Safe Communication Practices

How do you communicate when your company email has been disabled or compromised by cyber threat actors? Build emergency communications into your incident response plan.   One critical yet often overlooked facet of an Incident Response (IR) plan are backup communication methods. Cyber attackers often disrupt or monitor corporate email. The need for alternate communication channels is essential during many cyber incidents.   🛡️ Building Resilience: Key Steps to Prepare: IR Team Formation: Cybersecurity response requires a dedicated unit. Form an IR team equipped to guide the organization and maintain critical communication.   Response Protocols and Mock Exercises: Establish and test response protocols through mock exercises, ensuring preparedness for real-world scenarios. Define communication methods for leadership and staff in the event of a breach.   🛡️ Simple Yet Effective: 'Emergency Kit': User-Friendly Options: An alternative communications emergency kit doesn't need to be complex. Consider low-cost options like basic laptops or tablets. Preload them with essential information and contact lists, anticipating potential network compromise.   Two-Factor Authentication: Leverage free email accounts or establish a backup domain for email. Utilize two-factor authentication for added security. Share these accounts selectively among the core team.   Inexpensive Phones: Core IR team members and senior leadership can enhance security with inexpensive phones with prepaid service and encrypted call and messaging apps like Signal. These ensure secure communication channels during an emergency.   Out-of-Band Communication: At least one channel should be "out of band," independent of your network and infrastructure. This ensures communication continuity even in the face of network compromise.   🔒 Seeking Expert Advice: In navigating the details of alternative communications, seek guidance from security experts. Tailor your backup plans and equipment to your company's specific needs and risk profile. Prioritize resilience to maintain secure communications during a cyber attack.   #incidentresponse #cybersecurity #securityawareness

When Group Chats Go Wrong: 5 Key Learning Lessons Last week's headline-making leak of internal communications from the Whitehouse highlights a common digital workplace risk: the wrong eyes seeing the wrong messages. 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗠𝗶𝘀𝗵𝗮𝗽𝘀 𝗢𝗳𝘁𝗲𝗻 𝗙𝗼𝗹𝗹𝗼𝘄 𝗮 𝗣𝗿𝗲𝗱𝗶𝗰𝘁𝗮𝗯𝗹𝗲 𝗣𝗮𝘁𝘁𝗲𝗿𝗻: 🚩 𝗨𝗻𝗶𝗻𝘁𝗲𝗻𝗱𝗲𝗱 𝗔𝗰𝗰𝗲𝘀𝘀: Whether through technical error or human mistake, sensitive information reaches unintended recipients. 🚩 𝗨𝗻𝗳𝗶𝗹𝘁𝗲𝗿𝗲𝗱 𝗖𝗼𝗻𝘁𝗲𝗻𝘁: Candid opinions and sensitive information, never meant for wider audiences, suddenly become exposed. 🚩 𝗗𝗮𝗺𝗮𝗴𝗲 𝗖𝗼𝗻𝘁𝗿𝗼𝗹: Rushed attempts to contain the situation often create additional awkwardness and scrutiny. 𝗥𝗲𝗺𝗼𝘁𝗲 𝗪𝗼𝗿𝗸 𝗖𝗵𝗮𝘁 𝗘𝘁𝗶𝗾𝘂𝗲𝘁𝘁𝗲: 𝟱 𝗔𝗰𝘁𝗶𝗼𝗻𝗮𝗯𝗹𝗲 𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 ✅ 𝗔𝘂𝗱𝗶𝘁 𝗣𝗮𝗿𝘁𝗶𝗰𝗶𝗽𝗮𝗻𝘁 𝗟𝗶𝘀𝘁𝘀 𝗥𝗲𝗴𝘂𝗹𝗮𝗿𝗹𝘆: Schedule monthly reviews of all group chats to remove individuals who no longer need access. ✅ 𝗜𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁 𝗖𝗹𝗲𝗮𝗿 𝗡𝗮𝗺𝗶𝗻𝗴 𝗖𝗼𝗻𝘃𝗲𝗻𝘁𝗶𝗼𝗻𝘀: Label chats precisely (e.g., "Q1 Budget Planning - Confidential") to reduce confusion and mistaken additions. ✅ 𝗖𝗿𝗲𝗮𝘁𝗲 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺-𝗦𝗽𝗲𝗰𝗶𝗳𝗶𝗰 𝗚𝘂𝗶𝗱𝗲𝗹𝗶𝗻𝗲𝘀: Designate specific tools for different sensitivity levels—Slack for general communication, encrypted platforms for confidential discussions. ✅ 𝗘𝘀𝘁𝗮𝗯𝗹𝗶𝘀𝗵 𝗮 𝗩𝗲𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗦𝘁𝗲𝗽: Before sharing sensitive information, verify all participants with a quick "confirming everyone here should be part of this conversation." ✅ 𝗗𝗲𝘃𝗲𝗹𝗼𝗽 𝗮 𝗠𝗶𝘀𝘁𝗮𝗸𝗲 𝗣𝗿𝗼𝘁𝗼𝗰𝗼𝗹: Create standard language for gracefully addressing accidental inclusions without additional awkwardness. Coaching can help; let's chat. Follow Joshua Miller 𝗟𝗶𝗸𝗲 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗿𝗲𝗮𝗱 𝗯𝘂𝘁 𝘄𝗮𝗻𝘁 𝗺𝗼𝗿𝗲? 📬 Subscribe To My NEW LinkedIn Newsletter: “𝗧𝗟;𝗗𝗥 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝘃𝗲 𝗖𝗼𝗮𝗰𝗵𝗶𝗻𝗴: 𝟮-𝗠𝗶𝗻 𝗣𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 𝗧𝗶𝗽𝘀”  ↳ https://rb.gy/i1o47z #Communication #RemoteWork #WorkplaceSecurity #GetAhead #CareerAdvice #ExecutiveCoahcing #CoachingTips #Job

Just a reminder that encryption alone is NOT enough for secure official communications. While Signal Messenger provides end-to-end encryption, it lacks critical safeguards required for sensitive environments. One often-overlooked factor is the need for an audit trail to track who accessed information and when, ensuring accountability. Official communication systems also include strong authentication to verify identities, compliance controls to manage data retention, and safeguards to protect data integrity. Without these additional layers of protection, even encrypted communication can introduce significant security risks. In sensitive environments, it’s not just about protecting the content—it’s about ensuring the entire communication process remains secure, auditable and most importantly, accountable. #signal #fedramp #ciso #cybersecurity #cism #cissp