Eight Reputation Protection Plans Your Small Business Needs Now
We have all witnessed the tragedy of a company, particularly a small business, investing substantial amounts of money and time to build a reputation only to see it all collapse due to an incident they were not prepared for or never saw coming.
It makes me wonder–how many small companies actually practice a broad-based approach to reputation protection? From the stories of companies making bad situations worse through slipshod handling of public perception, it seems like very few indeed have sound broad-based risk and reputation management planning in place across their company.
Failure to actively and comprehensively plan for a business interruption can destroy reputation and operational viability. By now we should all know that!
However, despite the almost daily news about companies facing a wide variety of risks and business interruptions, many smaller businesses still have inadequate or nonexistent plans to effectively deal with risks and manage their reputations. Some only pay lip service to planning, while others are overly pedantic about planning, updating, and testing. A few have plans but rarely update and test them. Many have no plans at all.
A broad-based approach to reputation protection involves developing, implementing, and sustaining multifaceted plans to protect people, facilities, operations, processes–and ultimately your business, brand, its perception and reputation.
An effective planning process not only plans for incidents and risks: it also plans for impacts, both internal and external, on your employees, company, processes, systems, and supply and value chains, as well as bringing critical assets back into operation with as little delay to your company and stakeholders as possible. Failing to properly prepare for incidents and outcomes will be detrimental to your reputation in the long run.
From my perspective, sound reputation management relies on two key pillars: Risk Management and Communications Management. Each pillar has four components incorporating eight essential reputation protection plans you can implement to protect your business and its public standing.
All eight plans intersect and integrate at the planning, implementation and incident management stages. As I always say to clients, “If you are not prepared to manage your risks, you are probably not prepared to effectively defend and manage your reputation when it is threatened.”
Risk Management
There are many plans that help to manage the risk of an organization. To me, these four plans comprise the core components of business and organizational risk management:
- Business Continuity Plan
When an incident occurs, a business continuity plan (BCP) supports a company so that it can restore any lost functions critical for its survival and continue operating as close to normal as possible.
The BCP helps companies protect their most valuable assets in a disaster–people, critical assets, business processes, property, etc. Once formulated, the BCP must be tested and exercised at regular intervals so areas of weakness can be identified and the plan amended accordingly.
No matter how dire the situation, your reputation improves relatively when people see that you have a backup plan. Depending on the nature of the threat or risk, some companies may continue to operate from their premises. Others may have to close their premises and move some or all of their business functions to another site or location–a hot, cold, or warm site. Irrespective of what transpires, demonstrating to customers that you are prepared and have a plan of action can further boost confidence in your company.
Companies with a well-architected and practiced BCP are more likely to recover from an incident with their reputations intact or minimally impacted. If a company is not protected with a BCP and suffers significant damage to people, assets, processes, data, and facilities, and it is obvious to the public that this damage could have been avoided through effective business continuity and interruption planning, then its overall reputation will suffer.
In short, crisis communications does not stand alone; it is a vital component of an effective BCP. As we have seen, ineffective crisis communications during a critical event severely strains public perception of a brand and damages its reputation.
A well-structured plan ensures that your company and employees can quickly recover all relevant important processes and functions and continue to operate as close to normal as possible while the incident and its impacts are being resolved. Building, updating, and maintaining a BCP is a sound investment and a lifelong commitment to the health of your business and its reputation.
- Disaster Recovery Plan
The disaster recovery plan (DRP) focuses on a company’s IT infrastructure and business processes. It is a “living” plan, just like the BCP, that sets out the policies, processes, and procedures a company should follow to protect its data before, during, and after a critical event, as well as to recover from the event itself with its applications, processes, and data intact and restored.
An essential component of a disaster recovery plan and strategy is a crisis communications plan. This plan must provide for alternative communications if part or all of a company’s IT infrastructure is impacted, and have communication strategies and methodologies in place should there be no way of utilizing traditional communication methods such as email, phone, website, social media, etc.
Being able to communicate with internal and external stakeholders when systems are down for an extended period prevents error and overreaction. Providing stakeholders with resolution updates and contingency plans that ensure they will continue to receive services and will not suffer collateral damage reduces the impact of negative opinion and rumor-mongering that can damage your reputation.
- Emergency Management Plan
An emergency management plan delineates the organizational response structure and processes for managing emergency situations (fire, active shooter, etc.), identifies the resources needed to tackle the emergency, and outlines the processes to be implemented to lessen the impact of risks and incidents to people, property, and facilities. Simply put, it provides guidelines for emergency response to a wide variety of threatening situations.
In general terms, emergency plans focus on emergency notifications and communications; evacuation policies, processes, routes, and shelter-in-place procedures – among many others. Emergency plans are primarily focused on the wellbeing of people. They are designed to define and delineate strategies to move people out of harm’s way as quickly as possible and to work with responding authorities to make sure all people directly or indirectly come away from the incident without harm. Obviously, if a facility has animals located on its premises then appropriate planning must occur.
A strong emergency plan drills into a company’s specific realities of employee safety, visitor safety, and public safety. It details methods to prevent, limit, or minimize damage during a critical event and to apply wise use of resources. Major components of emergency plans are usually shared and practiced with all individuals involved, e.g. evacuation routes; procedures to follow in a bomb threat; how to respond to an active shooter; etc. Conversely, business continuity and disaster recovery plans are shared only with key teams and individuals but are not made available to all employees and company visitors.
While there will be crossover between a company’s emergency plan and a company’s business continuity plan, emergency plans are focused exclusively on safety, and business continuity plans are more focused on company systems, getting the company up and running again, and getting people back to work as soon as possible.
If a business is a tenant in a building or facility, it may depend on the emergency plans of the landlord, or may need to integrate their emergency plans with that of their landlords.
Not having an emergency plan can severely impact your company’s ability to salvage its reputation after an incident. Legal litigation from citizens impacted by poor planning coupled with legal action from the authorities due to poor compliance with various regulations can further damage a company’s reputation. A word of advice, don’t forget to include emergency planning for employees and visitors with disabilities.
- Cyber Security Plan
A cyber security plan is a plan of action that a responsible company formulates to protect the integrity, confidentiality, and availability of its data. The plan builds detection systems into the company’s network, systems, and assets to facilitate the rapid and accurate identification, response (proactive and reactive), and recovery from internal or external threats orchestrated by actors with various intentions (e.g. steal, change, manipulate, or view data; test systems and responses; plant malware; etc.)
The cyber security plan should factor in regulatory and compliance issues that could impact the plan and the company’s response to a situation, the internal and external risks identified by a risk audit, and the type of environment in which the company is operational.
Time and time again we have seen how companies have taken a significant knock to their reputations because they may not have had the appropriate type of cyber security plan, or they had the right plan but did not implement it correctly. We have also seen how many companies have either had no crisis communications as part of their cyber security plan, or if they have, they implemented it poorly.
Your company’s cyber security, business continuity, disaster recovery and crisis communications planning is intertwined, interdependent, and essential to maintaining resilience in challenging times.
From a risk management perspective it is clear that you cannot plan for every risk or potential critical event, but almost all incidents have the same, similar or common impacts, if they materialize, for which you must plan. A fire, electrical outage, burst pipe, protracted network failure, pandemic, etc. could necessitate the invocation of a number of risk management plans resulting in a company closing its facility and moving employees to other offices or asking them to work from home. In this case, planning for a facility closing or a work from home scenario would cover a wide array of risks should they materialize (plan for impacts and resources needed to deal with the impacts).
Communications Management
Communications management is the second pillar of reputation management. Four crucial components establish, build, maintain and protect a company’s good standing in the eyes of the public (internal and external publics). These components also influence the public’s perception of your business. They are:
- Public Relations Plan
Building and maintaining a reputation is critically dependent on a well thought-out and strategic public relations plan. A public relations plan based on clear objectives, strategies and tactics helps your company be more discoverable by potential clients, keeps you visible to current customers, and helps your company break through into vertical markets and build enduring profiles of your key spokespeople.
The public relations plan drives effective communications and generates value-added content in your bought, owned, and earned media universes. It also builds and sustains healthy relationships with core media. As part of your public relations plan you should also include internal communications. Employees often make the best advocates for a business – and its important to keep them informed and aware of what their company is doing and where it is going.
The real value of a well-thought-out PR plan emerges in several areas: regular news dissemination, media interviews, positive coverage, good messaging and positioning, and supportive employees. Most importantly, when a crisis strikes, journalists who have established relationships with you and your company are more likely to reserve judgment and report facts with a balanced perspective.
Your PR, social media, and content marketing plans must be integrated and work in concert, particularly when it comes to messaging consistency and time scheduling. This helps establish, build, and maintain your brand and messaging synergy and contributes to seamless and integrated reputation management both externally and internally.
- Crisis Communications Plan
A crisis communications plan helps a company communicate with appropriate messaging as soon as possible after a critical event has occurred. A good plan will expedite communication to all relevant audiences with accurate and specific messaging to influence perceptions. Clear, rapid communication demonstrates integrity, prevents the rumor mill from starting up, and allows you to take control of the communication process and position yourself as a concerned company.
Avoid using an “off the shelf” crisis plan. A strong crisis plan should be based on the company’s specific manmade, technological, and naturally-occurring threats and risks as well as future impacts should a threat or risk materialize. Essential components include identifying members of the crisis communications team; delineating roles and responsibilities; defining what constitutes a crisis; outlining how a crisis is verified; providing templates for holding statements and core messaging; and more.
Not having a good crisis communications plan in place could potentially cost you your business, its reputation–and your own! Developing and implementing a strong crisis communications plan demonstrates that you are a responsible business owner and shows employees, partners and customers that you have their best interests at heart.
- Content Marketing Plan
A content marketing plan creates the blueprint for a company to formulate content of value, identify recipients based on their specific personas, and target them with content disseminated in many different ways–video, online, print, newsletter, etc.–based on patterns of consumption.
Many companies rush into content marketing thinking, “We know who our decision-makers are–we have been communicating with them for years and we know how they perceive us! So we don’t need a “plan,” just a list of articles.”
But the hard truth is that as business becomes more competitive, customer acquisition and retention becomes more complex. Add in the fickleness of both customers and companies who quickly drop one service partner for another because they can get a better deal or service for any reason, and the ability to hold on to clients and show them what value you bring to the table becomes more critical. You need a plan to build and maintain your reputation with stakeholders, how they perceive you, and provide them with content of value.
A targeted content marketing plan should include a broad array of approaches such as strategies, persona identification, communication channels, content schedule, content messaging and topics, content conduits (e.g. infographic, white paper, webinar, Q&A document, case studies, briefings, newsletters) and measurement. There are many more components that you could include.
Lastly, make sure you know what issues you may face during the execution of the plan so you can factor them into your planning process.
- Social Media Plan
A social media plan outlines objectives, strategies, and tactics to introduce, grow and sustain an online presence across all relevant social media real estate and to engage stakeholders to generate an informed online perception of a company. It details specifics such as roles, responsibilities, content approval process, and dissemination timeline. Ideally, all content disseminated should focus on the company, its products, goods, and services and comment about industry issues and events.
The plan should discuss company culture and how it should be portrayed, as well as set the overall tone of the content. This is the place to decide whether or not to venture into commenting on political, religious, and social issues. As a general rule it is best to avoid controversial and emotionally charged topics and stick to business, unless the company provides consulting, products or services to these domains.
Should something irregular occur, then an escalation process needs to be in place to alert senior communication management, which would cascade into a social media crisis component in the plan. If you are going to have a social media plan and are social media active, you also need a social media crisis plan to guide your company through an online crisis.
Establish clear social media policies and guidelines before any social media is implemented, and make sure all employees are fully briefed to maintain a consistent approach across all venues. A well-developed social media plan and social media crisis plan contributes significantly to building and protecting the perception of your business in the social media universe.
All eight of these plans should reflect and support your company’s unique assets and goals. Laying down this foundation will help you ride out the inevitable crises, both small and large, that come with running a business. Put these plans in place to help build, grow, preserve, and protect your reputation and your business when the going gets tough. Remember, work with experts to help put these plans in place …… and don’t forget to test, exercise and update them. It is a lifetime commitment.
—ENDS—
About Fortress Strategic Communications:
Fortress Strategic Communications provides specialized strategic public relations and crisis communications consulting to companies that offer products, services, and solutions designed to manage and mitigate all types of risk. Typical clients are active in the security, disaster recovery, cyber security, safety, business continuity, homeland security, and emergency management domains. FSC also provides public relations counseling to startups looking to enter the broader enterprise risk management arena. The company draws on their executives’ combined 20 years of global experience in a broad array of vertical markets. For more information please visit www.fortresscomms.com or contact us via [email protected]