Cyber security risks affect every employee in an organisation. As a project leader, you’re in a strong position to effect comprehensive cyber security policies to safeguard sensitive and proprietary data while minimising business interruption. In order to do so you need to learn about the latest trends in cyber security, key vulnerabilities, and what you can do to address them.
The current state of cyber security
Cyber attacks are a major concern of individuals and businesses alike. A quick review of recent ransomware virus attacks, as well as potential threats relating to cloud and Internet of Things (IoT) indicates cyber security can be a costly issue for businesses if not properly addressed.
Recent global ransomware attacks throughout mid-2017 – the biggest outbreak in history – demonstrated how vulnerable businesses can be. Nearly 100 countries were affected by the ransomware, which started in Russia and the Ukraine before spreading to Europe and the rest of the world.
Spread by Word or PDF documents, the ransomware worked by freezing individual computers until ransoms of hundreds of dollars were paid (in Bitcoin). The attack followed the WannaCry attacks in May 2017.
Cloud and IoT vulnerabilities
Research suggests businesses have “complex and chaotic” security provisions when it comes to the two major emerging IT trends of cloud and IoT. The majority of businesses (62% in fact) are worried about IoT security though they’re convinced by the benefits of cloud and IoT tools. The survey suggests threat detection, incident response, and simple, unified solutions can help project managers better guard against potential threats.
Cyber security 101 for project managers
While choosing reliable software vendors is a crucial part of cyber security management, project managers – like other leaders in an organisation – also have a key role to play in preventing security breaches. Learning the basics and integrating this knowledge into your processes is an essential part of your role as a project manager. There are five cyber security basics every project manager needs under their belt.
Consider every project an opportunity to manage and protect data. Proactively seek out tools and processes to enhance data protection, especially when it comes to sensitive data like customer information and employee contracts. Use encryption across devices and networks.
2. The cloud
Understand the risks associated with the cloud, and choose your third-party cloud-service providers carefully. Work with your IT consultants to find ways to reduce the risks associated with using cloud services.
3. Passwords and two-step verification
Make strong passwords and two-step verification standard in all your projects is a must. Using a generic password like your dog’s name or your favourite song for all of your accounts is a huge liability. Password software can generate strong passwords for you that will nullify the risk. Remember to change your passwords regularly to maintain air-tight security. Likewise, two-step verification bolsters cyber security by adding an extra layer of protection to your account.
4. BYO devices
If your team members use BYO devices, develop a policy to guard against malware infection risks. Ensure that they adhere to cyber security best practices such as strong passwords, two-step verification and comprehensive understanding of how to handle data on their personal devices.
5. Remote work
If any team members work at home or remotely, make sure they use a virtual private network to keep private data secure as it’s transferred across external networks.
How can ethical hacking help cyber security?
Ethical hacking – also known as penetration testing – is another way to keep your projects and data secure. Ethical hacking involves having a professional hacker test your network for vulnerabilities. By doing so, you find out how to eliminate known vulnerabilities as well as protect your network and projects from malicious hacking.
Ethical hacking can make your emails, databases, VoIP, and other IT elements more secure. The movement towards the cloud along with increasing adoption of IoT are strong reasons for using ethical hacking to discover vulnerabilities. By thinking like a hacker, you can identify complex hacking tactics before they occur to would-be hackers and take preventive measures to protect your system against them.
Cyber security and social media
While social media probably isn’t at the top of your cyber-security priority list, these platforms are so widely used they can affect the cyber security level of your projects and your organisation. This is usually due to the information your team members post to their social media accounts. Hackers mine social media, using it as a reconnaissance resource to device attack strategies.
For example, an employee’s tweet about an upcoming conference for the team can be turned into a phishing attack through email. LinkedIn is another rich resource for would-be hackers, who can use the popular networking site to mine for email addresses for phishing attacks.
So what can you as a project manager do about social media vulnerabilities?
Realise you can minimise the risks. Start by keeping your team members informed on what to share on social media, and recommend strict privacy settings. You might want to develop a detailed social media policy to guide team members. Provide guidance on how and why sharing too much work-related information can impact the organisation, and update the policy as social-media-related cyber security trends change.
As a project leader, you probably don’t think of yourself as a security expert, but as with any other leader in your organisation, you can be an essential facilitator for better cyber security. By understanding recent trends, learning about basic data protection, and using strategies such as ethical hacking, you can give your project the best chance of running smoothly while ensuring data is kept safe.