Project managers must also be cybercrime warriors

Hacking and cybercrime are increasing at an alarming rate and experts agree that it’s not going to get better anytime soon. The cost of cybercrime shot up 93%, from $1.4 billion in 2017, to $2.7 billion in 2018. That’s according to the FBI’s annual Internet Crime Report.

IT project managers (PMs) wear many hats, none more important than that of cybercrime warrior. There are so many points at which projects can be vulnerable to cybercrime, from the most basic password cracking to more sophisticated network breaches; and the PM needs to “own” this risk, rather than assuming that it will be covered by the organisation’s general IT security umbrella.

“From the outset, PMs need to work closely with the organisation’s IT security specialists to identity the potential points of exploitation that the project might be exposed to and what security concerns might be unearthed; and then develop mitigating strategies,” says Tony McManus, CEO of McManus Consulting.

McManus says that effective cyber security for projects should start with the basics, including the often-overlooked elementary security building block of effective password protection. Using a reputable password generator like LastPass, rather than the same password for everything, is essential. Consideration should also be giving to limiting access to data to only those that need it, and encrypting files and communications.

The PM is also responsible for integrating cyber security into the culture of the team, making sure that every member of the team is up to speed on the cyber risks facing the project, and fully on board when it comes to protecting against breaches.

A report published earlier this year reveals a rather concerning “casual approach to workplace communications, and digital habits in general”; with 27% of employees admitting that they do not know their employers’ IT guidelines; one in four admitting to using their personal email to conduct business; and one in three admitting to using their personal devices for work.

The cautious PM will consider not only what information is being shared between the team but also how it is being shared.

McManus says that PMs must be both proactive and reactive when it comes to cyber risks and that lessons learned on each project must form part of reactive cyber risk assessment, creating a valuable “data bank” for future projects.

© Tony McManus, McManus Consulting. | Image created by