Since last October 17, EU member states must transpose the NIS2 Directive into their respective legislation. Among other points, NIS2 dictates that the continuity of the activity must be guaranteed, as well as having secure emergency communication systems in case of an incident or crisis. This essentially forces companies to have a backup communication channel capable of replacing regular channels (for example, email or collaboration tools), which will be affected or become unavailable.

But what are the characteristics of an out-of-band communication tool? The Swiss Threema gives the keys to an alternative communication system, optimal to guarantee business continuity in the event of a cyber attack and that allows companies to maintain communication between experts, managers and external stakeholders.

Requirements for out-of-band communication that guarantees business continuity

Every business is a potential target for hackers, and despite all possible security measures, there is no guaranteed protection against cyberattacks. Management is obliged to include out-of-band communication in its cybersecurity strategy to be able to react more quickly in the event of an emergency.

These are the main characteristics of optimal out-of-band communication:

1. Specific channel: During an attack, potentially compromised channels such as email and existing collaboration tools should not be used. An independent communication channel, such as an instant messaging app specifically designed for business use, will allow for secure and reliable distribution of information.

2. Closed communication system: The communication system must have strong authentication methods that ensure that only authorized users can participate in out-of-band communication.

3. Integration of external users: When cyberattacks occur, experts are often called upon. The alternative communication system will allow them to be quickly and easily integrated into out-of-band communication.

4. Encryption and data protection: All information and data transmitted during a crisis must be end-to-end encrypted to ensure confidentiality. In addition, the communication channel will have to protect the data and privacy of users.

As Miguel Rodríguez, CRO and person responsible for the expansion of Threema in Spain, believes, “the way in which a company reacts to a cyber attack is crucial to maintaining the functioning of the business. “A structured approach and effective distribution of information through a secure out-of-band communication channel is vitally important.”