Meeting the Expectation for Always-On Employee Safety [Webinar Recap]
Learn a comprehensive threat intelligence framework to monitor for and identify the threats facing your businesses today and protect your employees no matter where they are working.
- The 2021 Threat Landscape
- Potential Threat Impacts to Your People and Business
- A Modern Framework for Threat Intelligence
- Best Practices for Threat Intelligence
Organizations and their employees are more concerned about personal safety and business continuity threats than ever before. The volume and severity of events have increased, and most employers don’t have the time or resources to constantly monitor the countless threats that could potentially impact their people and business.
AlertMedia’s Sara Pratley, Vice President of Global Intelligence, and Peter Steinfeld, Senior Vice President of Safety Solutions, addressed these challenges and more during a recent webinar titled No Time to Spare: Meeting the Expectation for Always-On Employee Safety.
During the webinar, Sara and Peter introduced a comprehensive threat intelligence framework to monitor for and identify the threats facing businesses today and presented a few best practices for implementing the framework into emergency preparedness plans.
The 2021 Threat Landscape
Businesses faced a myriad of threats this year, from the ongoing COVID-19 pandemic to a huge increase in cyberattacks to extreme weather events. This chart from Allianz’s annual Risk Barometer outlines the top corporate risks for the next 12 months and beyond.
In many cases, these threats are a growing risk as well. For example, since 1980:
The number of extreme weather events has increased by 324%
The number of public demonstrations and protests has increased by 230%
And, tragically, the number of mass shootings has increased by a staggering 725%
These numbers are alarming.
On top of that, cyberthreats have increased. The number of data breaches in the U.S. has skyrocketed in the past decade from a mere 662 in 2010 to over 1,000 by 2020.
Organizations no longer have the luxury of focusing on one or a few different threats. Companies must care about ALL of these threat categories, virtually all of the time, wherever they have safety or operational exposure. With all this in mind, one thing is clear: Knowing how to prepare for these threats matters to every business.
Potential Threat Impacts to Your People and Business
Much of the U.S. workforce is still working remotely or on a hybrid plan due to the ongoing pandemic, which means that employers must protect their people and effectively communicate with them wherever they are, not just at the office or company facilities. A dispersed workforce accrues to less certainty when it comes to assessing risk. You can no longer assume that if there’s a dangerous incident in one region that its impacts are limited to just employees who typically reside there.
When managing dispersed workers, you must think about things like :
- Employer brand
As well as business impacts like:
- Business continuity/operations
- Loss of productivity
- Information silos
It is overwhelming to stay on top of the thousands of safety, security, and operational risks. And without the right resources, it can be especially hard to keep up with it all. Yet, we know that during a crisis, seconds matter, and the quicker you respond to an emergency, the less impact on your business and your people.
The only solution is to start thinking about threat intelligence. This can be done by either employing a dedicated team of analysts who work various shifts 24/7 or implementing a software solution to help.
A Modern Framework for Threat Intelligence
Sara talked through her framework for a scalable and repeatable process for managing, identifying, and alerting your employees of potential threats. This framework is not meant to replace your prior emergency preparedness plans—instead, it should complement and even enhance them.
A complete threat intelligence program requires people, technology, and processes for moving from a place of data to a place of action.
- People understand what to look for, how to interpret and analyze what they find through the lens of impact, and how to take action based on that information.
- Technology can supplement the work your people are doing by helping to monitor for and detect intelligence.
- Processes help you understand how to communicate what you find.
These three elements are integrated into a comprehensive framework for threat intelligence.
Detection of threats is the primary challenge because threats don’t always occur within the typical 9-to-5 office hours, and it’s impossible for people alone to investigate every single piece of information.
Some organizations may choose to solve this challenge by employing a 24/7 security operation center, in which a team of analysts will monitor the hundreds of independent information sources like local news, social channels, and the National Weather Service. Other organizations choose to outsource their monitoring by deploying a purely SaaS solution.
Either way, your goal should be to monitor as many potential threats as possible, gather context, and weed out misinformation. That way, threats can be detected early on and properly addressed.
You then need to assess the threat and figure out the details. Assessment involves understanding:
- The type of threat: Is it weather-related, crime-related, or something else?
- The threat’s impact: How many people and locations might be impacted?
- The timeline: How much time do you have before the threat hits?
Next, you need to verify that it’s indeed real by corroborating across other sources and assessing your business’s potential risks.
Here are a few things to consider during your verification process:
- Where is the information coming from? Did you find news of the threat on an unfamiliar website, or is the source of information reputable?
- What’s the size of the conversation surrounding the threat? Is only one person talking about it on social media, or is there significant noise online?
- Has your source been cross-referenced with others like police scanners, public data sets, and more?
While responses can vary widely depending on the setting and circumstances surrounding the threat, detailed communication with your people before, during, and after should be priority number one. Your people need to know how to act and how quickly.
Consider how the information will be delivered and received and how effective the channels of communication will be at reaching everyone in harm’s way. It’s best practice to send messages across multiple channels, but make sure you also have a way to receive messages using two-way communication.
For a complete outline of the global threat intelligence framework, watch the on-demand webinar now.
Best Practices for Threat Intelligence
Peter presented a few best practices for implementing threat intelligence into your emergency preparedness plans, from how to assess your risks to leaning on your network and community for support.
- Risk assessment can help guide your strategy and priorities in the coming year.
- Get your internal stakeholders on board with investing in a modern emergency communication system.
- Consider using a holistic, all-hazards approach to your emergency preparedness plan.
- Devote adequate resources to protecting your people and evaluate their effectiveness.
- Communicate with your network and peers at similar organizations to problem-solve and brainstorm.
Organizations must have intelligence-gathering processes that are sufficient in meeting the expectations of a dynamic, distributed workforce while offering them proper visibility into a rapidly-expanding threat landscape. For details on how to achieve this at your company, watch the full on-demand webinar now.