IT outages? Overcoming digital storms with critical crisis communication
Despite the best efforts of cyber security, the frequency and duration of major tech outages are increasing, including several high-profile internet outages over the last year, leaving businesses exposed. QA Cyber Security expert Richard Beck explains that many organisations are now overly reliant on large tech vendors, with the need to balance the costs of redundancy and preventative measures, with business risk and resilience appetite.
Richard suggests that “planning and simulation of a disaster allow for collaborative approach to crisis management, building muscle memory, and improving effectiveness when disaster inevitably strikes”.
How to minimise the risk of global IT outages
Richard highlights several factors that mark how prepared enterprises are for tech disasters outside of their control? These disaster recovery and crisis resilience skills that must be exercised are:
- Disaster recovery planning
- Redundancy and avoiding single points of failure
- Regular testing and 'auto' update impact assessment
- Human error mitigation
- Advanced monitoring and incident management
- Collaborative and contextualised simulations
- Crisis communications
“I'm a great believer in taking a collaborative approach to learning,” Richard says, “a tech outage that causes a crisis in your business provides a deeper understanding of the intricacies involved in crisis management. Especially when you need robust tried-and-tested communication strategies and techniques to effectively manage incidents.
“By using a common decision-making process, crisis teams can communicate more easily, achieve better outcomes, and reduce stress that leads to good decision-making.”
The four essential phases of managing a tech outage
1. Prepare
The preparation phase is key to developing a true capability to respond and to shore up weaknesses, which assesses the status of resources (people, processes, information, and technology) before an event and addresses them following an event.
2. Orchestrate
Don’t leave it to individuals and teams to coordinate a response from their own silos (i.e. Ops, IT, Legal, Compliance, PR, C-suite and Exec Comms). Work together to create shared objectives, tools, processes, data, and visualisation into the situation.
3. Respond
Carry out your response in two distinct phases: your initial response and your ongoing response. The initial response is when you identify a critical situation, but the information is not yet public. You must notify teams and keep them on high alert to monitor channels and follow plans.
The ongoing response is when the critical situation becomes public. Who you choose to speak on behalf of your organisation is one of the most important decisions. The right spokesperson should be a balance between their title, role, position and communication skills.
4. Follow-up
Conduct a systematic follow-up phase to all incidents, including post-mortem analysis, decisions, actions, and communications. This phase communicates the final word on:
- What happened, and why
- The impact it had on stakeholders
- What you did about it
- What you will do next about it
The bottom-line
For a well-orchestrated response, you must have:
- A shared approach
- A clear model that makes the problem measurable
- An understanding of where your capability gaps are
- An effective cycle of improvement to close them
- Drills to build true capability into ‘muscle memory’
It is not a question of if, but when you will face crises. There is no time like the present to put measures, like the critical communication capability framework, in place to improve your chances of performing well when you do.
Interested in learning more about protecting your business from cyber security disasters? We recommend Certified Lead Disaster Recovery Manager.