We’ve seen this scenario before and, no doubt, will see it again: a company, organization, or even an entire city is struck by a cybersecurity crisis and finds itself dead in the water. Everything is breached—including propietary messaging systems and email.
“As a result, senior leadership is unable to conduct business, inform the market of their actions, and communicate internally with the wider team,” says Morten Brøgger, CEO of secure messaging platform Wire.
When Atlanta municipal computers were struck by ransomware earlier this year, city workers were handed printed notices warning them not to turn on their computers. After Danish shipping giant Maersk was struck by last year’s NotPetya ransomware attack, Chairman Jim Hagemann Snabe described the company spending 10 days with “no IT.” And during the 2014 Sony Pictures hack, employees reportedly couldn’t even access voicemail, let alone the internet, making it hard for the company to communicate what had happened.
To give companies a way to stay in touch during this digital havoc, Wire is rolling out what it calls Wire Red—designed to help companies preconfigure ways for teams to stay in touch through the platform when ordinary channels are out of commission.
Following Wire’s recommendations and templates, companies can have prebuilt channels where executives, operations personnel, workers focused on outside communication, and other groups can regroup following an attack. They can use company computers if it’s safe to do so, or their own devices if need be, Brøgger says.
“You can share documents, you can share information, you can chat, you can comment, and you can set up conference calls as well,” he says.
Without such a fallback plan in place, companies sometimes must contact employees through their personal accounts on consumer services, such as social media, he says. But those won’t always meet corporate requirements for security and regulatory compliance and may not make it easy for every employee to be reached.
Brøgger says he’s been in touch with leaders at major companies who want to ensure they have a way to communicate with employees in a crisis that’s up to their normal security standards.
And naturally, he says that once companies test the tool for crisis situations, he hopes even some that have been reluctant to adopt cloud-based services out of security concerns will consider using it for everyday communications.
Wire, with offices in Zug, Switzerland, Berlin, and San Francisco, has emphasized the security of its platform, which Brøgger says encrypts communications not only to its servers but also between individual users, so Wire has no access to client data.
“We built an end-to-end encryption architecture where the encryption key is actually on the devices,” he says. “There’s no chance that we can look over the shoulder.”
That can be particularly meaningful to companies looking for a tool they can use if a corporate VPN is knocked out of commission, he suggests.
Generally, using Wire Red, companies would prepopulate team channels with uploaded documents sharing information on what to do in the event of a crisis. And if one actually occurs, they’d broadcast messages to their employees using the platform, informing them of the situation.
“You can prepopulate each of these workspaces with the manual: This is how to act and this is what to do in a situation like this,” he says.
Brøgger says he’s been in touch with large enterprises about using the system, and plans to incorporate customer feedback to develop new features as they try it out.