The worst case scenario happens – a cyberattack strikes and your organization isn’t fully prepared. After the immediate threat has been handled you can run a formal lessons learned assessment to address gaps. However, in the short term there is critical, time sensitive work to be performed. Here are some tips for managing internal communications so you can update and prepare your organization for what’s next.
1. Let Your IT Team Focus on the Threat
The IT team will be hustling to diagnose the root cause and technique of the cyberattack. They want to stop the spread. They may reach out to some external vendors to help resolve this as quickly and thoroughly as possible. Touch base with them to get a brief summary of how they would like the rest of the employee population to behave during this critical window. Identify a regular cadence where you can reach out to get the latest updates. This will help reassure everyone that situation is being managed effectively. If your IT organization has a dedicated communication person, liaise with them so you work efficiently and avoid unnecessary distractions.
2. Text, Don’t Email
While the IT organization is performing their analysis and working on restoring systems or data, you do not want your employees active in the system. This is true, even if you’re not sure if or how the attack is spreading. Being conservative now may help you minimize the exposure to your IT assets. You will need to look at alternative channels of communication outside the network under attack. Texting may be a great stop-gap option to share information with your team.
3. Create a Phone/Text Tree
If you do not have phone numbers readily available, delegate that detective work to a team member. Many of us nowadays swap phone numbers with our fellow colleagues as a matter of course. You may need to start an informal texting tree through word of mouth before a more officially sanctioned list can be created. Most texting apps allow you to copy and paste an entire message, so you can cascade the same message through multiple branches of your informal tree.
4. Use a Voicemail Mailbox
If your company maintains a voicemail box for broadcast messages, you can use this vehicle as well to share updates. If possible, follow the schedule that you set with your IT colleagues. This will allow people to proactively reach out to learn more.
5. Host Conference Calls
Once you are in a position to provide meaningful updates, you can set up periodic calls throughout the day in 4 hour or 8 hour intervals. Give employees the opportunity to ask questions, and have IT provide updates of the progress being made.
6. Reach Out to Your Partners
If you have trusted vendors, they may be able to provide some additional communication channels, like setting up web-based conferences for you. Don’t let system or network down time prevent your business from getting work accomplished. Consult with your vendors if they have more experience working through a cyberattack or other technical crisis. An NDA or similar documentation should govern these relationships, so you may be able to pull in additional support faster than you expect.
What are you suggestions for maintaining corporate communication in the midst of a crisis? Please post your comments below!