Cybersecurity and the Project Manager

    By Keith Willeford, Volunteer Content Writer

    Are you looking for an investment with serious growth potential?  You might want to consider cybercrime.  A 2016 report by Cybersecurity Ventures estimated that cybercrime would cost $6 trillion annually by 2021 (up from $3 trillion in 2015).1 Sure, that estimate might be a bit overhyped, but even a sixth of that is a heck of a lot of money.  A project manager might start to wonder, “Am I in the wrong line of work?”

    Or maybe it’s simply time for project managers to consider the need to incorporate cybersecurity into their project management practices.  If you’re not sure whether the threat of cybercrime is real, look no further than the May 12th ransomware attacks that spread across 150 countries over a weekend.2 Ransomware attacks are those that result in the encryption of computer data, to be unencrypted only after a ransom has been paid to the attackers (if you trust the criminals in the first place).  The disruption to business operations and critical infrastructure is very real, and the cybercrime is equal opportunity.  Your industry and the size of your company don’t matter to a cyber-criminal.  All that matters is whether you have a vulnerability that can be exploited.

    And consider the less nefarious ways in which a lack of cybersecurity can detrimentally affect your project.  Do you have internal communications that you wouldn’t want a client or competitor to see?  What about pricing and profit data?  What about prototypes and product designs? 

    Back to our hypothetical about the investment with growth potential: estimates maintain that the world will have to protect 50 times more data in the next few years than it does today.3,4 Wrap your mind around that! The most frightening thing about cybercrime is that the barriers to entry are so low.  A bank robber has to muster the courage to walk into a bank with a shotgun.  Cybercriminals can cause havoc while sitting in their parents’ basement.  So how does the project manager begin to address cybersecurity?

    There are a few obvious ways to boost organizational cybersecurity (though I am no expert and this article is not prescriptive):  Make sure you are running the most recent version of your computer operating system.  Make sure that all security updates and patches are applied.  Run antivirus and anti-malware scans on a regular basis.  (Side note: my organization has its computers set up to run antivirus scans overnight, once a week.  The setting cannot be changed by the end user.  It took me 2 years to realize that since I turn my computer off every night, this scan never occurred unless I prompted the scan manually.)  Then there are procedures surrounding the handling of sensitive or proprietary information.  Some organizations have these rules, but many do not.  Do you have procedures for dealing with suspicious emails or attachments?  Where is your project data saved?  Where is your project data backed up?  What happens if your local computer is encrypted by ransomware?  What happens if your server is compromised?  Do you have money budgeted for cybersecurity efforts on your project? 

    Ultimately, it is time for project managers to incorporate Security Management into their Project Management Plans. You work too hard as a project management professional to allow criminals to undermine your efforts.