“I would hazard I can do more damage on my laptop sitting in my pajamas before my first cup of Earl Grey than you can in a year in the field.”
~ Ben Whishaw as Q – James Bond: Skyfall
Morpho. Anonymous. Bureau. Chaos Computer Club.
With each passing day these and other hackers appear to be winning the cyber crime war. As more breeches are uncovered and more data is compromised, our government and companies both large and small are coming under increasing strain to stop these insidious intrusions. The fact these occurrences are amplified in the news and across social media causes both indignation on the part of everyday citizens and embarrassment on the part of those being hacked; while emboldening the hackers themselves.
The bottom line is this... hackers are at least one step ahead of us at all times. They require limited resources, are geographically disbursed and have the time and desire to accomplish their goals.
If you think you and your data and your identity is safe due to some action you've taken, hardware or software you've installed, the real truth is, they just haven't gotten to you yet. Anything can be hacked... and all new hardware and software designed to stop hackers will be hacked... it just takes a few bored teenagers and a bit of time.
So what does this mean for those in project management?
We, as project leaders and caretakers of our clients' sensitive data, must ramp up our risk management efforts. It doesn’t matter if the project is already completed or still in process. The client database you're using in a testing phase that contains 1.2 million of their customer records is about a sensitive as it gets. If the project has been delivered and you have no encryption on the data, the risk still exists, you’ve just passed the buck.
Encryption and security platforms continue to advance and are constantly being updated to account for the latest “known” security threats. Implementing these systems is critical for project management firms dealing with sensitive customer data. Where companies are dealing with PII (Personally Identifiable Information) or other highly classified information (whether defined by the Federal Government or not), the hiring of a cyber security firm or expert may become a necessity. These teams or individuals are able to do a full audit and assessment of your current data handling procedures, firewall and other obfuscation systems and inform you of any weaknesses and how to address them.
This is not a trivial undertaking and in some cases can be quite expensive. But as the stakes continue to increase, so does the need to batten down the hatches and build the concept of data security into your company’s culture. The flip side can be much, much more expensive.