I’d like to discuss risk management on our creative projects. It seems even more appropriate now that we have learned in the last few days that hackers from outside the US have somehow managed to infiltrate nearly every single federal agency database to access millions of federal workers’ data and may be creating some sort of massive database on all Americans. On top of that, we learn that the Internal Revenue Service (IRS) has recently been hacked causing $50 million worth of fraudulent returns to be filed.
How does this affect your creative organization and creative projects? This breach does not, thankfully. But the security risks are real. Does your organization plan for risk? Are you mapping out some time up front on your creative projects to consider the potential risks to your intellectual property, your customers’ requirements and business processes that you’ve documented, your customers’ financial information, and your employee data among other considerations?
If the answer is “yes” then great, but you are likely falling a bit short. If the answer is “no”, congratulations…you are answering honestly and are not in denial. And now you know you should probably be doing a lot more. At least start by incorporating these three steps:
Consider the risks. Meet as a team – and with your customer – and conduct upfront risk planning on each of your creative projects going forward. Map out a list of potential risks – anything from data and WiFi concerns to 3rd party vendors going out of business mid-project to an employee leaving the company and dozens of others. Some will be specific and new to each project, some will be risks on every single project. Make the list – usually it’s called a risk register – and track it throughout the project. During the upfront planning as you consider each risk, be thinking, planning and documenting how your organization could best react quickly to each risk to mitigate it or avoid the downside of each risk. Having an action plan in place when several of these risks become a reality may be the difference between saving a project – or your organization – or going down the tubes.
Check your network. What does your network and WiFi security look like? Ensure that everything is up to date and password protected. If you aren’t an interesting target like the IRS, then at least ensure that you aren’t an easy target for Joe Hacker down the street who just wants to mess with you. Or possibly that frustrated ex-employee you had to let go last month. Creative means creative. He might find a way to bring you down…be ready…or better yet don’t let him in at all.
Train employees. Train employees in security awareness. There tons of great videos online about how best to manage your daily business with an eye towards digital security. It takes more than a policy or process. It takes awareness and cooperation of all employees in the organization. It only takes one person not complying to allow a breach in through their computer. Be careful…this is 2015, not 1985. Unfortunately, a lot has indeed changed.
The bottom line is we have to get out of the mindset that it won’t happen to us. Risk is real. Risk is dangerous. Not bodily dangerous, but financially dangerous and that’s bad, too. What measures are you taking to plan for risks on your projects? What’s working and what’s not? How are employees taking it and cooperating? Please share and discuss.