What project managers need to know about cyber security

Effective project management is essential, but without cyber security knowledge any project could open an organisation to exploitation.

Cybercrime now makes up 40% of all recorded criminal incidents and an influx of complex and catastrophic cyber security attacks means project managers should be concerned.

With the threat of cyber crime looming in 2017, it’s crucial that project managers educate themselves on cyber security principles. With GDPR introducing data privacy reform this year and potential fines of up to £17 million, the security of your projects is more important than ever.

But without solid knowledge of security, your projects could open your organisation to crippling threats. This is what project managers need to know about cyber security.

Data security is serious

Data breaches are set to wreak havoc on UK businesses in 2017, with experts predicting the worst year yet. Shockingly, breaches cost businesses £3.2 million on average, and that’s without considering lasting damage to brand and reputation.

>See also: How up-to-date is your software security training programme?

Regardless of the type of data you’re managing on your project, it should be protected. Project managers must consider the value of the data, whose data it is (customers and/or clients) and the potential effects if it were breached.

Project managers (PMs) should also consider how much data – and of what kind – will be affected in the event of a breach. Organisations holding highly sensitive data, like health records, must protect it at any cost. You cannot afford to be unaware of what kind of data you’re dealing with.

Costs must also be considered. You may need to reach out to your client to cover the additional expense of bringing in the expertise and technology necessary to protect the data your handling.

Cyber security can be expensive, but the risks of breaches are higher; data breaches cost an average of £3.2 million per breach. “The ripple effect [of a data breach] is unimaginable in certain situations,’ said Brad Egeland, a project management professional specialising in IT and cyber security.

Plus, when the EU General Data Protection Regulation becomes law in May 2018, organisations risk more than ever if they fail to invest in their data security. Non-compliance to GDPR is severe and organisations can expect fines of up to £17 million if data held on EU citizens is found to be inadequately protected. And no, Brexit won’t save UK companies from GDPR.

Cyber security is crucial in every project

Cyber security is crucial to every project, regardless of how sensitive the data you’re dealing with is. You don’t want your project to be the weak link in your company’s cyber security policy and you can never be sure what potential points of exploitation your project might open.

If someone is working as a contractor, researching the client’s security policies and solutions will provide them with the context they need to perform your project securely. It will also demonstrate that they’re invested in the project and its success to your team and stakeholders.

>See also: PMO problems: 4 danger signs to keep in mind

Without studying the security solutions used by your organisation, you could face trust issues with clients and delay overall project completion – especially if clients expect you to handle security issues and queries yourself.

Whilst most project managers aren’t certified ethical hackers, you should still consider expanding your knowledge of general cyber security principles. Even a basic awareness can reduce the risk of a data breach or hack.

To be effective, security professionals will argue that IT security must be operationalised (i.e. measurable). The best way to ensure someone aligns with this is through well-managed and integrated projects.

Security is not someone else’s problem

Project managers can’t assume everyone they’re working with understands the need for data protection or the potential consequences of a ransomware infection. Educate and inform the team, the customer and senior management.

People may feel as if the manager is being overly concerned, but safe really is better than sorry. Good security should go unnoticed and in general, poor security is only noticed when everything goes wrong.

>See also: How to start thinking about automation for your business

Equally, PM’s can’t assume that cyber security is ‘someone else’s problem.’ Other members of the organisation may ultimately be responsible for aspects of security, but they may not have a vested interest in a project’s security. Worst case scenario: they may not even know of its existence.

It’s likely any project will be protected by whatever security measures are in place, but there’s no guarantee of that. Meet with the security team and educate them on the project. If the PM is not heard, nothing will be done. And if something then goes awry, it’s all on them.

Project managers must establish a common risk management approach

The cyber security approach to risk differs from that of the standard project management approach. Security professionals think in terms of threats and how vulnerabilities can be exposed or exploited. Business assets are assigned a value, so if the vulnerability is exposed, it can be quantified.

“The problem with risk planning…is [that] little, if any, thought is really given [at] the project level. And if risk planning is part of the project process and timeline, too often security is given almost no attention at all,” wrote project manager, Egeland.

Because of this, it’s important for project managers to meet at the onset of the project, to establish a common risk management approach and a foundation for risk discussions.

 

Sourced by Alex Bennett, technical writer for Firebrand Training, working at the forefront of the IT training industry

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.

Related Topics

Cyber Security
Data Security