Updated April 2022
Anyone who has worked as a project manager knows that the array of tasks that fall to the project manager is seemingly endless. Risk management, time management, people management, budgeting, motivational and diplomacy skills are just some of what a project manager needs to tackle in order to successfully manage a project. But, increasingly there is another area within project management that is arguably just as important, and that is cyber security. It is an area that a project manager cannot afford to overlook even if they are not directly involved in ensuring systems are secure. Clearly in IT projects there may be a more direct level of involvement but even in non-IT projects cyber security issues can affect the tools that the project team and stakeholders use, and the data they have access to so it pays to be aware of cyber threats and how to best deal with them.
40 per cent of all criminal incidents reports are cybercrime related and there are likely many more unreported incidents around security breaches. Some experts believe there will be even more security breaches than ever this year so it makes sense to educate yourself on basic cyber security principles and be on the look out for any security breaches.
Serious security breaches cost money to rectify but also can cause long-term damage to a company’s brand and reputation. Project managers, therefore, should be aware of the value of their project data, especially if it includes cutting edge technology or confidential information. They should ensure access to data is well-controlled and consider the implications of both unauthorised and remote access to the data as part of their risk management procedures.
If a project involves highly sensitive data such as health records or financial records, it is your responsibility to ensure that information is protected at all stages of the project including test phases. It is a serious mistake to assume someone else is responsible for cyber security; they may well be, but the project manager should make sure they know who exactly is responsible for securing data and access to it. And make sure that person knows it is their responsibility.
The cost of protecting project data needs to be discussed upfront and included in your project budget at the outset. It is most definitely not an optional add-on or something that can be dropped when the budget gets tight.
Whatever type of project you are responsible for cyber security is now a crucial element that cannot be left to chance. That is true even if the project is not handling confidential information because any security breach can affect a company’s reputation, the project’s reputation and ultimately your own personal reputation. So make analysis of cyber security issues a standard part of your formal project procedures – for every project you are involved in. That way, everyone working on the project will be made aware of potential security threats and be aware of what is expected of them when it comes to protecting project data.