Terror in Norway and Global Threats

               Anders Breivik carried out one of the worst solitary attacks in modern history, killing as many as 98 people, mostly teenagers, in a few hours.  First, the bomb blast in Oslo and then the nearly 90 minute shooting spree on Utoya. 
               Breivik admits to carrying out the attacks, but denies any wrongdoing.  He also stated that there are two other cells.  These cells may have been involved or preparing to carry out further attacks.  Le Monde reported that he had over 600 Facebook friends who could have been affiliated through a group called English Defense League.
               As the investigation moves forward, the press from around the world is already beginning to try to make sense of the senseless.  Breivik has been characterized as a right-wing extremist, possible Neo-Nazi and one reporter even called him a Christian fundamentalist (wow!).  I have to say that I haven’t heard of any Christian groups that support Breivik’s killings at all, so that last is a real ridiculous stretch.  And of course, the focus has quickly turned to immigration policy as the heart of this killer’s manifesto focused on the unchecked immigration from other areas, including Muslims.  One priest from Oslo was quoted saying that she was happy it was not an Islamic terror attack and seemed to think that it was a good thing a white right-wing extremist was behind it, as if that changes the fact that 90-some people are dead.
               Breivik claims that he joined a re-incarnated Knights Templar, in London, in 2002, and the groups’ intentions were to protect Europe from a second, modern Muslim invasion.  Little is known about the group at this point, but I am sure that there are investigations under way to learn as much as possible. 
               It is natural to try to understand why something like this happened.  It is also critical from a security and law enforcement perspective to get into the suspect’s mind in order to understand the thinking and use that to prevent future attacks.
               The risk is that it is easy to be sidetracked by names or labels.  It has been said that generals are always trying to fight the last war that happened with their tactics rather than the current threat.  That is the problem with being too focused on labels, such as right wing or anti-immigration and so on.  We cannot forget that threats come from many different angles and different directions and it is hard to define one bad guy to watch for.  In fact, the world is full of many, vastly different bad guys and gals, threatening us in various ways.
               These threats can come from the left or right political views, such as ELF and ALF.  They can be foreign and domestic.  In fact, the lines can become rather blurry at times.  For example, the bombing attacks in London in 2005 were carried out by ‘homegrown’ terrorists - citizens of the United Kingdom that were influenced by Islamic terrorists.  Fifty-two victims were left dead.
               In Mumbai, India, the attack that left 174 dead in November of 2008 was carried out by Pakistani terrorists.  The most recent bombings in Mumbai are still under investigation.  In Madrid, al-Qaida-inspired terrorists left 191 people dead after explosions on the train system.  And, of course, there were the al-Qaida attacks of 9-11 that killed almost 3,000. 
               Whether the threat is from Osama Bin Laden or Timothy McVeigh, the basic steps to prevent and protect ourselves is the same.  It is important that everyone be alert to suspicious activity, such as what happened in Times Square when a car bomb failed to detonate and passersby alerted authorities.  Security staff should be trained to look for signs of surveillance or practice runs, a precursor to most attacks. 
               And last, a risk assessment designed to recognize global threats should be conducted.  This can focus on known or likely threats, vulnerabilities in the protection program and critical areas or assets.  A risk assessment needs to be ongoing, a process constantly re-evaluating new information and changes in the threat environment. 
               Do not lose your focus on all the potential threats and become obsessed with only the latest news of the day or get distracted by the labels used. 

Have you wondered how to deal with an aggressive employee or phone threats against a staff member?  Do you have the security system you should?  Are you worried about how your business would handle an emergency situation?  There are lots of worries as a leader in your organization.  Security risks do not have to be one of them.  I am available for business coaching sessions with a focus on security and operational risk management.  The first session includes a money back guarantee if you are not completely satisfied.  For more information, send an email to eric@businesskarate.com. 

The Five Steps to Great Customer Service

Customer service.  Every business talks about it, but not everyone has it.  So what makes for a good customer service program and why are some businesses successful and others aren’t?
Think about some of your own experiences, about when you’ve been unhappy and what made you angry.  Chances are it was a combination of things, but one of those was probably a feeling of lack of control over the situation.  The business had your money and you didn’t get what you were promised.  The second thing was probably the feeling that you weren’t being heard and that no one cared.
The third piece was the frustration that no one could help or had the ability to help you even if they wanted.  For example, have you heard the excuse that the problem could not be fixed because the computer was down or wouldn’t allow it?  It just creates aggravation when everyone agrees that there is a problem, but no one can do anything about it (or is it an insincere excuse…mmm?).

Fourth was most certainly a lack of apology when things went wrong.  Most people do not expect everything to go perfectly, but do expect an apology when mistakes happen.  I’ve heard of one study where 80% of people who filed a lawsuit did so because they never got an apology.  Imagine that – the costs to a business to defend itself in court, pay for attorneys, court costs and potentially damages and all could have been avoided for an apology.  Of course, the ironic thing is that the same attorneys defending you would warn you to never apologize for something (good advice or self-serving?).
For any company, your customers are the most important part of your business.  Think about the risks that poor customer service can create.  The greatest advertising campaign and marketing plan may bring in new customers.  But if you allow poor customer service then the best advertising will be for nothing.  You may bring in new customers, but you won’t get any repeat business.  It makes the most sense financially to develop loyal customers who come back again and again.  You’ve reached them with your marketing, drawn them in, and closed the deal.  Compared to starting over with a new group of potential customers, bringing back repeat business is more effective.

What is an organization to do?  The good news is that there are some basic guidelines that will keep your customer service program on track.  The 5 steps to create good customer service are:
1.      Expectations – Make it a clear expectation of employees.  If you employees understand that meeting your customers’ needs is their number one mission, then they will.
2.     Empowerment – Allow employees to make the decision to do what is best for the customer.  Let them override computers, but instead be able to take the steps to help customers.  Even when the customer is wrong.  If they walk away unhappy or disgruntled they won’t be back and neither will all the people they tell.  Being right can be the road to ruin in these cases.
3.     Hire the right employees – Employees should be empathetic.  Even in violence prevention programs, people are taught to reduce the risks of violence by listening and being empathetic to others.  Hire people that have demonstrated that ability or be sure that you can teach it.  Without it, employees may be sending the message that they don’t care about the customer – a quick way to get an ex-customer. 
4.     Human contact – Even in large organizations, such as the boiler plate customer service centers, make sure that you create an environment of accountability on the part of staff.  Nothing is more frustrating as a customer than making repeat calls to a customer service center for the same issue and each time having to start the explanation all over again.  And these same customer service agents often have long code numbers, worse than 007, and no extension or way to ever contact them again.  Where is the accountability or motivation to really help the customer in that environment?  So you ask for a supervisor and get the line, “He is in a meeting right now” after holding for several minutes.  Followed up with the line, “I’ll they will call you later today.”  Don’t hold your breath.
5.     Compromise – the final consideration is being flexible enough to compromise.  Even when the customer is wrong, you can still ‘negotiate’ a solution.  Courts do this all the time.  A traffic offense can be plea-bargained down to a non-moving violation or the fine reduced, for example.  Be willing to plea bargain with your customers.
Follow these steps and you will be well on your way to great customer service and to protecting your most critical asset – your customers!

Share your customer service stories in the comment section below or email them to eric@businesskarate.com. 

Have you wondered how to deal with an aggressive employee or phone threats against a staff member?  Do you have the security system you should?  Are you worried about how your business would handle an emergency situation?  There are lots of worries as a leader in your organization.  Security risks do not have to be one of them.  I am available for business coaching sessions with a focus on security and operational risk management.  The first session includes a money back guarantee if you are not completely satisfied.  For more information, send an email to eric@businesskarate.com. 

Feeding the Hand that Bites You – Lessons from Libya

Eric Smith, CPP

               Just before Christmas 1988, the 747 took off from Heathrow for New York.  Less than an hour later, a bomb on the airplane exploded.  The plane quickly began to split apart and the cockpit broke off, beginning a freefall that lasted about two minutes.  Passengers not strapped to the fuselage were blown out of the plane.  Forensic experts believed that the passengers would have lost consciousness initially due to the rapid change in air pressure, but that they may have regained consciousness before the plane hit the ground, a terrible possibility.  The wing of the plane hit several homes in Lockerbie Scotland, killing 11 people including at least one entire family.  In total, 270 people were killed in the horrific attack.
               The investigation revealed that Libya was behind the attack and as recently as February of 2011, a former Libyan minister reported that Muammar Gaddafi, Libya’s dictator, had personally ordered the bombing.
               There is no doubt that Gaddafi is evil.  So when rebels began protesting earlier this year and fighting against his regime the obvious choice was to help the rebels.  NATO finally responded to support the rebel forces with France taking a leadership role even taking further actions and supplying arms to the rebels despite complaints from Russia and China.
               Le Figaro and Bloomberg Business News reported that some weapons supplied to the rebels, the National Transitional Council, were recovered from al-Qaida in the Islamic Maghreb (AQIM) forces in northern Africa.  AQIM forces have been fighting the security forces of several countries in the region.  Among the weapons finding their way to al-Qaida extremists are rocket launchers, rifles and Semtex.  Ironically, Semtex is the same plastic explosive used on Pan Am 103 in Lockerbie. 
               We’ve all heard the expression “don’t bite the hand that feeds you.”  Unfortunately, in this case, we see an example of the opposite where we are feeding the hand that bites (or slaps) back. 
               This type of risk is not limited to international terrorism or global conflicts.  The same is true in other settings, where individuals or organizations try, with the best of intentions, to help someone or some group, but open themselves to risks.
               Healthcare is a good example.  Violence against care providers is rampant within the healthcare industry, especially for anyone working with mental health patients or in emergency departments.  Nurses trying to help patients are the ones most likely to be attacked by that same patient.
               The good news is that there are lessons to be learned, lessons that can be applied in other situations, whether opening an international business operation, dealing with global conflicts or even violent behavior by a patient.
1.     Consider the unintended consequences.
2.     Identify the players.
3.     Control the game.
4.    Don’t ignore the warning signs.
Consider the unintended consequences.  This is perhaps the trickiest part of risk management.  Risk assessments are based on known or threats and vulnerabilities.  The key is to look beyond the surface and develop an understanding of how different pieces of the puzzle fit together.  In a chess game, a player needs to think five moves ahead and all the possible contingencies depending on what their opponent does.  Be willing to think through a wide range of scenarios and ask yourself what if questions.  This approach can help identify hazards that might have been overlooked.  Or even reveal opportunities that could have been missed.
Identify the players.  In real life, it can be very hard to find out who the good guy is or who the bad guy is.  Even in the case of healthcare, the belligerent, drunk patient may not do anything physically, but the grandmother with dementia may attack the nurse, without knowing what she is doing.  In the situation in Libya, it should have been clear that some rebels may have ties to al-Qaida and that, at some point, weapons would find their way to extremists. 
Control the game.  You cannot control every element or risk factor, but it is critical to limit your exposure to potential risks.  If you are expanding an international business, or any commercial undertaking, it makes sense to try to mitigate the items that you have no control over.  In Libya, France should have used tighter control on the arms shipments and who was receiving them.  For instance, air dropping the supplies to known individuals and in smaller quantities until their trust was ensured.  In business, the easiest option may be to rely on one supplier for critical items.  To control the game, identify alternative suppliers and have a backup plan in case the primary source is not available. 
Don’t ignore the warning signs.  It is extremely easy to focus so intensely on accomplishing a goal that we overlook warning signs.  Across the Middle East, there have been worries about the rebels in Egypt, Syria and Yemen and the ties to Islamic extremism and terrorism.  The same concerns apply to the National Transitional Council and some of the individuals fighting Gaddafi.  The same is true in areas such as healthcare.  Too often, nurses ignore the warning signs of escalating violent behavior until the patient is punching, kicking or biting employees. 
These tips can help with business negotiations as well as national security.  And sometimes, the best course of action is to walk away.  With the Libyan situation, unless we can follow the rules above, NATO and France could be getting into a no-win situation. 

Eric Smith, CPP is available for business coaching services.  His emphasis is on security and operational risk management.  To learn more about coaching or security training, contact Eric at eric@businesskarate.com.      

Responding to Bomb Threats - Part Two

               Hollywood loves the drama of explosions, bombs counting down to zero and the last minute defusing of a bomb about to blow.  But real life bomb threats are serious business and can affect your business (see Responding to Bomb Threats – Part One).
               From the first discovery of a suspicious device or the first threatening call, employees will be distracted and have to stop their normal work to search or evacuate.  The response to a bomb threat seems simple enough on the surface, but can quickly become complicated, especially if your organization is not prepared or has not practiced.
There are two most likely ways that you may start your bomb threat response.  The first and most common, is a phone call warning that a bomb is in the facility.  This could be someone with insider information or the suspect himself.  Or a test to see the response to the threat.
The second way is for someone actually finding a suspicious device.  This is what happened with the Time Square bombing attempt.  Two vendors noticed smoke coming from a suspicious vehicle and notified police, leading to the evacuation of the area and eventually to the arrest of Faisal Shahzad. 
Numerous resources online explain what someone should do when they receive a threatening call.  In short, try to get as many details as possible about the explosives and location(s). 
The real trick comes next.  Staff must be alerted to the threat (whether a call or a suspicious device) and the emergency operations plan should be started.  This could be as simple as the incident leader with enough support to coordinate and track searches of the facility.  Also, the leader will need to coordinate with police.  Responding officers will not tell a business to evacuate based on a threat, but they can help assess how credible or likely the threat is.  If similar calls in the area resulted in explosives being found, then that certainly changes the perspective and may prompt an evacuation on a threat alone.  The incident commander will have to weigh those risks and make the final decision on evacuation unless a device has been found.  Another concern is whether or not the building needs to be locked down.  If there is a pending threat, do you want more people coming into a building that may need to be evacuated? 
If there is no reason to evacuate yet, then staff members need to conduct searches of the areas with which they are most familiar.  Before the threat ever starts, employees should be trained on search procedures, both areas that they are responsible for and how to search.  Searches need to include all areas, including restrooms, closets and remote locations.  Searches should be conducted in pairs and done methodically, starting with a search around the floor to waist height of a room then waist to eye level and eye level to ceiling.  In some cases, searches should be done above false ceilings to make certain nothing has been hidden there. 
Be prepared for a lot of suspicious items to be found.  Once people start looking for something odd or out of place, they will certainly find it, if not an actual bomb.  Incident command should be called (landline – no cell phones) and investigate with either police or security.  This can make finding any actual device a little trickier, with the wild goose chases.
During this phase of the incident, two basic things can happen.  One is that a bomb is found.  The other is that one is not found.  If one is found, the organization will have to begin its evacuation plan.  This should be part of the business continuity plan, based on any hazard damaging the facility.  Whether the evacuation is due to a bomb, tornado or utility failure, the end result is the same: operations need to be moved and critical functions continue.
Assuming that nothing is found, the incident commander or leader still has one major task – clearing or terminating the threat.  At some point, the decision must be made that the threat was false and that the facility has been searched adequately to go back to normal.  That will be based in part on the information from the original call, law enforcement information and the search results.  The less specific the threat, a good search and no reported similar incidents combined will mean clearing the bomb threat sooner.  If it is more specific and credible, the process may take a little longer before feeling comfortable with a return to daily operations.
The proper response to bomb threats is well documented with many available resources.  One question is often left unasked.  How many would-be bombers actually call in a threat ahead of time?  In the case of the Times Square bomber, no call was made first and that is more consistent with a terrorist attack, domestic or foreign. 
So if there is no threat and no suspicious device found, then how can any organization protect itself?  The best defense in this case is a strong defense.  A good physical security program that limits access to unauthorized individuals works as a stopper to keep suspects out or at least the areas that they can reach to plant a bomb.  Terrorists usually reconnoiter a target first.  Video surveillance, security patrols, access control are some of the examples of steps that can deter or detect possible terrorist surveillance.  Staff awareness and training is perhaps the most critical element.  Alert employees may detect suspicious people in the area or be the first to notice something odd left behind.
               The key lesson is that the response to a bomb threat starts long before any incident.  Staff awareness and training is vital, as is having a response plan created ahead of time.  Being able to coordinate a search and work with local law enforcement will provide the information needed to make the right decisions.  And, of course, a continuity plan that keeps operations going during any type of crisis.

Eric Smith, CPP is the leading authority on organizational self-defense.  He spent more than a decade in law enforcement before moving into security management.  Eric has developed staff education and security awareness training programs.  As an avid writer and trainer, Eric has created a website and blog at http://www.businesskarate.com/.  The blog includes security tips and suggestions for business leaders and anyone interested in personal security.

Responding to Bomb Threats - Part One

               In the last few months, Colorado has seen several incidents involving bombs and threats at different businesses, including a hospital.  In April, Earl Moore taped two small propane canisters together and tried to ignite them with a small pipe bomb.  Fortunately, the device did not go off.  Moore is also suspected in calling in a bomb threat to a hospital in Longmont, Colorado.  The hospital locked down to keep visitors and others out while the facility was searched.
               This past weekend, another suspect, David Lawless, broke out a window at a Borders bookstore in Lakewood, Colorado and left at least two small explosive devices inside.  Police responded and the bomb team detonated the devices in the store, causing minimal damage.  Lawless had been previously arrested for setting off a homemade bomb outside a Denver strip club in 2005. 
               So far, the motives of these two suspects are unknown.  Perhaps they just liked the idea of setting off some type of explosion similar to a pyromaniac wanting to start a fire. 
               The reality is that any organization could receive a bomb threat or even a real explosive device at any time without warning.  It is not common, but it is also not unheard of.
               Many business managers or leaders have misconceptions about handling bomb threats or downplay the risk, thinking that they are not a target.  However, this mistake could be costly.  A business not prepared to deal with potential emergencies may not recover.  One study noted that 1/3 of businesses that faced an unexpected emergency causing them to shut down never opened back up.  Mishandling a bomb threat, especially a real one, could be devastating and result in avoidable injuries or fatalities to staff or customers. 
               The majority of bomb threats are false – about 98% according to some sources.  One might decide to ignore the threat.  However, that could be extremely risky if there is an actual bomb such as in the cases mentioned earlier.  Imagine how employees or customers would feel to find out that they were not warned about a possible threat.  The best option is to conduct a search whenever a threat is received. 
               Most companies will call the police upon receiving a threat and this is where one common misconception comes up.  Most people believe that once they call the police, the responding officer will tell them whether to evacuate or not.  In reality, most departments will not make that recommendation based on a threat alone, without some more credible or believable information that there is an actual bomb in the building.  The decision to evacuate or not has to be made by the leaders of the organization.  Automatically evacuating at every threat could be disruptive, especially if a disgruntled employee or even a competitor finds out that they could easily stop all work with a simple phone call threat. 
               The general rule of thumb is to evacuate if a suspicious device is found.  But before getting there, a search must be done and should be done with every threat.  Employees most familiar with an area should be the ones to conduct the searches.  They will most likely know what is out of place or what doesn’t belong.  “That’s Mary’s backpack.  She always leaves it there.” 
               Sounds pretty simple so far, right?  The trick comes after the threat comes in and a search is started.  Once people start looking for something “suspicious” they will find it.  How will the incident leader know what is really suspicious or dangerous?  Local police will respond and be able to help look at suspicious items to evaluate the risk.  Still it may be difficult to tell a real bomb apart from poorly wrapped package.  In the first case above, the bomb left in the shopping mall was two propane canisters taped together with a pipe leaking powder and several burned up matches lying nearby.  That should get anyone’s attention! 
               Once a potential bomb is discovered, law enforcement will almost certainly take charge of the scene and help coordinate an evacuation.  Bomb squads can help determine how large an area needs to be evacuated.  For most small bombs, like a pipe bomb, shrapnel is the greatest danger and can be harmful out to 100-300 feet.  However, inside a building, the walls, ceilings and floors may offer protection from shrapnel so the actual evacuation area may not have to be that large, but it is better to err on the safe side and evacuate more than necessary. 
               This is where evacuation plans and continuity plans become critical.  For some organizations, evacuation may not be that difficult.  For others, it is a major issue.  Think of the hospital that received the bomb threat in Longmont.  The suspect who called in the threat might have easily left a bomb anywhere in the building.  The evacuation could mean moving patients, including possible ICU patients, out of the area and maybe even out of the building, transporting them to another hospital.  The logistics and challenges are almost overwhelming. 
               Every organization should have a written plan requiring a search for all threats built on the understanding that it will be the employees doing the initial search in most cases.  Companies also need to develop a procedure to decide when to and how to evacuate and continue operations off-site. 

               Click here for more specifics and information on how to respond to bomb threats.