External communications

Incidents may have a downstream impact on other external entities outside the organization that is suffering the incident. Some of these external entities may include suppliers, customers, transaction processing facilities, or service providers. If any of these organizations have a direct link—such as a virtual private network (VPN)—to the impacted organization, external partners need to be informed sooner rather than later. This is to limit any possibility that an attacker has leveraged this connection to compromise other organizations.

A significant area of concern when addressing incident management and external communications for managed service providers (MSPs) is the trend of attackers targeting MSPs first, with the intent of using them as a jumping-off point into other organizations through established VPNs. One perfect example of this is the Target breach, where attackers compromised a heating, ventilation, and air conditioning (HVAC) vendor as the initial point of entry. Attackers are using this tried-and-true method of attacking MSPs using ransomware, now with the intent of compromising more than one organization per attack.

At a minimum, an organization should inform external parties that they are dealing with an incident and, as a precaution, the connection will be blocked until the incident has been addressed. This can then be followed up with additional information. Much like internal communications, setting a regular cadence may go a long way to smoothing out any damage to the relationship as a result of the incident. In some cases, well-trusted external parties may be made part of regular daily status updates.

Table of Contents for External communications

Create new playlist

Sign In

Sign Up

Table of Contents for
External communications