before they become full-blown threats. Doing so also helps minimize damage caused by a workplace threat, should one happen, and prepares your company to support employees.
The benefits of workplace preparedness
Workplace threats are numerous and can happen unexpectedly. While it may seem obvious that workplace preparedness is important, there are a lot of less clear benefits that come out of a comprehensive preparedness strategy.
Here are four benefits of having a preparedness strategy for any workplace threat or incident:
Mitigate risk and liability
It’s near impossible to prevent an incident from occurring. Instead, it’s important to focus on what to do once a situation arises. The faster you can respond with the right plan of action, the more you can mitigate risk and exposure. By putting the systems and tools you need in place in advance, you can more efficiently respond if there is a crisis.
There are solutions that are less risky than others to put in place. You can update software on a regular basis to thwart off cyberattacks, for example. Plus, if your systems talk to each other, you can automate various parts of your preparedness plan to speed up the necessary response steps. If you automate the communications that go out to everyone in your office the moment an incident occurs, you can reduce chaos and ensure people know what to do.
Having a documented plan and activity logs can also help reduce the cumbersome legal and compliance processes that follow. With a process in place to record and track what happens during an incident, you can limit the amount of time your team needs to spend on the follow-up procedures. This ensures that you can continue working on the projects that matter most and prevent further incidents. Every minute you save could be the difference between a well-handled situation and a true disaster.
You can update software on a regular basis to thwart off cyberattacks.
Increase employee productivity and retention
Ensuring that employees are safe while at work is critical to their job productivity and happiness. Safety comes in many forms, from ensuring only approved, healthy people can enter the workplace, to providing easy access to safety protocols and keeping personal identifiable information secure.
In a survey of employees, 55% of respondents said they would consider leaving their jobs if their employer were to have downplayed COVID-19, didn’t follow safety measures, or urged employees to work from the office before they were ready. When you communicate your preparedness plan to employees, you create an office environment that employees will choose to come into. Employees feel confident that you are prioritizing their health and safety. In doing so, they are able to be more productive while onsite. Plus, in a tight job market where companies are competing for talent, organizations that can point to employee protection will stand apart.
Positive brand recognition and reputation
No one wants their company to be in the news headlines regarding a security incident, but it happens more often than we think. Not only does a preparedness plan help to keep companies out of the spotlight, it can help to improve brand reputation. A survey of critical event management and operations personnel found that
3 out of 4 critical management and operations personnel think a unified approach to critical event management improves their brand reputation.
Having a plan also proves an organization’s resilience and further shines a light on your brand. Resilient organizations work across business units, combining internal resources, technology, and services to detect, manage and minimize the impact of emergency situations. This operational efficiency ensures that your brand maintains its positive reputation.
Impact to company revenue
A workplace incident can cause a large financial burden in many ways. It can not only have short term impacts of ransom or loss of intellectual property, but long term implications such as less trust in the organization or having to implement new technology to replace legacy gear. With a workplace preparedness plan, you can help lessen the impact to company revenue by keeping your supply chain stable, competitive information private, and investment strategies secure. If you handle these risks correctly, it can reduce the impact on revenue.
Another way to reduce costs is to decrease the number of errors that occur during a response. With an automated, connected solution, you can cut down the number of errors and provide a foundation for delivering a cost-efficient response to crises. Plus, with improved data and reporting on incidents, you can make informed decisions that will reduce the impact of future events. This includes understanding where communication gaps are, areas of opportunity for more process, and what roles you need on a critical response team. All of these decisions impact your business’ bottom line.
How to prepare for any workplace threat
With those benefits in mind, it’s time to get serious about getting prepared. In today’s world, organizations need to respond more quickly and decisively to critical events, but with fewer resources. Without an end-to-end process to manage these events, it’s nearly impossible to satisfy this mandate.
In most cases, organizations are trying to deal with threats using manual processes and disjointed systems. As a result, they are unable to efficiently and effectively manage these events.
Moving forward, organizations will need to respond more quickly and decisively to critical events, but with fewer resources.
With the right plan in place, your organization can prepare for any workplace threat. Here are the five steps to creating a workplace preparedness strategy:
Devise a plan
This might seem simple enough, but the plan must be comprehensive in order to be effective. It starts with a general foundation then expands to cover various types of threats. For each type of threat, map your plan to appropriate resources and response activities.
Given the types of threats your business may face, you should:
- Appropriately categorize critical events by type, predictability, cause and scope
- Differentiate between routine emergencies and crisis events
- Determine how to deal with each event and who will take the lead
- Tailor your plan depending on the severity of the threat or crisis so you can activate your plan as quickly as possible
When getting started with your crisis management plans, start in order of predictability. For example, if you operate in a hurricane-prone region, start by developing a hurricane plan, including one to deal with office closings. If your business operates in many locations, you should standardize your plans.
Assess your sources of information
With a plan in place, it’s time to assess how well the organization can navigate critical events. One of the biggest issues is not knowing when a threat develops and then not being able to confidently vet what happened.
Here are a few different sources of information that you should routinely monitor to stay abreast of critical events:
- Disaster facilities
- Social media
- Cameras onsite
The goal of this assessment is to confirm the threat event and ensure the appropriate team has all needed input and contextual feeds in one place to make the appropriate decisions.
That means lining up trusted information sources for all types of risks. This undertaking can get complex, especially in larger organizations. Start by understanding the event in the context of the five key assets: people, buildings, IT systems, supply chain, and brand/reputation.
Having digitized plans readily accessible by mobile device is key when responding to critical events while out of the office.
Quantify and prioritize your risks
The next step is to figure out what is critical and what isn’t. Answer the big question: What is the impact and exposure? An effective approach to answering this question is to quantify risk based on:
- The threat
- The threat’s nature
- The organization’s overall vulnerability or exposure
- The overall impact to people, assets, and the business
Unfortunately, it’s not a simple equation. Consider the timeline, which is often dynamic. For instance, it’s not sufficient to ask, “How many employees are in HQ right now?” since employees are constantly on the move.
While it’s critical to quantify risk, keep in mind that the impact from a single event can differ across the company and can impact different assets in different ways. For instance, a labor strike in Paris is not a critical event for local employees who know how to deal with it, but it is for traveling employees who aren’t accustomed to this.
In other words, context matters, and can change the risk profile. The key is to understand risk based on all variables to determine the best response to any event.
To avoid alert fatigue or “the boy who cried wolf” syndrome, only inform those who need to know. At the same time, make sure people aren’t bombarded with updates. If possible, let the appropriate people see all necessary information in one place.
The final step is to close the loop by analyzing how well your organization responded. Start your after-action review by trying to understand the following:
- Has this happened before?
- What was the impact?
- What did we do well?
- What could we have done better?
- What slowed us down?
- Who was involved?
- Who responded fastest?
The key is to not only perform these reviews but to close the loop by learning from experience and continually improving the plan and response.
Once you mature your processes, you’ll want to automate as much of it as possible. This can not only prevent human errors, but can help you respond more quickly. A good place to start with workflow automation is with emergency response notifications. Luckily, there is technology that can help.
With Everbridge’s Mass Notification functionality, you can quickly and easily send emergency communications to individuals or groups to keep them informed before, during, and after critical events. Everbridge seamlessly integrates with Envoy’s workplace platform to give you the added security of being able to notify your visitors in addition to your staff during a critical event.
Envoy provides detailed information about who is onsite so you can automatically alert them in case of an incident. With Envoy, employees register to come onsite each day so you know who to expect and who to notify in case of an emergency. With Envoy Visitors, you can be sure to include any visitor type, including customers, vendors, contractors, and guests, in your emergency communications as well.
Businesses must not only know where their employees and visitors are at all times, but they must also quickly and easily gather information about critical events in order to anticipate the business and safety impacts.
Using the right technology, you can ensure the latest intelligence is at your fingertips and you have the tools you need to respond to critical events.
Want to talk to an Envoy expert about how you can use Envoy and Everbridge to prepare your workplace for critical events?