What if the information you are sending is not being accessed by only the intended recipient, or your communication channel is not secure enough? Are you scared of leaking confidential information to third parties? If you answered “Yes” to any of the above, there is a need to put in place strategies to ensure that your information is effective.
Information and communication management is a key aspect of project management, which focuses on ensuring that the right information gets to the right persons only and also at the right time. When information is properly managed, it reduces the probability of mistakes that could occur as a result of poor communication within organizations.
PMP Training – Resources (Intense)
While communication management is largely focused on managing the communication as a whole (communication channel, method, recipient, sender, time, etc.), information management is associated with deploying new technologies, such as information management systems, portal applications, and data warehouses, that allow for effective distribution and security of information.
A project will always require continuous circulation and storage of information. This article would focus on how to ensure security of information.
The PMBOK is the default guide for project managers but it unfortunately does not explain explicitly how project information can be secured. The responsibility therefore falls on the project manager to determine the best way to ensure project information security. Since you are not an Internet security expert, how then do you know the basic security measures to take on your project?
Storing Project Information
There are numerous ways in which project information can be stored. For the purpose of this analysis. we will generalize them into two broad forms that will then be analyzed in detail. These storage methods are:
- Manual storage medium
- Electronic storage medium
Manual Storage Medium
This is the traditional method of storing hardcopy information using project files. Project information is stored in physical files that are kept in the project office. The project management office determines who has access to what information. This type of information storage system has a lot of flaws and is not as efficient as the electronic storage system, but it serves as the basics for which the modern-day electronic system was developed.
Although project managers put in place access and security restrictions to the information archive, the physical file storage system is less secured as it requires a lot of financial and material resources to ensure a high level of security. The security breach danger is also very high, as storing and retrieving information requires a lot of human interaction, which cannot easily be monitored.
There is also a need for physical transfer of files from the point of storage to the point of requirement. This increases the amount of time it takes to access the required information significantly, especially when there is a great distance between where information is stored and where it is required. Physically transferring files also poses a lot of security threats, both in terms of compromise and files getting missing or destroyed. In order to eliminate the numerous security challenges and mistakes that resulted from the manual storage system, the electronic storage system was invented.
The Electronic Storage Medium
As mentioned earlier, the manual storage system formed the basis from which the electronic storage medium was invented. These provided solutions for security threat that came about as a result of damage and loss of data from the traditional storage method. An increase in technology has also led to an increase in the speed at which information is transferred from source to user. Information is actually transferred in real time nowadays, as we all know, which means that, no matter of where the information is located, it can be accessed whenever the information is required.
The electronic storage medium can be sub-classified into two categories, cloud and non-cloud storage. The debate between cloud and non-cloud storage is a popular one in the IT industry, especially when it comes to security. Here is a general perspective about both of them.
- Cloud Storage—This is the use of Internet-based technology to store your data with offsite providers, which reduces your reliance on in-house storage. By adopting cloud computing, you can have access to your data anywhere there is Internet, as long as you have a device that can access the host server. Cloud computing is daily being adopted by both large and small organizations, as it has proven efficient in reducing general overhead cost and security.
- Non-Cloud Storage—Another popular way of storing data electronically is to store it offline. This requires an organization to have its own physical server, control it, maintain it and ensure it is running all the time. Depending on the organization, non-cloud storage might be accessible online or offline.
While the non-cloud storage gives an organization total control of their server and security, general research has proven that it might be more expensive when compared to cloud storage. Cloud storage is flexible because it allows the user to pay only for storage space used there is need to buy large servers, and there is no worry about maintenance. Also, while non-cloud storage systems might seem to be more secured, since all data are stored in-house, do not forget that the use of cloud storage sub-contracts your storage and data security to other organization that have developed skills, experience, and competence in data storage. It is therefore our duty as project managers to weigh the situation vis-à-vis the requirement of the organization, budget, and security level required before determining the type of data storage medium to use.
Data Type and Data Storage
Another major factor that determines the security level to be used by an organization is the type of information to be stored, including what privacy level is required for the data and whom is the information meant for. Information regarding trademarks, patents, trade secrets, etc., requires a high level of privacy when compared to information meant for the project team members. Similarly, while information meant for customers might be kept on the website, some shareholders’ information should be kept within the organization.
Precautionary Security Activities to Be Taken by Project Team Members
Here we go again. As stated earlier, information is only as secure as the people handling the information. In order to ensure proper security of information, project team members and everyone who has access to important organizational information should carry out the following.
Training—Project management is designed with a systematic approach to carrying out tasks, therefore making uninformed assumption is a big challenge. As a project manager, if you are uncertain about any aspect of your project, call a meeting of required stakeholders and find out. While the importance of information security is becoming general knowledge, it is wrong to assume your project team members know how to handle project information security. Conduct a training session to teach them about the importance of information security and the ways you want your organization’s information handled.
Data Encryption—Depending on the security level of the data to be secured, there might be a need for data to be encrypted. Information should also be sent over secure servers. Going an extra mile in employing an IT consultant to determine and ensure the security of information and information channels might be more effective when compared to the challenges that come with a breach of security.
Monitoring and Enforcing—Did you train your staff on achieving the level of project security you desire and realize it has not been as effective as it used to be? Project security training is not a one-off affair, but a continuous process. There is a need to monitor and put in place measures that will enforce the security principles of an organization.
Password Protection—Passwords are part of our everyday life and more people are beginning to take them for granted. Factors as little as the combination of characters for your password can make the difference in how secure our project data is. Passwords should not be easy to guess such as names, birthdates, and addresses. Finally, it also should always remain personal and should not be made known to a second or third party as the case might be.
Accessibility—Not all project stakeholders require the same type of information. Just as stakeholders are classified, information should be classified and various accessibility levels should be provided to stakeholders, depending on the level of classification
Technology—Although information is only as secure as the people handling it, technology goes a long way in securing information. The constant advancement of information technology has made it easier, cheaper, and faster to secure project information. The use of technology has also made it easier to hack into organizational information, allowing useful organizational information to fall into wrong hands. It is our responsibility as project managers to follow the trend of technology and update the technology used in securing organizational information where necessary.
Project Information security is an important aspect of project management that has not been fully explored by most project management researchers. This article compared various ways of storing project information and their advantages and disadvantages, as well as security measures to be taken by organizations and individuals in ensuring data security
Once again, thank you for reading. As usual, If you do have any question or suggestion, do leave us a message in the comment box below.