Imagine a scenario where your company’s digital infrastructure goes offline. Your servers are unreachable, the company website is offline, internal communication stops working and employees are locked out of offices because keycard security systems are down. Your entire company—literally everything it does—just stops. It’s a nightmare scenario, but if you’re prepared with a business continuity plan, it can be a short-term inconvenience instead of a company disaster. As we’ve seen just recently with the massive Facebook outage, these scenarios can happen to any organization.

Company-wide communication disruptions can be triggered from internal incidents, such as misconfigured servers or routers, cut cables and other hardware and software failures. They can also come from the outside in the form of natural disasters like wildfires, floods, hurricanes and earthquakes. And of course, there’s always the chance that disruptions are due to actual cyber attacks by hostile actors. Recognizing that both internal and external scenarios are possible is key in developing a backup communication and access plan before disaster strikes.

While a remote workforce means at least some of your staff will be out of harm’s way should an actual natural disaster strike the office, it doesn’t mean they won’t be impacted by your infrastructure downtime. Offline servers mean work-from-home employees can’t access hosted files, data and apps. If your communication infrastructure is down, too, they don’t have any way to stay on top of the incident status. Without a backup communication plan, on-site employees won’t have any idea how long they’ll be locked out of offices if the security system is also down, and off-site employees are simply in the dark.

Make a Business Continuity Plan for Disasters

A well-documented communication backup plan should be part of your company’s overall business continuity plan for disaster scenarios. If you use an in-house solution for intra-company communication, for example, employees need a fallback solution should the primary communication platform stop working. On-site employees also need a clear-cut plan should the security system fail, locking them out of rooms or even the entire building.

In both cases, your recovery plan needs to clearly list the processes for attempting to restore services, and the incident response tools to use. Be sure to define who is responsible for triggering the plan, too. For companies that need help creating a response plan, services are available to help out.

Documenting processes in detail is important because it’s unreasonable to expect employees to remember everything they need to do during what’s likely a high-stress situation. Providing team members with printed documentation is smart, too, because they won’t otherwise have access to the procedures if the files are stored on servers that are currently offline. In that way, physical or offline backups of your business continuity plans and procedures can be an essential part of cyber resilience.

Also, don’t make the mistake of assuming your response plan is etched in stone. Your plan needs to be reviewed and updated regularly to adapt to changing technology and to address evolving cybersecurity threats.

Develop a Backup Communication Plan

When your company’s communication system literally breaks down, it’s time to put your recovery plan into action. Establish a secondary internal communication system beforehand so everyone knows what to use when the primary system is down. Employees need to know when to switch to the fallback system, too. Relying on word of mouth from managers, however, shouldn’t be the primary way of relaying that information. It’s inefficient and slow, ensuring all on-site employees are notified is difficult, and employees working outside the office might be excluded from the communication chain.

For some companies, a simple time limit to move to the backup communication system is enough. A company that relies on an internal chat platform, for example, could set a 15-minute threshold for downtime. After hitting the time limit, everyone moves to the backup platform until they get an official order to return to the primary system. Documenting this time limit in your business continuity plan can help make needed transitions seamless.

If employees are issued company smartphones, pushing a message to everyone with an alert to switch to the backup communication platform is an option. That’s assuming, of course, cell service is working and the system to send messages en masse is operational. Regardless of the system used, the process for knowing when to move to the fallback communication system needs to be reliable since there’s a good chance many employees will be working remotely.

For companies where system downtime is newsworthy, a plan for handling media and other public-facing communication is necessary, too. Prepare general statements ahead of time, and make sure those are accessible outside of company servers so authorized employees can make public statements. If access to company servers isn’t possible, any prepared statements stored there won’t be available.

Plan for Physical Building Access

Employees locked out of their offices, or the entire building, when the security system goes offline is more than just an embarrassing news story. It’s also a big obstacle to getting the downed systems up and running again. If the team that needs hands-on access to servers and networking gear can’t get inside, they can’t work on fixing the issues that took communication and security offline.

Many companies use some sort of authentication system to manage building and room access. If that system is offline, designated key holders who can manually unlock doors need to be available and on-site as quickly as possible. They also need a process for verifying who gets in the building or offices to prevent potential security breaches.

Training and Practice Scenarios for Business Continuity Planning

Time is money, and that definitely applies to system downtime incidents. Each hour during an incident can cost a company thousands—or even millions—of dollars. Testing your incident response plan can show weak points and gaps in the procedures. It’s also much easier to address those problems outside of an actual incident situation.

Ongoing training is key, too. Team members responsible for managing an incident response should participate in practice events so they’re prepared when a crisis actually happens. Backup communication systems need to be tested regularly, too.

It’s also important for all employees to know what to do during a system failure. Company-wide training and detailed business continuity plan procedures make it much easier for everyone to know how to respond to the situation.

Preparing a recovery plan ahead of a communication or security system failure is critical for a fast and effective response. Training and practice scenarios are important for making sure everyone in the company knows what to do during an incident. That can save your company from hours or days of downtime and lost revenue.

More from Incident Response

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today