CXO

How to build a layered security model into the project management process

Project managers and project teams can make security a key part of every project with these best practices.

In a recent Global Economic Crime Survey, PwC revealed cybercrime, ethics, compliance issues, and money laundering are key areas of economic theft, making financial institutions high-risk targets. Within these institutions, project managers and their teams must work with IT and other business units to implement a layered security approach throughout the project management process.

Best practices for implementing a layered security model include tightening financial systems and internal controls to segregate duties around data input and approvals. Identifying where sensitive client and financial data is stored and controlling how and where it is transmitted. Ensuring sufficient banking encryption and login authentication is in place and client privacy regulations are adhered to.

Ensure secure storage, transmission, and access to client data during project planning

Every organization should store sensitive data securely, but financial institutions in particular, must be able to identify where their data is stored, created, or accessed, and how it is transferred, said Marc Hickman, COO at WinMagic.

Project managers and leaders of financial institutions need to work closely to complete a comprehensive risk assessment and determine strategies to mitigate the risk of client or financial data theft or loss. This should identify all potential risk points including employees, management, vendors, data center staff, third parties, and banking clients themselves.

Hickman also emphasized the need to continually evaluate the institution's overall security posture and ensure any necessary tools are available and are being used properly to counter potential threats. Using strong encryption and having the right authentication system to deal with intrusions, internal threats, and lost, or stolen mobile devices is important, he said.

Mobile device usage can often go unchecked, risking client information - even unintentionally by clients themselves. Pay particular attention to ensure there are stringent privacy policies around mobile device usage.

See: Download our BYOD approval form TechRepublic's sister site Tech Pro Research

Selecting the right security tools to address financial institution needs is vital considering banks are attractive targets for thieves. Carefully solicit and vet vendors that specialize in security for financial institutions.

Here are some steps project managers and teams should take to ensure that security tools are in place:

  • Document all areas that pose a risk for loss or theft of client and financial data. Identify requirements and factor in internal financial controls, regulatory compliance, access to funds, and fund transfers.
  • Research and short-list vendors and solutions that can specifically address security weaknesses in financial institutions.
  • Ask for referrals from other financial institutions to ensure a vendor's solution can live up to its promises.
  • Ensure agreements are in place to avoid surprises.
  • During implementation, test frequently on multiple levels and security breach scenarios.

Security policies should be enforced at every stage of the project

Project managers should ensure the right security policies are in place and that everyone involved in the project follows them. French Caldwell, chief evangelist at MetricStream, said, right from the start policies for information governance should be put in place, as well as the identification of the controls that support those policies.

Caldwell also stressed the importance of periodic training, privacy policies, and ensuring effective third-party management of customer information. This is particularly important as client data is often passed through many hands in a single day. Project managers should work with financial institutions and their legal departments to create the necessary documents, such as confidentiality agreements, and provide security training for both employees and external parties.

Project managers can work with financial institution leaders to:

  • Ensure all individuals with access to sensitive client information undergoes some level of security check to ensure they do not pose a risk to client or bank information.
  • Ensure employees and third-parties, especially those with access to sensitive data sign a confidentiality agreement.
  • Establish stricter internal controls around access to and transfer of funds, data input, and approval of financial information and transactions.
  • After determining phishing, fraud and laundering risks. Ensure they are identified, documented, and measures are implemented to address them.
  • Conduct ongoing financial and risk audits, and keep up to date on banking regulations.

SEE: Download our Vendor relationships ethics policy (Tech Pro Research)

Don't let your next project create a security nightmare

In recent news, Equifax's enormous security breach compromised the identity and financial information of approximately 143 million Americans. This is an alarming example of why project management needs to ensure sufficient security measures are in place. Understanding past security breaches at financial institutions can help to improve security strategies.

Also see:

istock-578833436.jpg
Image: iStock/ValeryBrozhinsky

About Moira Alexander

Moira Alexander is the author of "LEAD or LAG: Linking Strategic Project Management & Thought Leadership" and Founder & President of Lead-Her-Ship Group. She's also a project management and IT freelance columnist for various publications, and a contr...

Editor's Picks

Free Newsletters, In your Inbox