Risk

Protecting your organization’s reputation strategy and brand from very public security crises

By Michael J. Martin | July 26, 2022 | 3 min read
Protect company from scandal

In 2017, a roving security robot made by Knightscope made headlines when it drove straight into the water fountain at an office complex. Photos of the Knightscope K5 floating in the fountain were quickly uploaded to Twitter and made the rounds on social media. It wasn’t a great look for Knightscope, a company that makes autonomous security robots to help enterprises with patrols and other security issues, especially since other K5s had been involved in mishaps in the past.

KnightScope, however, responded with aplomb, tweeting an official apology from the robot itself, complete with a drawing of a K5 in shades and swim trunks: “I heard humans can take a dip in the water in this heat, but robots cannot. I am sorry," said the tweet. Silly? Yes. But the lighthearted response was an appropriate and clever way to address a very public K5 malfunction that could have hurt the company. If the company had ignored the incident, the public perception of the company might have suffered.

Accept it: a public crisis will probably happen

No company likes a public incident, but they happen, and especially now that almost everyone can easily film incidents and post them to social media, there’s a good chance that your internal security issue may end up in the public eye. It doesn’t matter what it is.

It could be as silly as a robot falling over, or as serious as a workplace incident, product tampering, or a chemical spill. Eventually, something your organization doesn’t want to be made public will end up getting out.

While yes, an incident can damage your brand, the way your team handles the crisis is likely to have an even bigger impact on your reputation. If your organization isn’t prepared to handle a public incident, and if your response to anyone who asks about the crisis is “no comment” you are likely to create ill will that can hurt your brand.

Have a communications plan

Communication is key, and It’s important to have a plan in place before a crisis even happens. Designate one person in your organization as the point of contact for communications. This is the person who will be in touch with the public, the media, and anyone else who has a question about the incident.

This person should be trained; they should be able to strike the right tone depending on the incident. They should be aware that “no comment” is a quotable comment that rarely reflects well on the organization giving it.

They should also know that they are not there to stonewall the press. A good spokesperson is able to give information to reporters without giving out too much. They know how to funnel the media to experts who are authorized to comment on specific information related to the incident — if there is a chemical spill, for example, the communications person should be able to send reporters to the head of the clean-up for specific comments relating to those efforts.

Conversely, everyone else in the organization should know not to comment, but to refer media to the spokesperson instead.

The point is to offer a unified, consistent message. This message must look the same no matter how it’s delivered: through official statements, press conferences, or via Twitter.

Need help with security tabletop exercises? Contact us now for a demo.

Secure the site

If communication is about information being let out, security in this case, is about not letting more eyes in. Game out how you will secure a site that’s been compromised in a crisis. Be sure that if an incident happened on site, you have a plan for removing people (and their phones) from the scene.

How will you handle visitors? If the site is part of a larger facility that’s still functioning, how will you keep folks away? Also, if there’s a spill, or another hazard, how will you work with the authorities to keep people safe?

Incidents are out of your control, your response isn’t

We like to think we can control everything in business, but we can’t. No product is foolproof, and sometimes, incidents happen.

You can, however, control your organization’s response to an incident. Crises have a way of revealing the people and organizations who are involved. During a crisis, it will become obvious what happened, and what your company was prepared to do about the incident, and what you didn’t do. By planning ahead, you can make sure your response is the best it can be, even if you don’t exactly know what crises are coming your way.

Need help building an incident response plan? Talk to an expert.

Are you ready to improve your organization’s risk resiliency?

See Circadian Risk In Action Now
Watch a Demo