In the age of pervasive social media use, viral communications, and twenty-four hour online media, every business event of consequence is discussed or disseminated digitally in some way, and at rapid-fire pace. Business crises are no exception. Whether a business is contending with a "brick and mortar" crisis such as a food or product recall, the misappropriation of trade secrets, or an active assailant, or a more traditional digital crisis such as a data breach or online defamation or an imposter social media account, news of the crisis will likely break on a digital platform before the business teams are even aware of it. In short, now days, every crisis is a digital crisis.

For any modern business, it is not a matter of "if" but "when" a crisis will hit, and the best course of action is to prepare in advance, including addressing all manner of digital risks and consequences, and to stay the course of that preparation in the face of a crisis.

Here are 5 key steps businesses can take to prepare for an impending crisis:

1. Define your top crises. Every company has unique vulnerabilities and risks to consider. Key personnel should sit down on a regular basis and get clarity as to the top crises that could impact the business. This clarity is important not only to identify a crisis when it hits, but to keep a calm and level-head and avoid a knee-jerk reaction in the face of an event that does not qualify as a crisis.

2. Be proactive about vulnerabilities. Once you have defined your top crises, it is important to address the business vulnerabilities that could trigger those crises. For example, a highly IP-driven business should work with sophisticated counsel to ensure all intellectual property is properly protected. Companies that store sensitive data, like health data or other personally identifiable information, should routinely revisit digital security policies and procedures. Businesses that rely on heavy machinery or other hazardous tools or materials should stay apprised of safety regulations and revamp or heighten safety and security as needed. While it may not be sensible or feasible to plan for and prevent every possible crisis, plugging obvious gaps will go a long way to preventing avoidable crises.

3. Develop (or revisit) internal policies, procedures, and protocols. Many business crises originate internally, by disgruntled current or former employees or due to errors or bad acts on the part of key personnel, as examples. Developing (or revisiting) clear and effective employment policies, well crafted non-disclosure agreements and non-disparagement clauses, media and social media policies, and more (as well as training on these policies) will protect the company from some of these crisis. Relatedly, creating clear pathways for employees—as well as clients and consumers—to air grievances privately will go a long way to avoiding those grievances from being discussed or disseminated publicly, including on social media and other digital platforms.

4. Craft (and hold) strategic legal communications. A routine mistake that even sophisticated companies make in the face of a crisis is to stay silent, or not respond quickly enough. A practical way to address this is to work with counsel to craft various strategic legal communications for your top anticipated crises (see 1. above) that are held, but can be quickly tailored and issued without delay in the face of a crisis.

Examples of holding statements include a "core values" statement where a company's key core values are asserted, followed by a statement that the company regrets the news of a particular event, takes it extremely seriously, and is investigating. This type of statement reduces delay without committing the company to a substantive statement or course of action before a full and proper investigation has been conducted. Additional communications may include short statements that can be issued quickly on company social media accounts and on the website.

Other strategic legal communications include a website "dark page" that is prepared but published only if a crisis hits and a company response is warranted. The dark page might include hotline information and a dedicated email address, as well as the "core values" holding statement referenced above. With the help of counsel, apology and non-apology holding statements, cease and desist letters, Digital Millennium Copyright Act (DMCA) notices for copyright infringement, and more can also be prepared in advance and tweaked to accommodate the crisis as it arises. (In all instances, it is important to work with counsel to ensure that issuing a statement of any kind—even a pre-vetted statement—is appropriate, lawful, and warranted in light of the specific circumstances.)

5. Designate your team. Some of the major business crises of our time were met with legal and PR departments running around with their hair on fire. This frenzy and lack of preparedness can be addressed by designating a specific team in advance who will be called upon to respond to a crisis in real time as it arises. This includes social media monitoring, monitoring any dedicated hotline or email addresses, overseeing official media and social media responses, liaising with counsel, and more. The team should not only be designated but highly engaged and well trained, so there are no missteps in the face of a crisis that will make the crisis even worse.

* * *

When a crisis hits, there is no shortage of work to be done. Businesses that have anticipated a crisis, enacted a plan, and responded swiftly will be ahead of the game, and will come out of the crisis largely unscathed.

Desiree F. Moore is a litigation partner and a founding member of K&L Gates' Digital Crisis Planning & Response (DCPR) client solution. She counsels corporations, educational institutions, and high-profile individuals in proactively planning for and effectively managing digital crises of varying magnitudes, including data breach, online defamation, harassment, and impersonation, university and other education scandals, celebrity disgrace events, and leaked confidential and proprietary information.