Information Crisis: Are You Really Ready?
Pictured from left to right: Jay Gordon, AV Manager; Scott Reinert, Senior IT Engineer; Gaby Batshoun, GBS President and Founder; Darrin Riley, Senior IT Engineer; Chad Howe, IT Director; Chris VanDyke, Cloud Services Manager; and Alex Perkins, Marketing Director
Photo by Jon Keeling
Most information crises arise from a natural disaster or a cyberattack, but in today’s hyper-connected world, a crisis can strike from anywhere and when you least expect it. We all know malware can infect a network, but something as seemingly benign as a social media post can be the start of a systemic “disease” process that quickly spreads across an organization’s entire infrastructure.
“We know it can happen because we’ve seen it happen, and we’ve been on the frontlines helping organizations that aren’t prepared for a crisis manage their way out,” says Gaby Batshoun, president and founder of Global Business Solutions (GBS).
The risks and hard dollar costs from an information crisis can be stingingly real – especially for small/mid-sized firms. In fact, 95 percent of SMBs that are compromised and have a significant data breach are out of business within six months because of FBI fines and fees. According to a 2018 IBM study titled Cost of a Data Breach: Global Overview, the average cost per lost or stolen record is $148.
“The general public hears about companies like Target and Equifax paying multi-millions in fines. These fines are directly attributable to the number of records the FBI uncovers as stolen,” says Michael Pearson, WatchGuard Technologies, a Seattle, Washington-based network security vendor.
With decades of infrastructure security experience, GBS knows what it takes to be fully prepared. Since 1995, the Newport-based IT and technology company has been giving companies a fighting chance to not only recover from information crises but thrive afterward.
According to Batshoun, there is little doubt that a company’s information infrastructure provides the vital arteries that keep its operations up and running effectively, yet a crisis that impacts that infrastructure is something that few companies are truly prepared for.
Ask yourself – has your organization taken the necessary steps to be prepared in the event of an information crisis? When a crisis occurs – no matter its source or extent – your first priority always is to re-establish security and return to full operation as quickly as possible. But what are the necessary specific procedures that must be carried out to ensure that happens? How many of your people know precisely what to do in a crisis? Is there a list outlining each person’s responsibility? How will staff communicate with each other if your communication system is down?
You must have a strategic crisis management plan.
“To fight off a crisis takes a passion for being prepared, immediate concerted efforts and intense focus to resume normal operations as soon as possible. And most organizations need help in getting there,” Batshoun says.
“Our approach starts with creating a rock-solid plan for information management. The plan has multiple pillars, but two are the most critical – develop and document a comprehensive process to follow, and assign and train a Crisis Response Team.”
Process Development & Documentation
According to Batshoun, documented processes and the specific steps to be taken by each functional department allows the Crisis Response Team members the ability to follow a precise plan of action. “This plan can be used as a basis for training and pre-crisis preparation. The beauty of it is, it provides a ‘script’ for actions that must be taken – particularly in a crisis that jeopardizes a company’s ability to fully control its data and communicate internally and externally. Furthermore, a documented crisis process gives the crisis response team the time and perspective needed to act and communicate more thoughtfully.”
Best Security Practices
Crisis plan documentation should consist of written documentation according to individual Response Team function and must be readily accessible to all crisis team members, Batshoun emphasizes. It should also include the following steps:
• Secure the physical safety of all individuals.
• Secure personal, confidential employee and client information.
• Ensure the physical security and safety of buildings and surrounding premises.
• Secure the information infrastructure: firewall policies, server and data backup policies, email policies, and telecommunication system.
• Password management – document and share, only as appropriate, the passwords to business-critical software, cloud-based applications and protected spreadsheets, etc.
• Establish and document rules governing email utilization to co-workers and external contacts during a crisis.
Form & Mobilize the Crisis Response Team
A Crisis Response Team should include a comprehensive set of internal teams and key external partners, all grouped by skill and expertise. For example:
A. Senior Management
A core group of senior managers should serve as the communication and final decision-making hub for your organization.
B. Legal Team
Because most crises have legal implications, Batshoun always recommends that a company have legal counsel representation during the crisis lifecycle. If the crisis is the result of a virus or malware attack, legal counsel should be involved from the start.
All outwardly-focused communication groups must be completely plugged in and know when and how to respond, Batshoun emphasizes. “We have found that when a company’s communication system is completely down, chaos quickly escalates. But when a team of company communicators are prepared for a myriad of possible crises, the outward communications are more seamless, timely and valuable.” Although GBS’ core expertise is IT and infrastructure, Batshoun notes, he and his staff have gleaned key lessons on how teams work together to manage through it all.
The Crisis Response Team, he points out, is typically responsible for logging into and managing all social media channels, as well as communication with Google to thwart malicious online activities. “We have seen that the anatomy of an information attack can go as far as to alter the results of Google’s algorithm,” he says. “We’ve seen that through targeted acts, the words Google displays to describe a company can change based on the online and social media conversation. In one case, GBS engineers contacted Google and worked with them directly to remediate the damage.”
D. Technical/IT Team
In the event of an information crisis, it is imperative that the technical team be fully engaged, highly trained and experienced. This team acts as the company’s “nerve center,” ensuring the organization’s information resources are secure. Its actions and findings are among the most critical.
“We’ve seen firsthand that a true information crisis directly impacts all components of a company’s infrastructure,” Batshoun says. “The core network components and all systems that make up the network, the email system, the phone system – even the company’s website and social media sites – are directly impacted.”
Today, companies of all sizes must have a documented, strategically detailed plan in place for when – not if – a crisis occurs, Batshoun concludes. “This is the world we live in, the reality we live in.”
Most IT departments are over-tasked and don’t have the experience to deal with a true information crisis. That’s why partnering with an IT solutions provider with crisis management experience and deep knowledge across all technologies is so important. One of GBS’ greatest strengths is working with small- and mid-sized companies, and the IT solutions company leads the pack in optimizing a suite of business-specific technologies for Greater Cincinnati businesses.
Global Business Solutions (GBS) is located at 916 Monmouth St., Newport, KY. For more information, call 859.491.5900 or visit www.gbs-inc.com