If you are managing big ticket projects or sensitive data or both, 2016 is the year your project risk planning needs to change.
As 2016 rolls along, we are seeing more indications that the hackers and leaders in cybercrime are winning. More breeches are uncovered daily. More data is compromised in companies both large and small and it's all over the news, Facebook, Twitter...everywhere.
The bottom line is this...hackers are at least one step ahead of us at all times. You think you and your data and your identity is safe due to some action you've taken or hardware you've implemented or software you've purchased. The real truth is, they just haven't gotten to you yet. Because if you've purchased the latest hardware or software to thwart hackers...they have too and they will figure out a way past it faster than you will likely get it fully implemented. Anything can be hacked...and all new hardware and software designed to stop hackers will be hacked...it just takes some time.
What does this mean to project management in 2016?
For certain, it means these three key things.
Added risk management efforts.
We, as project leaders and caretakers of our project clients' sensitive data and valuable projects, must ramp up our risk management efforts. Maybe you'll get lucky and your project will be implemented in time to avoid anything getting hacked along the way. That client database you're using in a testing phase that contains 1.2 million of their customer records is about a sensitive as it gets...you don't want anything bad to happen to it. How does that one country song go? “If you're going through hell, don't stop moving, you might get out before the devil even knows you're there.” You may get the project implemented and handed off to the client before there is a breech. Once you've handed it off, then it becomes their problem, but please build some security into the solution. You don't just want to hand off an unprotected hot potato.
Reliance on cybersecurity experience or staff.
The coming year will - or at least should - see a growing reliance on expert cybersecurity departments or staff. Does that mean that your company needs to set up an entire cybersecurity department? Possibly. It depends on the types of projects you currently manage and want to attract. Does it mean contracting out to a vendor to handle most or all of your cybersecurity needs? That's an option but if you need that now your need is likely going to only grow larger meaning you'd be better off setting up your own staff now. You can also start with one individual...certified or not...depending on the size of your projects. Many organizations are getting away with growing their own cyber defense staffs internally over time.
Proof of concept to larger project customers.
You know how sometimes you have to do a little dog and pony show proof of concept to those larger, more important and higher paying project customers sometimes? It may be a disaster and recovery proof, it may be a physical security proof, it may be a datacenter processing capability proof, but if you've managed large scale, high dollar projects or programs before, chances are you've had to do one of these. Well, expect to do at least one cybersecurity proof in 2016 if you are working with larger clients and especially if it involves handling sensitive data of any kind. They are going to want to know that their data is not at risk while in your hands.
Summary / call for input
The bottom line is this...times are changing. The world is a different place today than it was 20 years ago. Our kids really don't even have safe places to get part time jobs anymore. And as technology grows, our associated technological risks grow as well. The hazards and the evil and the thieves are a step ahead and we can only hope to keep up. We may jump ahead for brief periods of time – or at least feel like we have because we haven't felt the affects. And we may never experience a cybercrime incident. 25% of my past and current clients did in 2015 and everything points to it getting worse. The best we can do is make sure that cybercrime and cybersecurity is part of our risk planning.