Communication is key to managing any kind of crisis, and a cyber event is no exception. As in so many business cases, an automated emergency notification system (EMNS) can ensure that the right message is delivered to the right people at the right time. A notification system should not be seen as an afterthought, but an integral piece of any comprehensive cybersecurity program.
As you work through a cyber event, communication is happening rapidly, both internally and externally. As we’ve mentioned in the past, notification of every person touched by a cyber event is often legally mandated and can be very specific. When choosing an automated a system, look for one that allows you to fulfill your legal communication obligations and to track and report all messages and responses.
As well as all your internal communications, your communication to outside counsel, forensics, other security experts and law enforcement should be fully integrated. After the event some industry agencies or regulatory bodies (and likely your cyber-security insurance provider) may require copies of the post-incident report—a good system will have those reports at your fingertips for you.
These reports will also be invaluable when you look back after a cyber event and evaluate your actions. What did you do right, and what was lacking? Know your world; know the strengths and weaknesses of your program and your team, and know when to supplement externally. Make your cyber response program and clear communication around it part of daily life; the more comfortable your team is, the better they perform at time of need.
Want to learn more? Download your free guide, How to Develop an Effective Cyber-response Program, today