What would you do if tomorrow morning you opened your work laptop to see a ransomware request? “Oops: Want to get your files back? Here’s how to pay ”.
It’s a pretty terrifying prospect. At that point, IT and senior management rush to roll back previous versions through advanced cybersecurity – or if they can’t, they consider paying.
As for the rest of the employees in your company, their online training modules on how to prevent a cyber attack or create a secure password won’t help them here. With all the systems down, customers still need service. Business continuity cannot take another hit after COVID. And who will protect their jobs if the business loses money? The employees are in the dark, which means chaos is not far away.
Emergency Mass Notification System (EMNS)
37% of respondents indicate the implementation of an EMNS solution implemented in their organizations It sounds like any manager’s worst nightmare, although surprisingly little is done to avoid confusion and disruption in the event of an unexpected incident. According to the 2019 Gartner Safety and Risk Management Survey, only 37% of respondents say they have a comprehensive Emergency Mass Notification System (EMNS) solution in place in their organization. However, with the variety of challenges that all organizations face in 2020, the devastating fires, civil unrest and of course the pandemic, crisis managers have started to invest in solutions beyond the EMNS that will make them feel better. help plan, detect, respond and recover faster to any critical issue. event that a modern business may face.
Many are starting to think about how the right technology might help alleviate any further disruption when we all get back to the office, but – as the ransomware example proves – this kind of fast and secure crisis communication isn’t just for the post-COVID season. Disruption can happen anytime, in any organization, working in any location.
Critical event management (CEM)
Organizations should choose a critical event management (CEM) solution that perfectly matches their business needs. Crisis managers will want to consider the following four questions.
Four vital questions to identify the right CEM
- What keeps you awake? As a business owner, what can potentially disrupt your business operations or damage your company’s reputation? Although we may develop response and recovery measures to deal with the threat of natural disasters or other potential man-made threats (e.g. active shooter incidents, building fire emergencies, etc. ), there may be other potential risks that we may not have anticipated. In this case, the likely first response is to reach out to your most important stakeholders, provide assurance or instructions, and seek recognition from your stakeholders as part of your communications strategy. Being able to report on your team members will then allow you to better assess your next best response to a critical event, collectively.
- Who regulates you? Companies operating in specific industries may be subject to regulatory requirements. For example, organizations operating critical information infrastructures (CIIs) may be required to report cybersecurity incidents within a specified timeframe to ‘industry regulators’, with relevant details which should include the extent or progress of the containment. and resolution. The wait is not just limited to the speed of escalation and reporting to the regulator (s), but there is pressure within the organization’s IT or cybersecurity team to provide a situational picture. complete the incident while facilitating rapid resolution. Given the nature of such a threat, business leaders will be taking unnecessary risk by relying solely on email and SMS communications. Instead, a secure platform that can support the entire incident response lifecycle through a common operational picture through automated alerts and collaboration with relevant stakeholders would be a better option.
- Who are you responsible for? When a critical event has the potential to result in death (or any near-equivalent), companies owe a duty of care to their staff and other relevant stakeholders. This should not be confused with accounting only for those who operate in the physical premises, but anyone hired by the business should be accounted for (yes, remote workers and outsourced service providers should be included). Businesses that still rely on the manual call tree system will experience the excruciating pain of contacting staff one by one or will have to wait for the response from the “next identified level manager”. Instead, a communications platform that can quickly send alerts, record acknowledgments, and facilitate sharing of critical information with first responders can dramatically reduce response and recovery time.
- Does anyone need to know? When a critical event occurs (or is about to occur), does the management team or board members need to receive first-hand information? What about other key personnel and suppliers within the company? Relying only on emails and texts can be problematic, especially when critical events occur in the middle of the night or on a holiday weekend. If critical events require permission for certain responses to take place, surely it shouldn’t wait until the next morning. To mitigate this risk, a reliable and robust CEM platform capable of providing assurance and secure two-way communication should be considered to ensure rapid dissemination and response.
What is not negotiable in a CEM platform?
Should be able to manage last minute ‘live’ critical plan changes on an accessible and secure platform Whatever CEM solution crisis managers choose, it must be able to manage last-minute critical plan changes “live” on an accessible and secure platform. A disruptive event is always on the move and as such any technology must be able to quickly communicate the latest plans to management teams.
The platform must also allow rapid notification in the event of activation; provide a means of tracking accountability; facilitates the collection and management of critical information from operational and tactical response teams; and, above all, allow collaboration between all those who have an interest in the proper functioning of the company.
These tactics are nothing without a secure platform. If it can be hacked, the reliability of any information transferred through its network is in doubt. Each platform must have industry-recognized security standards and be resilient in the face of hacking attempts. Many now have a managed services team behind them, able to provide trusted assistance whenever an emergency strikes.
The chaos does not come from the source of business disruption, but from the panic reactions of the teams. With CEM platforms, calm can be reestablished among all stakeholders while a solution is found, greatly reducing the impact of the event on the day-to-day operations of the business.