How can the sector’s IT professionals safeguard their tech stacks? John Blackburn, operations director at IT support provider Central Networks and social housing expert, outlines some crucial steps to implement, before it’s too late.
Investing in cyber security processes can sometimes seem difficult to justify when cost savings need to be made — particularly for organisations who have never fallen victim to an attack. However, with housing associations (HAs) handling a multitude of sensitive and confidential data, combined with changing work patterns and increased reliance on technology, this creates the perfect storm for perpetrators to infiltrate systems.
So, how can the sector’s IT professionals safeguard their tech stacks? Cyber criminals will capitalise on weak security within IT systems, and at a more accelerated rate than ever before. A 2023 ‘Ransomware Insights’ report indicates that over 70% of global organisations were victimised by these attacks over the previous year. Having a large digital footprint, with multiple points of entry, HAs are increasingly susceptible to these threats too.
The threat of data publication is often more impactful for local government organisations such as HAs. They will commonly hold both personal and special category data that needs more protection due to its sensitivity — such as racial or ethnic origin. The sector is already well served by a healthy claimant legal community, and a data breach arising out of a cyber-attack can expose organisations to a significant legal cost from claims.
Names, phone numbers, postcodes, bank details — tenant data relies on a robust IT security system to keep it out of the wrong hands.
Prioritising resources
HAs face many challenges when it comes to cyber security, including recruiting and retaining suitably qualified staff trained in security management. In addition, infrastructure hosted in the cloud can grow quicker than most organisations can keep up with — making data, people, and processes vulnerable to attack. Often, IT teams are unfairly burdened with defence responsibilities beyond their expertise. So, who can they turn to?
Outsourcing technology requirements means organisations can ‘rest easy’ in the event of disaster – from data breaches to nuisance network downtime — whether inside or outside of operational hours, as well as be alleviated to focus on core business activities.
Optimising IT infrastructure
Outdated legacy software can hinder performance, lack adaptability, and harbour concealed security vulnerabilities. Assess current infrastructure, audit security tools, firewalls, and policies to identify strengths and areas for enhancement.
A specialist third-party will not only advise where upgrades are required, but also actively manage ongoing upkeep to maximise the value of future security investments. Working with clients across an array of different sectors, they can also draw upon intelligence from other customer projects to help quickly solve recurring issues. Having the flexibility to scale up and down as required will prove key for maximising budgets too.
Ensuring complete visibility
At a time when hybrid working is more popular than ever, it’s easy for security upgrades on remote workers’ laptops or smartphones to be missed. It’s vital that organisations have a robust device management policy in place – making sure that all company equipment is updated at the same time, irrespective of its location.
Full visibility over software and hardware updates, anti-virus technology, firewalls, and Virtual Private Networks (VPNs) enables more watertight access control – ensuring only authorised personnel within the organisation can gain entry to sensitive data.
Regular ‘penetration testing’ – effectively, a simulated cyber-attack – is a practical way to determine exactly how employees would approach a real-life incident. Conducting them frequently isn’t about employee surveillance. Instead, it helps to keep everyone alert, ensures a business’s current security strategy is working, and identifies any flaws in software, hardware, endpoints, servers, and more.
Disaster recovery planning
A robust disaster recovery plan is an indispensable asset that safeguards HAs’ long-term viability and resilience. Yet all too often, as the latest Cyber Security Breaches Survey highlights, organisations wait to the wire to invest in their own protocols – often using the destruction of other organisations as a catalyst for change.
By adopting a more proactive approach, HAs can respond efficiently in times of crisis – with strategies and procedures in place to minimise downtime, mitigate risks, ensure the safety of residents, and preserve critical data and infrastructure. Swiftly restoring essential services — such as maintenance, repairs, and communication channels — can help to maintain trust and confidence among residents, employees, and stakeholders alike.
Additionally, a disaster recovery plan ensures compliance with regulatory requirements and demonstrates a commitment to risk management. It provides a structured framework for training staff, testing procedures, and identifying areas of improvement.
Navigating the challenges
By engaging with cyber security experts — with proven expertise within the social housing sector — they can assess vulnerabilities, implement robust security measures, conduct regular audits, and educate staff and tenants about risks.
Given the rapidly evolving nature of the cyber security landscape, leaning on the expertise of professionals is key to ensuring the protection of valuable information and maintaining the trust of tenants and stakeholders, both now and in the future.
