Everything can be hacked. We learn this online, in books, at the annual Black Hat digital security conference and on shows like CSI and Criminal Minds (TV shows are never wrong, right?). But seriously, everything can be hacked. I just freaked out a District Attorney friend the other day when I talked to her about the implications of a government finger print database being hacked – what happens then? You can replace your credit cards, but you can’t get new finger prints. She had never thought of that.
So, think about your projects. Are you processing sensitive data? Are you backing up customer data or storing it on servers hosted at your location? While you can’t completely avoid or avert these security concerns you can work in your project’s and customer’s favor and make every attempt to be hacker-aware. The hackers are always one step ahead of us…you can work to mitigate the damage and potential for costly customer issues by following a few steps. I’ve included a a high level list of four key ones here…
Include cybersecurity in your risk management planning.
This is an easily and often overlooked process. In fact, the whole concept of risk management and planning is an often overlooked or slighted project process. That’s unfortunate because it doesn’t take long and it doesn’t take much effort or money to make the team and customer aware of risks and to discuss potential responses if these events occur. So plan for risks and risk avoidance and mitigation…and while you’re doing that, be thinking about the sensitive nature of the data your handling and what measures you can take to mitigate if a data breach is realized.
Encrypt, encrypt, encrypt.
Educate your team and all project stakeholders on good data protection practices – including data encryption. Data encryption isn’t just for technology geeks. Why? Because modern tools make it possible for anyone to encrypt emails and other information. Yes, encrypt your sensitive project data and that is probably already happening. But our project team and senior management and other project stakeholders may not be practicing very good safety and data protection techniques when it comes to emails and testing and performance tuning and other project efforts that may include this data… Encryption is now everyone’s responsibility on data sensitive projects.
Backup, backup, backup.
One of the most basic, data safety tips is to backup everything important. And on a data sensitive project, everything critical. Yet, this is too often taken lightly or overlooked completely on smaller projects or smaller firms. I’m a small business of one person, and I backup my critical files weekly. But I’m also not backing up 500 terabytes of sensitive customer data. A 128Gb thumb drive does the trick for me and stores several iterations of my more important client data files. The key is to do it – and plan from the outset of the project to do it as a risk avoidance / risk mitigation technique.
Perform all OS updates on project team and system computers.
Sometimes your biggest data concerns are those working for you with direct responsibility for a successful project. They don’t mean harm, but they are busy. I’m always guilty of walking around with a company laptop or my own Macbook with an OS that is nearly up to date, but not quite. What does that mean? It usually means that I’m walking a data breach that could happen at any time. Many times those OS updates are necessitated by a security flaw in the OS. Keep your OS updated at all times and preach to your team and your customer and your stakeholders and anyone who might be handling, viewing or transmitting sensitive project data or might be working with the customer on any live data conversion. It’s a risk you don’t want to take.
Summary / call for feedback
Data centers and CIOs need to be mindful of potential security breaches, out of date security processes and procedures, and the latest hack concerns. But project managers and teams need to be as well – because projects aren’t immune to cybercrime. Sure, the real responsibility lies with the CIO and data center, but if you want to win on your project, data security needs to be a concern when looking at risk potentials. Sticking your head in the proverbial sand just because it should be someone else’s concern won’t make it go away…and we all know it. Now choose to do something about it. These four steps won’t eliminate data concerns, but they will help along with the bigger data safety measures your CIO and data center should be taking.
Readers – what’s your take? Are you good at conducting risk management and planning sessions. Are you taking data security risks into consideration on a regular basis? What measures do you take and do you agree with this list? Please share and discuss.
Share your thoughts with us below and then click here to take advantage of our free, 30-day, trial to see how STARS can help manage your Agile projects at Stellar Velocity!
Latest posts by Brad Egeland (see all)
- You Should’ve Seen it in Color – the Fearful World of Project Management - April 3, 2017
- If you don’t think security is a PM concern, consider… - March 17, 2017
- 4 Project Management Trends for 2017 that Might Surprise You - March 6, 2017