The shocking average cost of a breach for a business is £3.2 million
not to mention the long-lasting negative impact on brand and company reputation. Still, the experts' predictions as to cyber crimes and data breaches are not optimistic at all.
You see, the situation is serious. The type of project data doesn't matter. The crucial thing is that it must be protected. The scope of a project manager responsibilities must include evaluation of data, identifying its ownership, and the potential effect of the breach.
A project manager must also know the amount and kind of data that might be affected in case of a breach. Highly sensitive data like health records, for instance, must be guarded at any price. That's why you must be aware of the kind of data you are handling.
A project manager should consider the costs of data protection and discuss the matter of covering additional expenses of involving experts and technology with the customer. Providing and maintaining cybersecurity is not cheap but data breaches are far and away expensive.
And don't forget about GDPR
non-compliance to which can cost you up to £17 million. If organizations save on data security, they risk more. The only way to avoid trouble is to keep EU citizens data adequately protected.
Cybersecurity must be a priority in every project even if the data you are dealing with is not super sensitive. Nobody wants a project to become an assailable point in the overall company's cybersecurity policy. You never know how many opportunities a project data can open to evil minds.
Most of the customers expect that the contractors are going to take care of security queries and issues if they arise. When a project manager is not knowledgeable about the security solutions used by the company, trust issues with the customer and project delivery delay are highly probable.
We are not calling the project managers to become hackers, just saying that in-depth knowledge of major cybersecurity principles can considerably reduce the hazard of a data breach.
Security professionals believe that integrated well-managed projects are the best way to ensure cybersecurity on that level. That's why it would be smart to opt for project management software that complies to the latest security requirements. For instance, if you are using Jira
to run your projects, Atlassian vendors offer effective security solutions for each tool. We are talking about their two-factor authentication plugins supporting U2F (more details on this later).
It's very naive for a project manager to assume that every employee understands the necessity of data protection. The team, the customer, and senior managers need to be educated on the ransomware infection consequences. The same applies to security officers. They need to know more about the project to make sure all measures are in place (because sometimes they don't even know if the project exists.)
Remember that the best security stays unnoticed because as a rule, people start to talk about it only when something goes wrong. The common problem with risk planning is that most of the time it is neglected at the project level. Being a responsible project manager means arranging meetups at the very beginning, discussions of possible risks, establishing risk management approach, in a word, making risk planning a part of running a project and its timeline.