Communicating when a crisis hits and your network goes down…

Have a plan, train your staff, communicate often and communicate securely.

This article was first published in Computing magazine.

When you know a crisis is unfolding, effective communication is key. It is vital everyone has a firm understanding about the lines of communication to use when their day-to-day tools are down or deemed insecure. Everyone at the company needs regular updates as to why there is a crisis and what is being done, which can only be done through a secure backup solution.

Surprisingly, most companies are still struggling to implement effective crisis recovery strategies, despite the plethora of cyber-attacks that dominate the headlines. According to a study conducted by ODM Group, only 54% of companies have a developed crisis plan in place, despite the fact that 79% of business decision makers believe a crisis is impending within the next 12 months.

Despite this clear awareness of the risk, it seems many companies are not taking appropriate steps to create and deploy crisis plans, and the necessary communications tools that go with them, which is creating a huge potential risk.

Take 2017’s NotPetya ransomware attack as an example. Shipping giant Maersk found itself unable to communicate as a result of the attack:

• The company was offline for ten days
• 4,000 servers, 45,000 PCs and 2,500 applications required a full reinstall to get the organisation back up-and-running
• App. $275m in lost revenue

With the appropriate emergency tools deployed, Maersk would have found itself able to communicate clearly and resolve the issue much quicker.

Clearly businesses are putting their reputation and revenues on the line if they fail to address internal communication during crisis. Fortunately, there are ways companies can ensure their organisations are protected and secure when crisis strikes.

Have a plan!

You need to act fast when a crisis hits, having a plan for such situations is the only way to avoid panic and rash decisions that may further threaten successful resolution of the issue.

The problem is that companies don’t realise there’s an issue until a crisis erupts. A recent global study by IBM showed that 77% of respondents admit they do not have a formal cyber security incident response plan (CSIRP). Surprisingly, despite awareness of cyber-attacks increasing worldwide, 57% of companies say that the time to resolve an incident has increased.

Underpinning this is a clear lack of coherent internal processes/procedures, which if done properly can foster greater levels of inter-company collaboration, resulting in better outcomes following an attack.

Creating a plan of action, or even better, implementing secure solutions for your employees to communicate without the possibility of such communication being infiltrated, would not only put a business’s workforce at ease, but their clients and business interests.

Give your workforce the low-down

Another factor that’s bottlenecking organisations’ in effective crisis comms is employee awareness, as although business leaders may be aware, those further down the chain of command are not. According to Refresh Leadership, only 33% of companies surveyed as part of a poll are as prepared as possible for an impending crisis occurring, meaning a further 67% are left vulnerable to the severe repercussions of an attack. Of these organisations, an alarming 32% admitted to having no crisis management strategy in place, 20% said that they only have general guidelines for employee best practice during a crisis, and 11% stated that they were unsure whether they had any management strategies in place.

If employees are not sufficiently aware of a company’s crisis management procedures, they won’t act on them, meaning that the time that a company has taken to implement such processes becomes null-and-void. Likewise, in an era where businesses lose millions over the course of years following an event, it isn’t as simple as creating guidelines or best practice leaflets when it comes to preparing for critical events.

Preparedness comes down to smart selection of solutions when it comes to crisis communications and collaboration within a business — end-to-end encryption is an absolute must. Informing staff about how your particular business may be affected by cybercrime is also essential, and it is crucial that these solutions are implemented in a manner whereby every employee within the organisation is aware and understands their importance.

Ensuring business continuity through crisis communications

Businesses will continue to face a huge challenge going forward when it comes to crisis communications. Fresh ways of attacking organisations are being deployed against institutions of all kinds on a regular basis, like automated cyber-attacks by off-the-shelf tools.

These new tools utilised by malicious actors will require CEOs and CIOs to be even more vigilant when it comes to crisis management and collaboration. There is a vital need for companies to plan for the inevitable cyber-attack. Businesses need to ensure that they have systems in place to communicate securely, no matter what crisis they face. It is vital for companies to guarantee that no matter the severity there are tools in place that can keep the business running during a crisis.

Morten Brøgger, CEO, Wire

Wire Red guarantees business communication continuity and fast recovery when your network is compromised or unavailable.