Effective communications are key to surviving a crisis
Collaborate securely, or don't collaborate at all
When you know that your business is under attack, effective communications are key. It is vital that everyone has a firm understanding about what lines of communication to use when their day-to-day tools are down or deemed insecure. Everyone at the company needs regular updates as to why there is a crisis and what is being done, which can only be done through a secure solution.
Surprisingly, most companies are still struggling to implement effective crisis strategies, despite the plethora of cyber-attacks that dominate the headlines. According to a study by ODM Group, only 54 per cent of firms have a developed crisis plan in place, despite the fact that eight out of 10 business decision-makers believe a crisis will affect them within the next 12 months. Despite this clear awareness of the risk, it seems few companies are taking appropriate steps to create and deploy crisis plans, and the necessary communications tools that go with them.
Take 2017's NotPetya ransomware attack. When shipping giant Maersk found itself unable to communicate as a result of a NotPetya network breach, it lost $275 million. It was also offline for 10 days, with a full infrastructure reinstall - 4,000 new servers, 45,000 new PCs and 2,500 applications - required to get the organisation back up-and-running. With the appropriate emergency tools deployed, Maersk would have been able to communicate clearly and resolve the issue much more quickly.
Clearly, businesses are laying their life on the line if they fail to address how they communicate internally. Yet, there are ways companies can ensure their organisations are protected and secure when a crisis strikes.
Have a plan!
It is important for companies to plan for crisis. When one hits, you need to act fast, but avoid acting rashly or in a manner that will compromise your success - especially when it threatens your survival.
The problem is that companies often don't realise there's an issue until a crisis occurs. A recent global study by IBM showed that 77 per cent of respondents admit they do not have a formal cyber security incident response plan (CSIRP). Surprisingly, despite awareness of cyber-attacks increasing worldwide, 57 per cent of companies say that the time needed to resolve an incident has increased.
Underpinning this is a clear lack of coherent internal processes/procedures, which if done properly can foster greater levels of inter-company collaboration, resulting in better outcomes following an attack.
Creating a plan of action - or even better, implementing secure solutions for employees to communicate without the possibility of such communication being infiltrated - would not only put a business's workforce at ease, but its clients and business interests.
Give your workforce the low-down
Another factor bottlenecking organisations in effective crisis comms is employee awareness; although business leaders may be aware of an attack, those further down the chain of command are probably not. According to Refresh Leadership, only a third of companies are as prepared as possible for an impending crisis occurring. Of the remaining two-thirds, an alarming 32 per cent admitted to having no crisis management strategy in place; 20 per cent said that they only have general guidelines for employee best practice during a crisis; and 11 per cent were unsure whether they had any management strategies in place.
If employees are not sufficiently aware of a company's crisis management procedures, they won't act on them, meaning that the time that a company has taken to implement such processes becomes null and void. Likewise, in an era where businesses can lose millions in the years following an event, it isn't as simple as creating guidelines or best practice leaflets when it comes to preparing for critical events.
Preparedness comes down to smart selection of solutions when it comes to crisis communications and collaboration within a business; end-to-end encryption is an absolute must. Informing staff about how your particular business may be affected by cybercrime is also essential, and it is crucial that these solutions are implemented in a manner whereby every employee is aware and understands their importance.
Ensuring business continuity
Businesses will continue to face a huge challenge going forward when it comes to crisis communications. Fresh forms of attack are being deployed against institutions on a regular basis.
These new tools utilised by malicious actors will require CEOs and CIOs to be even more vigilant when it comes to crisis management and collaboration. Businesses must ensure that they have systems in place to communicate securely, no matter what crisis they face. It is vital for companies to guarantee that no matter the severity, there are tools in place that can keep the business running during a crisis.
Morten Brøgger is CEO of Wire