Bulletin / Je Suis Paris...

Je Suis Paris

Author: Charlie Maclean-Bristol

Charlie reflects on the ongoing incident in Paris and what actions business continuity managers should be taking in response to it.

On the Friday night of the incident, I had the TV on all night and watched with horror as the death count rose and the full extent of the attacks was slowly revealed. The ongoing incident, and the manhunt for those who carried out and supported the attacks, is still going on.

My first thoughts; why has this attack had such an effect on us in the UK when recently there has been the bombings of the march in Turkey, the attack on the beach in Tunisia and the bombing of the Russian plane out over Egypt. I think a terrorist attack has a much greater effect if you have been to the place where it occurred, and it could have happened to you. Most of us have been to Paris and have sat in the same cafes that were attacked, and know people who live in or regularly travel to Paris.

So how should we respond to the attacks and advise our organisations how to respond to the Paris attack? If we want to look in pure business continuity terms we should do nothing. If there is a marauding gunman attack of this type, it is unlikely to kill several members of your organisation. If one or two members of staff were killed or injured, is this any different in terms of response to a staff member dying of a heart attack or being killed in a car crash? We should have plans in place for loss of staff and dealing with the aftermath of a death, or serious injury to a member of staff.

In the USA they are much better prepared for the response to a marauding gunman, as unfortunately this is a fairly regular occurrence, either by a disgruntled employee or a campus gunman. Many schools now have regular drills for staff and pupils to practice dealing with an event similar to what happened at Sandy Hook. It is extremely rare in the UK to have random gun attacks on the members of the public, but I wonder in light of the Paris attacks whether we should do more on this?

We as business continuity managers often have the job of identifying new threats and suggesting to top management what, if any, additional actions we should take in response to them. I think personally it is perhaps time that we start in a low key way to better prepare our organisations, but more importantly, our staff to identify, respond and deal with the aftermath of a terrorist attack; whether it is a Paris style attack, bomb attack or a terrorist knife attack.

Some of the items I think you should consider carrying out are:

 1. Most large or sophisticated terrorist attacks are well planned and they include reconnaissance of probable targets. You should be training your security, facilities management and reception staff to recognise hostile reconnaissance so you may be able to prevent an event before it occurs.

 2. I have mentioned this many times in the bulletins; your human resources department should be prepared to deal with a death of a member, or members of staff. There are a huge number of issues associated with this from managing relations with the deceased person’s family, to the effect on colleagues and co workers. There should be a written plan in place for this, and it should be exercised.

 3. I think we should be having sessions with staff to recognise a possible terrorist attack, and how to respond if they are caught up in one. This could either be at work, outside of work or on holiday. This could be teaching government guidance which says you should run ,hide, tell. This does not need to be done in an alarmist way, and we need to stress the likelihood is low, but if it saves one person from being a victim of an attack, then it will be worth it. I think it is also worth informing staff of what suspicious behaviours to look for which could identify terrorist preparing for an attack. This could all be done as part of your staff awareness sessions. Details of government guidance can be found here.

 4. There are a number of government programs such as Exercise Griffin, which can help prepare your organisation for a terrorist attack. They are well worth doing and are run by the police for free. You may want to approach your local police force and look at the government website to see what resources, exercises, guidance, and training are available on recognising, and responding to terrorist attacks.

 5. Lastly you should look again at your bomb threat and suspicious package procedure. Almost all of the bomb threat plans I have seen, both in the UK and beyond,  are geared up to an IRA type bombing campaign where they gave a warning and didn’t want to kill people, but disrupt normal life.  Recent terrorist attacks don’t give warnings and are designed to kill as many people as possible; this requires a different type of response.

Terrorists want us to be scared, not go about our daily life as before, and want to cause as much chaos as possible. We don’t want to add to their narrative by further scaring people, but some low key preparation of our staff and organisation can go a long way to increasing people’s confidence and making them feel they are equipped with the skills to respond to an attack.

You might be interested in the following stories

Terrorist Attacks – What a BCM should do

You may be interested in the following course

BCI Designing and Delivering Effective Exercises course

Sign-up to our weekly bulletin

Twitter feed

Bulletin
What lessons can we learn from Marriott’s response to their Cyber Breach?

This week Charlie discusses the Marriott hotel hack and how you can prepare your organisation for a potential data breach.

7 December 2018

“Charlie was a very engaging presenter and covered the topic in general well.”

Lyndon Tomkins
UCAS
View further testimonials