3 Reasons cyber security must be part of your project planning
Data sensitivity. All data is probably somewhat sensitive. We wouldn't be sharing it, administrating it, loading legacy versions of it into new business elements, etc. if it weren't important, right? And if data is important, then certainly it has some element of sensitivity to it.
I managed a £40 million US government contract that processed millions of student financial aid records and the key for each individual record was based off of the student's social security number and contained all of their financial data as well as their parents' financial data. I'd say that's fairly sensitive data. Customer data on your projects is always going to be sensitive. Why? Even if it's not critical data with identity information that could harm an individual, it's still customer data and customers who's data isn't safe are likely to take their business elsewhere if it is compromised. So to me, it's all sensitive. Now, how do we treat it as sensitive?
Let's consider three key reasons why cyber security should be – must be – part of your project planning process going forward:
Data sensitivity and customer confidence. Most any data that is worth wrapping a contract around is sensitive. If it's customer data then it is always sensitive. Why? Because if any of it is compromised - even if it's show sizes and cooking recipes - it will greatly affect the project and any customer satisfaction and confidence you gained along the way. Will you get it back? Is it even possible? Probably not - even if you patch whatever broke. But you must try. And at this point it is going to cost the project both in dollars and time. It will be hard to get any of the fixes paid for by the client unless requirements and their current business practices obviously caused the data breach. But again, still not likely.
Overall vulnerability. Everything can be hacked. Security can be overwhelmingly strong and it can still be hacked. Tesla spent a year closing up a security gap in their automobiles that was exploited at the 2016 Black Hat digital security conference, only to have the new security breached at the 2017 Black Hat conference. Not digital security, but security nonetheless... who would have guessed that someone could get 800 pounds of weapons into Mandalay Bay and fire down on a crowd of concert goers here in my entertainment capital home of Las Vegas just 30 minutes from my house and kill 59 individuals and wound 527 others in the deadliest mass shooting in US history this month? But it happened. And Equifax - millions of records breached in an extremely data sensitive industry. Security lapses - where they are most needed and thought to be the most safe - are happening all too frequently. Everything is vulnerable 100 per cent of the time. Think of it that way when performing risk planning on your projects. And make good plans for risk avoidance and mitigation.
Cyber crime prevention part of risk planning going forward. Expect the unexpected because sooner or later it will happen to you. Over the last year I asked my clients about any digital security issues they had experienced. More than 20 per cent - one in five - had experienced one type of breach or hack. When you are planning risk and performing risk management always make cybercrime prevention part of your plan. This isn't 1990 anymore. In the 2010's and beyond it is happening at an alarmingly increasing rate.
Summary / call for input
One of the three great determiners of project success is your customer confidence and satisfaction. How will security affect that confidence? It will always be difficult to get that customer reined back in if you have a security breach or data integrity issue on the project engagement. While there is likely nothing that can ever be done to ensure 100% protection... it just isn't going to happen... we can be sure we're doing everything we can be including cyber security in the risks we are planning for up front in the project.
How do you feel about this list? What are your thoughts and experiences with cyber security? Is your organisation currently putting solid emphasis on this growing concern?