Cybersecurity Measures Every Project Manager Should Know About

Cybersecurity for project managers

Online projects could be easy prey for cybercriminals due to the involvement of critical security information (emails, different platforms' login passwords, bank accounts, etc.) and multiple people. A simple phishing email requesting new login credentials or bank account details could be effective on negligent team members and could put everybody at risk.

In other words, any breach of information by a project team member could lead to a disaster for the parties involved. As a project manager, you're responsible for ensuring the security of your project and protecting the people involved. In this article, you'll learn about the cybersecurity threats to your online project and the measures you need to take to avoid them.

Types of Cybersecurity Threats

Knowing some of the standard methods cyber attackers pursue and the tools and technologies involved can help you take the necessary measures to protect your business. So, before learning how to protect your digital assets, let's look at the nature of common cyber attacks.

Malware

Malicious software, or malware, is intrusive software inserted into a system with evil intentions such as compromising data confidentiality and integrity.

Malware can be hazardous to your data, operating system, or applications, making it one of the most prominent threats to your assets. It's not possible to avoid malware entirely. Once identified, you have to have defenses that provide breach detection and remove it from your system.

Ransomware

Ransomware is malware that limits your access to your systems or data, used by cybercriminals asking for ransom from users to regain access.

Digital non-traceable cryptocurrencies contributed to the use of ransomware, increasing ransomware use drastically over the years. From 2019 to 2021, the number of ransomware complaints made to the FBI's Internet Crime Complaint Center has increased by 82%, and the increase in ransom payments has risen by 449% during the same period.

Spam and phishing

Spam is an unsolicited email where the recipient did not give consent to the sender, often used as a promotion tactic. Spamming with fake messages often results in the sender's account getting banned after repeated spam reports from multiple recipients. Ultimately, one can use a fake email generator to avoid getting over-spammed with unwanted emails.

In contrast, phishing refers to an attempt to access sensitive information, usually in the form of impersonating a trustworthy individual or an establishment. Phishing attempts often occur as an email or SMS message that warns you about an issue related to your account, seeming as if it's coming from a place of authority.

Source: Phising.org
Source: Phising.org

Corporate account takeover (CATO)

As the name implies, CATO refers to business entity theft, where cyber attackers impersonate a business entity to make transactions from unauthorized business funds to the accounts under their control.

It’s crucial for business owners to have a monitoring mechanism and solid control over their online financial systems, aligned with the CATO document of The Conference of State Bank Supervisors (CSBS).

Distributed Denial of Service attacks (DDoS)

Cybercriminals resort to DDoS attacks to stop an online system or service from functioning. Attackers cut users’ access to the system by overwhelming it with too many requests from various IPs sent from hijacked devices that carry out the scam. The disturbance is often not the sole purpose of DDoS attacks, and they serve as a distraction while some other type of fraud takes place elsewhere on the website.

Automated Teller Machine (ATM) cash-out

Large cash withdrawals from a single ATM or multiple simultaneous withdrawals across regions are considered ATM cashouts. Cyber thieves alter operational settings via an ATM’s web-based control panels to make it possible to withdraw funds beyond the device’s cash limit and over the account balance.

Businesses can protect themselves from ATM cash-out attacks by controlling their IT networks, ATM management systems, and fraud detection mechanisms.

Cybersecurity Measures Every Project Manager Should Know

Online projects are easily prone to cybersecurity attacks because multiple private portals and platforms, such as corporate and personal emails, enterprise content management systems, servers, etc., are shared and accessed there.

Add to this that you might need to work with external teams and freelancers to get some steps done. A compromise from any team member could result in a cyber catastrophe. To avoid this, you need to take some severe measures:

Educate team members and stakeholders

The rule of thumb in cybersecurity is that humans are the weakest part of the security chain and that most compromises could be traced to a human factor. So it’s essential to educate everyone who interacts with your systems. This includes your project team members, external contractors, project owners, and other stakeholders.

Start by creating cybersecurity awareness around the common threats we examined to give them a sense of what they might encounter. Remind them that they should never share critical information via email, especially regarding the company’s financial details, even as internal communication.

If necessary, create onboarding programs and courses through your learning management systems to ensure your team members access the information required.

Cybercriminals often attempt phishing, DDoS, and CATO attacks over emails, so your team members must double-check the sender’s email address before opening one.

Remind them that they must always copy and paste links in an email manually rather than clicking on them to take even further precautions. Your email provider most likely uses security to warn you about unsafe content coming from untrustworthy providers.

Follow their recommendations if you’re not 100% sure of the sender. If you think you or one of your team members clicked on a link that downloaded harmful software, update your computer’s security software and run a scan.

Use safe passwords and double opt-in

Verizon Data Breach Investigations Report (DBIR) found that in 2021, 81% of hacking-related breaches were caused by stolen or weak passwords. Unfortunately, however, internet users often don’t spare the time to create and memorize strong passwords or fear that they will forget them. That’s why 123456 is one of the top-10 common passwords online.

Internxt Password Checker is a tool to check your password strength.

Every one of your business accounts must have unique passwords that are updated once in a while. The ideal password would be over 15 characters, randomly generated. Of course, it would be nearly impossible to remember all of your passwords, so you can use a password manager tool that’ll create and store unique passwords for you.

Remember that some business services and products come with default passwords that you shouldn’t be using for long. Change them and create a unique password for each one. However, when you ask for passwords to grant access to a system, do not enforce regular password.

Every one of your business accounts must have unique passwords that are updated once in a while. The ideal password would be over 15 characters, randomly generated. Of course, it would be nearly impossible to remember all of your passwords, so you can use a password manager tool that’ll create and store unique passwords for you.

Remember that some of the services or products come with default passwords that you shouldn’t be using for long. Change them and create a unique password for each one. However, when you ask for passwords to grant access to a system, do not enforce regular password changes to avoid password overload. They only need to be changed when there’s a risk of data compromise.

Use a secure cloud service to host and share files

Regardless of the size of your business, you must store data in a secure place, and you must take backups of it regularly because cyber attackers will be more hesitant to attack safeguarded data and less likely to hold your data for ransom. Be it docs, photos, videos, PDFs, all your work crucial data should be backed up to a cloud.

The assistant director of the FBI’s Cyber Division, Bryan Vorndran, explains how businesses attract cybercriminals by not backing-up data: “Cyber-criminals recognize profit can be maximized by targeting organizations where downtime cannot be tolerated – specifically, infrastructure critical to public safety.’’

Use a cloud service like the intuitive Internxt to store and safeguard your data. Internxt automatically encrypts a file you upload, scrambling the information and rendering it unreadable.

Only you can use the encryption key to decrypt the file and read it. The tool allows you to share files securely by creating a mnemonic of the file with a code in the link. Only those with the link containing the code can download the content without corrupting it.

Do a proper cybersecurity risk assessment

Risk assessment is an essential step in project planning and management. Knowing what is and what might come your way, the recognized and suspected risk factors will be vital to your project's health. Work with an IT specialist to assess potential cybersecurity risks associated with your project

IT specialists will help you identify the need for necessary software, manage data authorization, enhance verification processes, and educate your team about the security measures they need to take⁠—such as taking backups and using security software.

Mitigating risks in a project can be done via different risk management strategies, but risk avoidance is perhaps the most helpful in the planning stage.

Say, for instance, you forecast a precarious situation that might affect your project's progress in a foreseeable period. You can either revise the project's objectives to overcome the obstacle or stick to your initial goals and change your approach to the problem. A risk management tool can help you devise and implement the right risk management strategies.

Another risk management strategy is transferring the risk to a third party. Small businesses are much better off outsourcing the security requirements of a project or purchasing insurance. Working with a cloud service partner is a risk transfer, for example. But note that the cost of shifting the risk should not exceed the price of risk realization.

Use secure project management tools

Project-related tools such as project management tools, prototyping tools, or product requirement tools access and store your data daily, so use secure ones. Sensitive information and customer data circulate on your software's database. A security breach on their systems can harm your reputation and cause financial harm to you. So what to look for in a secure PM software?

The software must encrypt and transmit your data via SMB 3.0, HTTPS, and SSL protocols to ensure it's not changed or read. It should offer malware protection and automated security testing. Also, the tool you choose must store your data in real-time to make sure it's accessible to all users on multiple servers dispersed around regions.

Two-factor authentication is a top criterion in PM software since it's a necessary precaution against cyberattacks. And time-based one-time passwords (TOTPs) are especially great at protecting accounts.

Keep in mind that your passwords must be encrypted too, and nobody, even your account representative, should have access to it. The tool must submit user credentials over encrypted sessions.

In addition to focusing on security features, it's essential to ensure that your team members are proficient in using the PM software effectively. Consider offering courses for project management online to your employees to familiarize them with the tools' functionalities and best practices.

Internxt is a cloud storage service based on encryption and privacy.

Strong Cybersecurity Measures in a Nutshell

Project managers are responsible for the cybersecurity of their projects. Every single project manager in the world needs a firm security policy!

If anything goes wrong, their teams' efforts are wasted, and the critical information of all the people involved (including personal/corporate emails, bank account information, platform login credentials, etc.) is compromised.

To avoid this, you need to take some cybersecurity measures:

  1. Continually educate people involved in the project, including all stakeholders, third-party teams, and freelancers, about best cybersecurity practices.
  2. Use safe passwords and double opt-in options.
  3. Store your critical files on a secure cloud service such as Internxt and keep backups of your projects there.
  4. Do a cybersecurity risk assessment before and during the project.
  5. Use secure project-related tools with high-security features.