Citrix Breach Proves: Effective Crisis Communication Must Be Multichannel
Estimated reading time: 4 minutes
Longer traffic jams, a shortage of workstations, and even obstacles in performing important tasks – the Citrix vulnerability discovered in late 2019 is now causing considerable inconvenience nationwide. Last Friday, the National Cyber Security Centre (NCSC) advised disabling the software system due to a security flaw. Ministries, municipalities, businesses, and organizations have heeded this call and shut down access to the Citrix network. As a result, remote work environments are inaccessible; email on laptops, phones, or iPads is no longer always accessible. Apart from the complications that a potential Citrix hack may bring, organizations are facing yet another problem: how do they reach their employees when the Citrix systems are (as a precaution) down?
At the core of successful crisis communication is the ability to deliver messages in real-time using a variety of different methods. No communication channel can ever be one hundred percent reliable. Therefore, a diversity of communication channels is always necessary for rapid and effective communication, ensuring that there is always a channel available to reach employees in any situation.
Preventing escalation through reliable crisis communication
However, most organizations rely on internal email to communicate in the event of a crisis, despite the fact that a cyber attack can affect the email network. By doing so, organizations exacerbate the problem and may potentially provide hackers with critical business information. By implementing a system that is independent of an internal communication network, organizations can ensure that bilateral communication lines between management and staff remain open, even in the event of a cyber attack or IT failure that could jeopardize an internal network. Too good to be true? A type of internal AMBER Alert for organizations and businesses in times of crisis already exists.
‘Internal AMBER Alert’ for organizations “
We have had extensive experience with crisis communication for years,” says Frank Hoen, founder of AMBER Alert and director of Netpresenter. Netpresenter provides the software behind AMBER Alert. “Whether it’s a cyber crisis, a fire, or an active shooter, you want to provide employees with the right information quickly in a crisis situation. The software we currently use to rapidly alert the entire Netherlands in the event of a child abduction can also be used by companies to immediately provide their employees with essential information in a crisis situation. In this way, organizations can prevent the situation from escalating further.”
A reliable multichannel solution
The software offers a multichannel solution, enabling alerts, notifications, and updates to be swiftly sent via TV screens, laptops, smartphones, and tablets. Currently, many Dutch organizations are being affected by the Citrix Breach due to a (potential) cyber attack. In such cases, the software allows for the transmission of short alerts, instructions, and updates. Even sending an alert via old-school SMS is possible. Staff can thus be instantly informed about the latest developments, understand what is and isn’t possible due to certain (precautionary) measures, and take immediate action accordingly.
The US as an example for the Netherlands
According to Hoen, Dutch organizations pay insufficient attention to their crisis communication. The United States, where around ten thousand servers are at risk due to the Citrix Breach, tightened its crisis communication regulations following the attack on the Twin Towers in 2001. “In the United States, organizations have been encouraged to implement a reliable internal crisis communication system through subsidies since the Twin Towers attack. Such a system is essential in crisis situations such as fires, power outages, or severe storms.” And as it turns out, it is also crucial in the case of a cyber crisis: being unable to reach staff can be equivalent to an escalation of the problem. With the right communication platform, this should not be necessary.
In the Netherlands and the United States, the safety region Rijnmond Veilig and institutions such as Erasmus MC, The University of Tennessee Medical Center, and VCU Health have been successfully using such an ‘internal AMBER Alert’ for years. From small offices to large medical institutions and even the port of Rotterdam, they keep employees informed, safe, and engaged with the right communication platform.