Business Continuity Can't Rely On Twitter

When you need to tell the IT team how to respond in an emergency, you need something more powerful than Twitter. Exactly how much more do you need?

Curtis Franklin Jr., Senior Editor at Dark Reading

June 15, 2016

4 Min Read
<p align="left">(Image: ArtemSam/iStockphoto)</p>

9 Free Online Courses To Pump Up Your Big Data, Analytics Skills

9 Free Online Courses To Pump Up Your Big Data, Analytics Skills

9 Free Online Courses To Pump Up Your Big Data, Analytics Skills (Click image for larger view and slideshow.)

Disasters happen. Whether man-made or natural, on any given day something very bad happens to at least a few companies. The IT department will have business continuity plans for making sure information continues to be processed.

Communications with IT team members is also part of that plan. With all the options available for such communication, the question for IT managers is really about how best to get the message across.

It's important to make a distinction, here: We are not talking about how to communicate with the public or with every single employee in the organization in the event of a disaster. While each of those forms of communication are also crucial, such responsibility falls well outside IT's scope.

What we're focusing on here is how you're going to let IT know what is happening, how team members should respond, and how the IT function will continue to operate until the situation is resolved.

Why am I writing this? There are three reasons. First, I've managed IT professionals at more than one company. Next, I've taken (and passed) some of the training I'm going to talk about. Finally, the massacre in the Pulse nightclub in Orlando, Fla., in the early morning hours of June 12 got me thinking about how critical communication is in the first few hours of a crisis.

[Business Continuity isn't only for the enterprise. Read The Importance of a Personal Business Continuity Plan.]

The first and most critical point is that communication with the staff must be someone's job. If the staff is large enough, then it's possible it should be several jobs arranged as a hierarchy. How should that hierarchy be organized?

As it turns out, the good folks at the Federal Emergency Management Agency (FEMA) have spent a lot of time thinking about that very question, and have designed courses within the Emergency Management Institute to help individuals become qualified in a wide variety of subjects.

Many of the courses in the Independent Study portion of the EMI will be of no interest to you, but some could be very useful. The Introduction to Incident Command System, ICS-100 is the place to start, because it lays out the basics of organization and response during an emergency.

You might never work within a public ICS during an emergency, but the model used is very helpful when it comes to making sure that your organization is actively dealing with a crisis, rather than simply running around during one.

Essential concepts within the ICS are that the organization should know:

  • what is being communicated 

  • how it is being communicated

  • how to keep records of what was communicated (and on whose authority)

  • whether the communication was received by the intended party

Defining the process for all of that, along with choosing the individual (or individuals) responsible for making it happen, can go a long way toward minimizing miscommunication in an emergency.

Defining the channels for communication will also go a long way toward making things happen. In any modern emergency, we see messages flying back and forth across Twitter and Facebook. Neither is a reliable first-line communication medium for critical messages. Cellphone voice and text should be first up, followed by Slack, Twitter, Facebook, and other services acting as redundant media or channels for less critical messages.

Once your communication plan is finalized, you have to be willing to test it. Once or twice a year, pester your employees with test messages delivered through your established process and ask the employees to respond. You need to have an idea of who is actually receiving the messages and how long it takes for them to respond before you can begin depending on a particular channel.

There are a lot of steps in a business continuity process (and you can find courses on many of those steps in the EMI) but few of them will be effective if you can't communicate with your team. Check out the courses in the EMI and start making plans.

If any part of your current business continuity plan contains ideas expressed in terms of "I think it's Bob's/Marsha's/the system's job, but I'm not sure..." then it's past time for you to formalize communications and get a real process under way. The organization is depending on it.

About the Author(s)

Curtis Franklin Jr.

Senior Editor at Dark Reading

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and other conferences.

Previously he was editor of Light Reading's Security Now and executive editor, technology, at InformationWeek where he was also executive producer of InformationWeek's online radio and podcast episodes.

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has contributed to a number of technology-industry publications including Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most popular book, The Absolute Beginner's Guide to Podcasting, with co-author George Colombo, was published by Que Books. His most recent book, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, with co-author Brian Chee, was released in April 2010. His next book, Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, is scheduled for release in the Fall of 2018.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in amateur radio (KG4GWA), scuba diving, stand-up paddleboarding, and is a certified Florida Master Naturalist.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights