Out-of-band communications are alternate channels used instead of the normal business tools, such as email, chat, or a shared ticketing system. Security teams rely on them when those primary channels are unavailable, disrupted, or possibly compromised. Common examples include phone calls, SMS, a separate secure messaging app, radio, or a prearranged emergency contact tree.
They matter because attackers often target the same systems defenders use to coordinate. If an email account, chat workspace, or identity provider is being monitored or manipulated, normal messages can be delayed, altered, or spoofed. An out-of-band channel helps verify instructions, share incident updates, and authorize urgent actions like account resets or network isolation. In practice, good incident-response plans define which channels to use, who can start them, and how to confirm identities before acting on sensitive requests.