Skip to content

How project managers can help companies better navigate security risks from COVID-19

Social distancing and remote working during COVID-19 have increased cybersecurity risks for companies worldwide, increasing the need for project managers to work on more security-related efforts.


Image: dj_aof, Getty Images/iStockphoto

More about cybersecurity

Recently, Deloitte announced that it has observed: “a spike in phishing attacks, Malspams, and ransomware attacks as attackers are using COVID-19 as bait to impersonate brands thereby misleading employees and customers.” With cybercriminals around the world capitalizing on this crisis, security gap identification and resolution projects will become a frequent focus for project managers. The good news is project managers often excel under pressure and can be highly valuable assets to information security and internal audit teams.

SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)

Working with internal auditors

Internal auditors have a unique view of organizations for virtually every vantage point. They understand human-, technology-, and process-based risks and typically know all of each business unit’s weaknesses. Project managers can work alongside these audit teams to isolate security risks brought about by COVID-19 and implement changes that address emerging threats. With the pandemic forcing employees to work remotely, cybercriminals will continue to target employees and companies for financial gain. 

Project managers working with audit teams will need to factor in these items when working on risk management initiatives: 

  • Adapting operating models to continue delivering on your internal audit (IA) mission
  • Maintaining continuous and efficient interactions with IA stakeholders
  • Technological solutions to provide a secure and seamless remote working environment
  • IT team structures to effectively operate their IT support and control functions remotely
  • Safeguards to ensure that all remote services and transfers of data are not compromised
  • Managing internal controls of third-party providers 
  • Security surrounding data and services for providers impacted by the COVID-19 disruptions

Internal controls, safeguards, and closing risk gaps are an essential part of any organization’s security. Together with IA teams, project managers can ensure that the necessary internal control projects can be successfully planned and implemented.

Working with information security  

Regardless of industry, cybersecurity threats are creating financial, operational, and reputational risks for businesses. Information security teams have their hands full, and this isn’t expected to slow down after the pandemic. As part of a joint effort with the World Economic Forum’s Center for Cybersecurity, KPMG outlines these five principles that project managers and information security experts can implement to help cybersecurity leaders prepare for the new landscape.

  1. Fostering a culture of cyber resilience requires breaking down barriers between departments. This can create a culture of resilience across IT, operational technology, and business-facing functions. It helps to increase company-wide accountability.
  2. Focusing on protecting critical capabilities and services that re-establish a cyber hygiene culture. This also involves moving to newer models of managing access, monitoring critical asset activity, and prioritizing automation investments.
  3. Balancing risk-informed decisions during the crisis and beyond involves revising the supply chain approach, defining practical, relevant cyber risk metrics, and focusing on operational risks when designing new digital strategies.
  4. Updating and practicing response and business continuity plans that revise and test resilience planning processes. This also means preparing crisis management teams to function under intense pressure to be able to redefine the worst-case scenarios in the new reality.
  5. Strengthening ecosystem-wide collaboration by collaborating with industry networks and establishing awareness and intelligence-sharing sessions. All parties need to work together to disrupt criminal activities as well as devise a systemic risk management approach as part of the broader community.

Rather than having information security and internal audit working on separate security initiatives, project managers have the skills and knowledge to help these teams combine their efforts to implement effective security measures together.

Also see