A project manager is leading the development of a new mobile banking application. The project team is small, cohesive, and has a strong history of working together with high mutual trust. A developer suggests using a popular, unencrypted instant messaging service for quick discussions about client data integration to speed up the process. What is the project manager's BEST course of action?
Document the risk in the project log and remind the team to be careful about what they share on the platform.
Mandate that all sensitive data discussions occur only on the company's approved, end-to-end encrypted communication platform.
Allow the use of the messaging service to maintain team morale and agility, trusting the team's discretion.
Ask the team to create a private, invitation-only channel on the messaging service for project discussions.
The correct action is to mandate the use of a secure, company-approved communication platform. While team trust is valuable for collaboration, it does not provide technical protection for sensitive data. Communication security relies on implementing formal controls like encryption and using approved, secure channels to protect information from interception and unauthorized access. Using an unencrypted public platform for sensitive data, even in a private channel, poses a significant security risk. Monitoring the chat or simply asking for a private channel does not mitigate the fundamental lack of encryption.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is encryption important for communication in projects with sensitive data?
Open an interactive chat with Bash
What is an approved communication platform and why is it necessary to use one?
Open an interactive chat with Bash
What are the risks of using unencrypted messaging services for sensitive data?