Estimated reading time: 4 minutes
The Citrix Breach has a hold on the Netherlands. Companies have responded massively to the call from the National Cyber Security Centre (NCSC) to temporarily disconnect Citrix. Citrix itself needs about two more weeks to fix the vulnerability for all versions, and with over 700 vulnerable Citrix servers in the Netherlands, there is a real chance that precautionary measures need to be taken in your organization as well. The focus is on resolving the cyber crisis, but at the same time, it marks the beginning of the next challenge: internal communication.
Companies that embrace flexible work concepts (and therefore use Citrix) don’t have a physical workspace available for every employee every day. In this crisis, mail servers are also often disabled. In short, disabling Citrix can have disruptive effects on business operations. However, according to Netpresenter, it doesn’t have to be that way. By following these steps, you can minimize the impact.
First and foremost, it is crucial to inform all employees, especially those who are not present at the location, about the Citrix crisis. You need to update them on what is possible or not possible due to the implemented precautionary measures. For example, if you don’t have enough workspaces at the office, it makes no sense to have everyone come to the office en masse. However, you might have more workspaces available at another location. This is essential information for all those flexible workers. Ensure that people have a place to ask their questions so that information doesn’t get fragmented. If email services are also disrupted, it’s important to have an alternative multichannel communication tool in place. If your organization doesn’t have a crisis-resistant communication channel yet, now is the time to consider it, so you’re prepared for the next crisis.
Make sure you are quicker than the rumor mill, especially when external parties are also communicating about the crisis. In the case of the Citrix Breach, the internet is flooded with news and updates. Even if no immediate precautionary measures have been taken within your company, such as using a Citrix version unaffected by the breach or having an available patch, it’s important to communicate anyway. Before you know it, there will be WhatsApp groups forming, and nobody will know what to believe anymore. By communicating in real-time, you retain control and can immediately provide reassuring solutions. This way, you keep your employees informed, engaged, and safe.
It may take until the end of January for Citrix to fix the vulnerability, and even then, it’s uncertain whether every company can immediately resume using Citrix. Therefore, it’s necessary to keep your staff updated in the coming weeks. The saying “no news is good news” doesn’t apply in a crisis situation. Radio silence only breeds unrest and fuels rumors. Especially with news media closely following the situation, it’s important to keep your employees informed, even if there is no new information to share. Schedule regular updates, such as daily briefings. That way, everyone will know the current status.
Employees should be well-informed so that they can inform other parties. Consider account managers and support staff who receive questions from customers when certain services are disrupted or at risk of being disrupted. It’s important for all employees to have sufficient information to inform and instruct third parties. It’s also conceivable that employees may not be allowed to communicate with the outside world and that all communication needs to go through a spokesperson. In that case, it’s crucial for your employees to be aware of this and know who to refer people to.
The Citrix Breach highlights once again the importance of having a multichannel solution in place so that you can communicate with your employees at all times. Want to learn more about effective crisis communication? Contact us for tailored advice. Or download our free checklist on cybersecurity.