How project managers can help companies better navigate security risks from COVID-19

 

Social distancing and remote working during COVID-19 have increased cybersecurity risks for companies worldwide, increasing the need for project managers to work on more security-related efforts.

Recently, Deloitte announced that it has observed: "a spike in phishing attacks, Malspams, and ransomware attacks as attackers are using COVID-19 as bait to impersonate brands thereby misleading employees and customers." With cybercriminals around the world capitalizing on this crisis, security gap identification and resolution projects will become a frequent focus for project managers. The good news is project managers often excel under pressure and can be highly valuable assets to information security and internal audit teams.

SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)

Working with internal auditors

Internal auditors have a unique view of organizations for virtually every vantage point. They understand human-, technology-, and process-based risks and typically know all of each business unit's weaknesses. Project managers can work alongside these audit teams to isolate security risks brought about by COVID-19 and implement changes that address emerging threats. With the pandemic forcing employees to work remotely, cybercriminals will continue to target employees and companies for financial gain. 

Project managers working with audit teams will need to factor in these items when working on risk management initiatives: 

·         Adapting operating models to continue delivering on your internal audit (IA) mission

·         Maintaining continuous and efficient interactions with IA stakeholders

·         Technological solutions to provide a secure and seamless remote working environment

·         IT team structures to effectively operate their IT support and control functions remotely

·         Safeguards to ensure that all remote services and transfers of data are not compromised

·         Managing internal controls of third-party providers 

·         Security surrounding data and services for providers impacted by the COVID-19 disruptions                                                                                                   

 

Internal controls, safeguards, and closing risk gaps are an essential part of any organization's security. Together with IA teams, project managers can ensure that the necessary internal control projects can be successfully planned and implemented.

Working with information security  

Regardless of industry, cybersecurity threats are creating financial, operational, and reputational risks for businesses. Information security teams have their hands full, and this isn't expected to slow down after the pandemic. As part of a joint effort with the World Economic Forum's Center for Cybersecurity, KPMG outlines these five principles that project managers and information security experts can implement to help cybersecurity leaders prepare for the new landscape.

1.   Fostering a culture of cyber resilience requires breaking down barriers between departments. This can create a culture of resilience across IT, operational technology, and business-facing functions. It helps to increase company-wide accountability.

2.   Focusing on protecting critical capabilities and services that re-establish a cyber hygiene culture. This also involves moving to newer models of managing access, monitoring critical asset activity, and prioritizing automation investments.

3. L’équilibre entre les décisions éclairées par le risque pendant la crise et au-delà implique la révision de l’approche de la chaîne d’approvisionnement, la définition de mesures pratiques et pertinentes des cyberrisques et l’accent mis sur les risques opérationnels lors de la conception de nouvelles stratégies numériques.

4. Mise à jour et pratique des plans d’intervention et de continuité des activités qui révisent et testent les processus de planification de la résilience. Cela signifie également préparer les équipes de gestion de crise à fonctionner sous une pression intense pour être en mesure de redéfinir les pires scénarios dans la nouvelle réalité.

5. Renforcer la collaboration à l’échelle de l’écosystème en collaborant avec les réseaux de l’industrie et en organisant des séances de sensibilisation et d’échange de renseignements. Toutes les parties doivent travailler ensemble pour perturber les activités criminelles et élaborer une approche systémique de gestion des risques dans le cadre de la collectivité en général.

Plutôt que d’avoir la sécurité de l’information et la vérification interne travaillant sur des initiatives de sécurité distinctes, les gestionnaires de projet ont les compétences et les connaissances nécessaires pour aider ces équipes à combiner leurs efforts pour mettre en œuvre des mesures de sécurité efficaces ensemble.

À propos de l’Auteur

Moira Alexander est la fondatrice de PMWorld 360 Magazine et Lead-Her-Ship Group, et une chroniqueuse de gestion de projet et de milieu de travail numérique pour diverses publications. Moira a plus de 20 ans en affaires (IS&T) et en gestion de projet pour les petites et grandes entreprises aux États-Unis et au Canada. Pour en savoir plus sur Moira, rendez-vous sur www.pmworld360.com et www.leadhershipgroup.com.