Business Continuity Can't Rely On Twitter - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Security & Risk Strategy
Commentary
6/15/2016
09:06 AM
50%
50%

Business Continuity Can't Rely On Twitter

When you need to tell the IT team how to respond in an emergency, you need something more powerful than Twitter. Exactly how much more do you need?

9 Free Online Courses To Pump Up Your Big Data, Analytics Skills
9 Free Online Courses To Pump Up Your Big Data, Analytics Skills
(Click image for larger view and slideshow.)

Disasters happen. Whether man-made or natural, on any given day something very bad happens to at least a few companies. The IT department will have business continuity plans for making sure information continues to be processed.

Communications with IT team members is also part of that plan. With all the options available for such communication, the question for IT managers is really about how best to get the message across.

It's important to make a distinction, here: We are not talking about how to communicate with the public or with every single employee in the organization in the event of a disaster. While each of those forms of communication are also crucial, such responsibility falls well outside IT's scope.

What we're focusing on here is how you're going to let IT know what is happening, how team members should respond, and how the IT function will continue to operate until the situation is resolved.

Why am I writing this? There are three reasons. First, I've managed IT professionals at more than one company. Next, I've taken (and passed) some of the training I'm going to talk about. Finally, the massacre in the Pulse nightclub in Orlando, Fla., in the early morning hours of June 12 got me thinking about how critical communication is in the first few hours of a crisis.

[Business Continuity isn't only for the enterprise. Read The Importance of a Personal Business Continuity Plan.]

The first and most critical point is that communication with the staff must be someone's job. If the staff is large enough, then it's possible it should be several jobs arranged as a hierarchy. How should that hierarchy be organized?

As it turns out, the good folks at the Federal Emergency Management Agency (FEMA) have spent a lot of time thinking about that very question, and have designed courses within the Emergency Management Institute to help individuals become qualified in a wide variety of subjects.

Many of the courses in the Independent Study portion of the EMI will be of no interest to you, but some could be very useful. The Introduction to Incident Command System, ICS-100 is the place to start, because it lays out the basics of organization and response during an emergency.

You might never work within a public ICS during an emergency, but the model used is very helpful when it comes to making sure that your organization is actively dealing with a crisis, rather than simply running around during one.

(Image: ArtemSam/iStockphoto)

(Image: ArtemSam/iStockphoto)

Essential concepts within the ICS are that the organization should know:

  • what is being communicated 
  • how it is being communicated
  • how to keep records of what was communicated (and on whose authority)
  • whether the communication was received by the intended party

Defining the process for all of that, along with choosing the individual (or individuals) responsible for making it happen, can go a long way toward minimizing miscommunication in an emergency.

Defining the channels for communication will also go a long way toward making things happen. In any modern emergency, we see messages flying back and forth across Twitter and Facebook. Neither is a reliable first-line communication medium for critical messages. Cellphone voice and text should be first up, followed by Slack, Twitter, Facebook, and other services acting as redundant media or channels for less critical messages.

Once your communication plan is finalized, you have to be willing to test it. Once or twice a year, pester your employees with test messages delivered through your established process and ask the employees to respond. You need to have an idea of who is actually receiving the messages and how long it takes for them to respond before you can begin depending on a particular channel.

There are a lot of steps in a business continuity process (and you can find courses on many of those steps in the EMI) but few of them will be effective if you can't communicate with your team. Check out the courses in the EMI and start making plans.

If any part of your current business continuity plan contains ideas expressed in terms of "I think it's Bob's/Marsha's/the system's job, but I'm not sure..." then it's past time for you to formalize communications and get a real process under way. The organization is depending on it.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Michelle
50%
50%
Michelle,
User Rank: Ninja
6/16/2016 | 1:28:02 PM
Re: Very Important Planning
@vnewman I wonder how many people already use Twitter as an unofficial/official means of communication like this. A full-scale emergency might pull Twitter offline for a time. I can't imagine the impact all that traffic would have on Twitter's resources.
jastroff
50%
50%
jastroff,
User Rank: Ninja
6/15/2016 | 7:58:43 PM
Re: Very Important Planning
Very few systems, even well engineered VPNs, are able to withstand a crush of users, but it would appear public networks are the worst at it -- not their purpose. 

Ever try to get a plain old land-line dial tone in an emergency? Not a new problem. But still, we can do better
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
6/15/2016 | 5:41:49 PM
Re: Very Important Planning
I couldn't even get onto Twitter when Prince died.  I'd hate to see what would happen in a full-scale emergency.  But people have gotten so reliant on social media, it wouldn't surprise me if people made it part of their official DRP.
jastroff
50%
50%
jastroff,
User Rank: Ninja
6/15/2016 | 9:50:17 AM
Very Important Planning
@curtis – Excellent advice and observations. Should be read by all in SMBs and large enterprises.

Post 9/11, many firms near Ground Zero put these kinds of plans into practice.

Not just relying on Twitter, etc. is pretty important. So is:

Defining the process  and the key individuals

Defining the channels for communication

Testing the communications plan.

Question:

Who do you recommend take the lead in getting this done and ongoing responsibility? A CTO?  The owner of an SMB?
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll