Social engineering is more commonly associated with cyber security attacks, but it can also be used to manipulate your project team. And in some ways, PMOs may be more vulnerable to this kind of exploitation, largely because of the need to be in near-constant contact with end users, stakeholders, business partners, and other supporters. While you may have already talked with your team about managing confidential information (5-tips-for-managing-confidential-information), it’s important to remember that a number of less-obvious opportunities exist for external folks to pry sensitive information out of your team members. Below are a just a few examples of how social engineering can put your PMO in jeopardy.
You bump into a former coworker at a networking event and enjoy some garden-variety gossip about how things are going, including an upcoming project you’re excited about that’s sure to position your company for more sales next year. Uh oh, looks like you should have asked your friend about their new position first—they just told you they now work for a competitor that’s desperate to gain market share in your industry.
A vendor might be willing to give you a break on some new equipment if you can tell them where they need to be on price to make the sale. Think carefully before you divulge your budget numbers—you’re in danger of losing your ability to negotiate, plus you may find the “discount” price exactly matches the funds you have available.
Potential collaborators will naturally have a lot of questions for you, but hold off on revealing anything sensitive until non-disclosure agreements are signed. Even the most honorable associates could leave the bargaining table with highly damaging information if negotiations fall through—you don’t want to think about what could happen if the meeting was a ruse perpetrated by someone shady.