IT Project Managers: Project Security is your Responsibility
Between forming, storming, norming, and performing, there are a seamingly infinate amount of factors that an IT project manager has to consider when taking on a new project. IT projects in particular tend to be more complex due to the complicated nature of integrating new technology into an established organization. And as solid as your risk management plan may be, there are always unpleasant surprises that come up. Consider the following scenarios:
- You're about to walk into a meeting with your Project Stakeholders and your laptop containing your presentation gets hit with malware, leaving you unable to open your files.
- Your team is in the middle of a project status update with the client and one of your teammates presents the wrong version of a document with private, internal, not-meant-to-be-seen-by-the-client-information.
- You get called into your Project Sponsor's office because the client discovered that unauthorized personell accessed the work room in which your top-secret project is located.
Security is a commonly overlooked aspect of a project that can have very real consequences for all parties involved. Here are some tips on how to secure your IT project:
1. Plan security early
Be sure to consider security risks early on in the project planning phase to avoid security issues that might impact scope, budget, or time farther along down the road. Building security procedures into your team communication plan, stakeholder communication management plan, risk management plan, project charter, and other documents in the early stages of your project will help you set up the right guardrails to avoid disaster.
2. Identify stakeholders
Who needs what access when? Determine your project's level of privacy and protect accordingly. Does the physical work space need to be secured? Do your teammates need specific security clearance? It might be a good idea to get the client's operations department involved to make sure your team is following the correct security procedures. We will get into document and version control later, but you do need to consider who should be able to view, edit, share, and send project documents. Having an approval process for all deliverables is certainly a best practice, if not critical.
3. Store documents properly and create a version control plan
Choose a file sharing platform, like OneDrive or DropBox, that can enable secure project document sharing and that uses adequate encryption and access control for data transfers and storage. Here's a TopTen Review of the best online file sharing services in 2017. Within these platforms, you can manage access, giving specific permissions to each project teammate and stakeholder. If you've been doing project management for a while, you know that the "edit" option can be dangerous. The platform you choose should also be able to protect your files against cyber-attacks, because we all know that your docuements are the backbone of your project.
You will also want to create a version control system so that you are keeping track of all previous versions and sending the correct versions of deliverables to the correct people. Make sure you have adequate backups so that no files are lost.
4. Include security in your communication plan
In the execution phase, a majority of the project manager's time is spent managing communication on the project. Communication between teammates, sponsors, stakeholders, and clients needs to be secured on every communication platform. On conference calls, include the requirement to password protect the meetings and/or use the roll call feature of the conferencing provider to ensure only those invited are on the line. Periodically change your meeting passcode, especially when a project closes. Many projects nowadays use instant messaging - make sure the IM provider you are using is secure. Create guidelines regarding forwarding work-related email to personal cell phones and what information is acceptable to be left in voice mailboxes and in auto-responders. This may seem obvious, but you'd be surprised; create guidelines for use of social media.
Want to learn more about how to secure your IT projects? Receive a free consultation from BlackPoint IT today at 866.575.9512 or fill out our contact form and we'll call you.