In my "Crisis Manager" newsletter, in October 2005, I published "25 Crisis Management Lessons learned," based on my consulting assignments of the preceding year. You may wish to review those first, since most, if not all of them are still valid. I had thoughts of repeating this the following year, but somehow time got away from me and WHOOPS, it's 2008!

But what the heck. There may well have been a few lessons learned since then, so I'm pleased to bring you this updated compilation of my opinions. As with my previous article, these are not in any particular order, but if the shoe fits...

1. We have probably not seen the end of food and product-related crises originating in the People's Republic of China. Any organization with relevant connections to the PRC should factor this into their crisis preparedness.

2. The Internet continues to make it easier to read about, hear and view skeletons in your closet. Corollary lesson: Conduct your business as if everything you write, say and do might be recorded and you'll avoid a lot of crises (P.S. There will be 300 million multimedia-capable mobile phones mobile phones shipped in 2008).

3. Intra-organizational infighting is one of the leading causes of crises and plays a major role in exacerbating crises that may otherwise have remained minor.

4. No written statement can transmit crisis-related messages as well as video communication.

5. If you're a technophobic CEO, get the heck out of the way and let your techno-savvy staff and/or consultants guide you on the best ways to use technology for crisis management purposes.

6. The Better Business Bureau (at least in the United States) can be a royal pain in the ass to deal with because of its institutionalized bias and bad habit of presenting information out of context. Unfortunately it's probably still worth your reputation management time to be highly responsive to BBB complaints and to be a member as well. BBB complaints are often cited by your critics and it's a very common destination for consumers deciding whether to do business with you.

7. Ignore a committed online critic and he'll take most of the top Google rankings under your preferred search terms.

8. The most predictable judge or jury is unpredictable. Always prepare for multiple potential outcomes in litigation-related crisis management.

9. Every organization in the world needs a blog.

10. Changing copy less than once per week on a blog created as a primary communications vehicle (versus strictly for SEO purposes) is like riding a horse in the middle of the German Autobahn - everyone's going to pass you by or run you down. If you don't know what "SEO" means, see lesson #5, above.

11. Too many organizations engage in Search Engine Obfuscation instead of Search Engine Optimization, enhancing their vulnerability to crises.

12. Policies vital to avoiding and/or minimizing the damage from crises MUST be accompanied by initial and refresher training or they are worthless. Corollary lesson: almost every functional area of an organization has (or should have!) such policies.

13. When there are significant cultural differences between the foreign owners of a company and the natives of the country in which they're doing business, those owners must be willing to defer crisis communications strategy and decisions to those who best understand the culture(s) in which they are communicating.

14. If an organizational leader make a commitment to his/her stakeholders, he/she should make certain that everyone in his/her organization (a) is aware of the commitment and (b) does nothing to violate it, or the entire organization's credibility can suffer immense and completely preventable damage.

15. Few organizations have telephone systems or website servers capable of managing the dramatic increase in traffic that would result from a crisis. And many of those who think they do haven't tested their systems through simulation exercises.

16. If I emptied 10 trashcans in the executive suite (and many other parts) of most organizations at the end of a workday, I would find information that could compromise the reputation and/or financial well-being and/or security of those organizations.

17. If you are likely to need certain types of products or services as a result of the types of crises most common to an organization such as yours (e.g., backup generators, testing laboratories), the time to establish relationships with product/service providers is now, not under the gun of a crisis. Corollary lesson: during times of widespread crises, such as a natural disaster, demand for certain types of products/services is higher than the supply; "preferred customers" move to the front of the line, last-minute customers may not be served at all.

18. It's a mistake to let crisis response depend on the leadership skills of any single individual, no matter how talented and charismatic he/she might be. Crisis response should be based on advance planning that generates a system for effective response which works even when individual team members are unavailable at the time the crisis occurs.

19. PR representatives for any organization need to be very familiar not only with traditional media, but with leading bloggers covering their industry. In times of crisis, leading bloggers can become more important than traditional media, as they are more prolific, more focused on a subject over the long-term, and more frequently quoted by other bloggers.

20. Not all IT departments or consultants are created equal. Some of them think they understand all the ways in which the information on their systems can be compromised. Some of them are wrong.

21. Far too many organizations have no contingency plan whatsoever for what to do if - tonight - they permanently or for some long term lost access to their primary workplace or a major facility due to a disaster of any kind (e.g., fire, flood, earthquake, tornado, hurricane).

22. There are relatively few organizations that have functional disaster response plans - functional meaning that they include all details of what to do in the event of a man-made or natural disaster and that training has accompanied the plans, to including drills and/or exercises.

23. Many crises, from reputational threats to threats of violence, have been foreshadowed by messages on traditional websites, blogs or social media sites, but most organizations fail to regularly monitor these online locations. Those seeking to harm individuals or an organization have the portable ability to easily record the written word, audio, and video and post it on the Internet very quickly - or even live.

24. Quite a few organizations have a policy of not allowing their top leaders to fly together, yet they are actually at more risk driving together, which they do all the time.

25. While many organizations go to great length to protect the security of data stored on their servers, the same organizations usually allow executives (and others) to have notebook computers on which they stored sensitive information. Those notebook computers, which are taken to public places and highly vulnerable to theft, are seldom secured by anything more than a password, which is easily bypassed. There are many articles about notebook security available online.

I probably could have called this list "Lessons that Too Many Organizations Still Haven't and Won't Learn Soon," but now you can endeavor to ensure that your organization won't become a negative case history for others.

Source: Jonathan Bernstein link