
Now let’s consider all of this from a project angle. How important is security on the projects that we manage? Well, that depends on several variables:
- Who’s projects are you managing?
- What type of data are you handling?
- Government or private sector projects?
- If customers are external to your organization, do they care enough to spend money on the risk and security planning?
There are probably many other factors – and please feel free to comment with other thoughts and factors …I would really like to take this discussion further based on the experiences and opinions of colleagues.
Security is important no matter the project
The real answer to this question this article asks should always be “yes.” It really shouldn’t matter what type of data you’re managing on your project, you need to protect it. And even if you are managing nothing of any real sensitivity, paying attention to security will only help your organization and your customer. You don’t want your project to be that weak link into the sensitive data your company does handle or your customer is storing. You never know what window of opportunity your project might open into other sensitive data and information that may have nothing at all to do with the current project.
So, we’ve established that we should care about security…now what do we do?
Plan, plan, plan. To start with, plan like crazy…but don’t take too long. The problem with risk planning – and that is really what I’m talking about here – is something that little, if any, thought is really given to at the project level. And if risk planning is part of the project process and timeline, too often security is given almost no attention at all.
Make sure others are paying attention to your project. Data security…that’s the IT director’s problem, right? Ummm…could be. But would you trust someone else with your sensitive data? Would you trust your toddler with someone just sitting in your house reading a book? NO! I’m not saying IT directors and security analysts aren’t doing their job, I’m saying they may not feel they have a vested interest in YOUR project. Your project may get protected by whatever security measures they have taken, but there is no guarantee of that. Meet with them…make your project important to them. Scream loud…if you aren’t heard and nothing is done, then it’s all on you. It’s not about the blame game here – but you do need to consider the consequences as a project manager and employee as part of your overall management of this type of risk.
Educate. Educate those on the project about the need for data protection, the potential consequences, and the sensitive nature of what your project is handling. Educate and inform the team, educate and inform the customer, and educate and inform your senior management. You may be overly concerned, you may be blowing it out of proportion, you may be screaming too loud…but the house with the outside lights, locked doors and several cars on the driveway is not the house that is going to get broken into randomly in the middle of the night. The potential perpetrators will move on to the next house. Trust me. Some security can go a long way in thwarting 90% of the threats.
Summary
The best thing you can do for your project and for the integrity and safety of your project’s data – sensitive or otherwise – is to plan, be aware, make others aware, and educate. The bottom line, it’s all about communication. You can’t assume these things are happening. Security is important. I’m sure that these federal agencies didn’t see this huge data breach coming. But it did. Find out what security your organization has for such data breaches and figure out where project dollars need to be spent in order to protect your project. You won’t be sorry.