In her fourth installment of “Cybersecurity Law” for CSO, Tara Swaminatha focuses on communications planning as part of an incident response plan (IR).
Many companies are now rightfully revisiting their IR protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan is just one piece of a larger, more complex cybersecurity program, it is nevertheless a critical component and one that many regulators are closely scrutinizing. One key but often-overlooked component of an IR plan is a backup communication method. If attackers completely disable a corporate email server or are even simply monitoring those emails, alternate forms of communication become crucial for managing the incident, attempting to keep the business functioning and minimizing the productivity lost as a result. In a digital age when digital communication is so vital to the basic operations of a company, incorporating an alternative communications strategy that takes into account business, legal and regulatory requirements should be a priority.
The full article may be read here.