Monday, Oct. 08, 2001
Girding Against New Risks
By Daren Fonda With Reporting by Cathy Booth Thomas/Dallas, Michele Orecklin and Desa Philadelphia/New York, and Jason Tedjasukmana/Jakarta
After the first terror attacks of Sept. 11--and shortly before tons of debris buried its offices--the New York Board of Trade, a commodities-futures and options exchange, safely evacuated all 260 of its employees from 4 World Trade Center. Mark Fichtel, the exchange's CEO, says, "We were incredibly lucky." But it wasn't luck that six days later traders were back at work bidding on coffee, cocoa and orange juice futures at a makeshift facility just across the East River in Queens. That quick relocation was the fruit of a detailed contingency plan put in place nearly seven years ago and constantly refined, at a cost of more than $300,000 a year.
It was the 1993 bombing of the World Trade Center that spurred the Board of Trade and many other firms in and around the Twin Towers to better protect their employees and their data, and to provide for a quick resumption of business in the event of a crisis. And since last month's terror attacks on the Trade Center and the Pentagon, executives around the U.S. and the world have been taking action to reduce the risks to their employees and their businesses. Evacuation plans are being scrutinized, and corporate security consultants are being inundated with requests for "crisis-management" reviews.
The stakes are high for both lives and property. According to Gartner Research, based in Boston, 40% of businesses that are hit by disasters such as earthquakes and fires close within two years. "Companies that can't get up and running within 10 days aren't likely to survive," says Colin Rankine of the Giga Information Group, an IT advisory firm in Cambridge, Mass. Here are some of the measures firms are adopting to improve their odds.
--Develop a Smart Evacuation Plan
For Morgan Stanley Dean Witter--the World Trade Center's largest tenant, with 3,700 employees--sticking with its evacuation plan was critical to saving lives. Although someone on the south tower's public-address system informed workers that it was safe to return to their offices, Morgan's security officers kept them moving down dozens of flights of stairs. The result: all but six employees escaped. "Everybody knew about the contingency plan," said a Morgan spokesman. "We met constantly to talk about it."
Luck, of course, played a massive role: 700 employees of Cantor Fitzgerald, which occupied floors above Morgan's, had no way of getting out. But many of Wall Street's brokerage houses and other firms were able to evacuate the bulk of their workers because of oft-repeated drills. Employees of the Japanese firm Mizuho had emergency kits with burn cream, "smoke hoods" and glow sticks strapped to the backs of their chairs.
Despite the nationwide run on gas masks, security experts say it's not practical for corporations to stockpile them. "Most masks are good for one thing--say, a certain chemical or biological agent, and there's a shelf life to the canisters. They won't last indefinitely," says Dave Maples, a security consultant with Investigative Group International in Atlanta. But one employee-benefits-management company outside Atlanta may have the right idea: since the attacks, it has purchased house painters' masks for all employees to filter out dust and soot. "That's practical," says Maples.
--Back Up Your Bits and Bytes
Data are gold to the financial community, and Wall Street protected them like the bullion at Fort Knox. Brokerages, banks and other finance companies are required by law to back up securities transaction data, and in the last decade those organizations became some of the most sophisticated buyers of IT storage services, contracting with companies such as EMC and Hitachi for the latest devices, and archiving their digital records in remote, bunker-like facilities operated by companies like Iron Mountain, based in Boston. Account records and trading transactions are typically backed up in real time.
Harder hit by the attacks were law firms and insurance companies--paper-intensive businesses whose critical documents scattered like confetti. "We lost bound volumes, transaction documents, correspondence files," says Jack Williams, a managing partner at the law firm Thacher, Proffitt & Wood, which lost its offices on floors 38 to 40 at 2 World Trade Center. New scanning technology could mitigate those losses in the future: the latest optical-character-reading scanners, produced by Hewlett-Packard and Canon, can create digital archives of documents, enabling them to be accessed as CD-ROMs. "We've purchased additional scanners since the attacks, and we'll probably use more of them," says Williams.
--Have an Alternate Office Ready
After the 1993 World Trade Center bombing (which killed six people), the New York Board of Trade decided to lease office space in Long Island City, Queens, from a company based in Rosemont, Ill., called Comdisco, which specializes in helping companies recover from disasters and prepare for them. N.Y.B.O.T. spent $300,000 a year to keep the space stocked with computers, phones and plenty of back-office servers, switches and IT gear. Two trading pits were ready to go.
"We'd been running tests at this site for six years," says exchange vice president Pat Gambaro. The exchange is paying Comdisco $5,000 a day, anticipating a two- to four-month stay before it can find a new permanent home. The alternative? "If we didn't have a backup site, another exchange would have taken over our trading," says Gambaro. "We'd be out of business." The exchange's temporary digs--surrounded by auto-body shops, garment factories and an elevated train--are a far cry from Wall Street. But trader Chris O'Neill, 33, is glad to be working, and says of his management: "They were well prepared for this disaster."
For temporary work spaces, non-U.S. firms such as Germany's Dresdner Bank and Royal Bank of Canada also contracted with Comdisco, cramming employees into its Queens facility, which had been outfitted with computers and IT support. Lehman Bros. moved hundreds of workers to its office in Jersey City, N.J., and rented 665 rooms at a Sheraton Manhattan hotel for 1,500 bankers and analysts, carting in fax machines, computers, copiers and desks.
American Express Bank, which lost none of its 350 employees despite the destruction of its offices at 7 World Trade Center, relocated to three underground bunkers across the Hudson River in Weehawken, N.J. Plastic was peeled off standby PCs. Backup computer tapes were sent in by messenger. Plans were in place to reroute communications from international banking networks, but by the time the system was up, operators were hours behind. "You cater to the worst scenario, but this was worse than we had planned for," says Norman Gilchrist, head of global operations. Yet within 12 hours of the attacks, the bank--assisted by its Plano, Texas-based computer service provider EDS--had processed 19,000 transactions worth $14.3 billion, or nearly 70% of its backlog.
--Lower Your Profile
In the last few years, corporate chiefs such as Microsoft's Bill Gates and IBM's Lou Gerstner became global celebrities--boosting brand awareness through frequent public appearances. Is the age of the celebrity CEO over? "Their risk profile just went up exponentially," says Jules Kroll, head of the security firm Kroll Associates. But most identifiable CEOs are already well protected, he says. It's other executives who aren't. "Some of the wealthiest people in the corporate world shun security," says Kroll. "They could use more."
To avoid disruptions resulting from frequent evacuation drills, some firms are questioning the appeal of trophy buildings like Chicago's Sears Tower, which was cleared during the attacks and for a few hours on a day the following week on the rumor of another hijacked plane. Many Wall Street firms, in fact, recovered quickly because their work forces were dispersed. While Morgan Stanley's retail brokerage business occupied the World Trade Center, its headquarters are in midtown Manhattan, and a trust-services division is based in Jersey City, N.J. "Companies should be in low-profile locations for many good business reasons, not just for security," says retired Admiral William Crowe, former Chairman of the Joint Chiefs of Staff, and now an adviser to GlobalOptions, a corporate security firm in Washington. "We recommend that clients decentralize if it's practical." Firms with well-known American brands are also being advised to lower their profiles abroad. Philip Morris says it may soon remove its brand names (such as Marlboro and L&M) from delivery vans and sales uniforms in Indonesia.
--Check Employee Backgrounds
Almost all U.S. companies conduct some form of background checks on prospective employees. But according to the International Personnel Management Association, only 37% of employers examine criminal records, and only 21% inspect motor-vehicle records. That's about to change, say security consultants. Some countries--though not the U.S.--now offer multinational companies access to their government "intelligence indexes," which include lists of people suspected of terrorist activities, money laundering and other illegal acts. When companies are hiring foreign nationals, an index check "can provide extra safety," says William Daly, a senior vice president with Control Risks Group, a corporate intelligence firm based in London.
--Study Your Insurance Policy's Fine Print
Nearly all American companies carry property-casualty coverage and life insurance for workers, and some insure against the loss of the CEO or other key employees. Most policies also contain some form of "business interruption" coverage in the event of a natural or man-made disaster. But the coverage may not be adequate to keep your business afloat. "It's worth making sure that your business interruption benefit pays the actual cost of lost profit rather than just overhead," says Robert Rudy of InsuranceNoodle.com a consumer advisory website.
Corporate risk managers are also being advised to bolster existing coverage with new "violent acts" insurance. The coverage is designed to provide benefits not only to employees but to anyone who is on company property--say, a visiting executive--during an attack. Boston-based Lexington Insurance, a division of AIG, began offering the coverage last year and anticipates a flood of calls from risk managers. "It's a product that's been escalating [in popularity]," says Paul Cunningham, vice president of Lexington's casualty division.
--Reconsider Air Travel
On Oct. 2, when Wal-Mart holds its annual analysts' meeting, there won't be a fancy tour of the Bentonville, Ark., headquarters. This year the meeting will be a webcast, as the world's largest retailer decided it would be "more accommodating" to analysts, given the security problems associated with air travel. Says Thacher, Proffitt's Williams, whose firm does a substantial amount of international work: "Our people won't be hopping on planes as easily as before."
More firms will be using audio- and videoconferencing. Global banks and airlines, in particular, have requested that massive 100-line telephone "ports" remain open 24 hours so they can communicate with far-flung managers. One airline has asked the Baby Bell SBC for a conference call with 500 dedicated lines open 24/7. ACT Teleconferencing, based in Golden, Colo., saw its stock rocket 45% on the first day that trading resumed after the Sept. 11 attacks. The stock of a larger competitor, Polycom, rose 30%. Since then, "We've seen a 20% increase in sales volume, and demand has come not just from the United States," says Jerry Van Eeckhout, CEO of ACT. "Some U.S. investment banks have shifted their telecommunications activities to their European outlets." During the Gulf War, he says, the industry experienced robust growth as executives postponed trips of marginal business value. He is now predicting another surge.
When executives do fly in the coming months, many more will be taking a corporate jet. "Whatever movement there's been to corporate jets," says Jules Kroll, "you'll see an increase, as people question the safety of commercial air travel." Traveling by private jet is thought to be safer than flying commercially. No chartered business jet has ever been hijacked. "The whole process involves known quantities," says Cassandra Bosco, a spokeswoman for the National Business Aviation Association in Washington. "You know who the pilot is, who passengers are, who maintains the aircraft."
To assuage executives' fears, some aviation companies are now trying to tighten the lax security that has prevailed at many large commercial airports and terminals. Petersen Aviation, which charters jets out of Van Nuys Airport in California, says that before last month's attacks, flyers could drive to within 6 ft. of the plane and board with their luggage without going through a security check. After Sept. 11, a double-gate security system was installed, and passenger access will be more heavily restricted. It's not a big change. But as companies are learning, every little shift in the odds can help.
--With reporting by Cathy Booth Thomas/Dallas, Michele Orecklin and Desa Philadelphia/New York, and Jason Tedjasukmana/Jakarta