Email, collaboration tool, chat app, telephone: digital infrastructures in companies are becoming increasingly complex. Furthermore, the fact that the number of cyberattacks continues to grow makes having a reliable out-of-band communication tool increasingly urgent – especially in light of the EU’s NIS2 Directive, which is to be transposed into national law by October 17, 2024. The regulation obligates operators of critical infrastructures to ensure communication and business continuity in the event of a cyberattack.
Cyber-resilient companies have the ability to defend themselves in the event of a cyberattack and remain operative without having to shut down entire divisions. During a cyberattack, companies need to expect that their IT systems and standard communication channels (e.g., email or collaboration tools) are either compromised or unavailable. The way to fill this gap is an independent communication channel – a so-called “out-of-band communication tool” – that works outside of the potentially compromised IT infrastructures and enables companies to maintain communication between experts, management, and external stakeholders.
The EU’s NIS2 Directive on cyber resilience is intended to strengthen critical sectors such as healthcare or public authorities with the goal of improving the security of network and information systems run by operators of critical infrastructures. The directive requires the management to address cyber risks, initiate measures to minimize these risks, and oversee implementation. In concrete terms, NIS2 dictates that business continuity and secure systems for emergency communication must be guaranteed in the event of an incident or crisis, which essentially obligates companies to have a backup communication channel in place.
- Whitepaper: The Importance of a Secure Business Communication Channel in View of the NIS2, DORA, and CER Regulations
- Webinar: Business Communication in View of the NIS2, DORA, and CER Regulations
Requirements for Out-of-Band Communication
Every company is a potential target for hackers, and despite all possible security measures, there is no guaranteed protection against cyberattacks. The management is obligated to include out-of-band communication in their cybersecurity strategy so they can react more quickly in the case of an emergency. Out-of-band communication is characterized by the following:
Dedicated Channel:
During an attack, potentially compromised channels like email and existing collaboration tools should not be used. An independent communication channel like a dedicated business messenger allows for secure, reliable distribution of information.Closed Communication System:
Strong authentication methods (e.g., Threema Work and Threema OnPrem’s contact verification) ensure that only authorized users can take part in out-of-band communication.Integration of External Users:
When cyberattacks happen, experts are often called in. It must be possible to integrate them quickly and simply into the out-of-band communication.Encryption and Data Protection:
All of the information and data transmitted during a crisis must be end-to-end encrypted in order to guarantee confidentiality. Plus, using a communication channel that protects user data and privacy is mandatory.
Threema Work as Part of Successful Out-of-Band Communication
Threema Work is an ideal out-of-band communication tool because it is a GDPR-compliant communication channel that can be installed on every mobile device. All transmitted messages are end-to-end encrypted, which is particularly relevant when it comes to sensitive content and also during an IT outage due to a cyberattack. In order to brief specific departments or the entire team on the current state of affairs, Threema Broadcast lets you quickly disseminate information with a single click. Using distribution lists and centrally managed groups, both internal and external individuals can be easily added to group chats to discuss the current situation and next steps. If Threema Work is already being used in certain areas as a WhatsApp alternative or supplement to collaboration tools, it makes sense to introduce the business messenger company-wide as an out-of-band communication solution.
The way a company reacts to a cyberattack is crucial to maintain business operation. A structured approach and efficient distribution of information via a secure out-of-band communication channel is of paramount importance. And yet, not all companies are aware of this: a study commissioned by us has shown that one in five companies does not have an emergency communication solution in place. Now is the time to take action. We will be happy to help you choose the right out-of-band communication channel for your company and show you all the ways you can use Threema Work.