07 August 2023

How social housing professionals can combat cyber-attacks

How social housing professionals can combat cyber-attacks image
Image: Rawpixel.com / Shutterstock.com.

How can the sector’s IT professionals safeguard their tech stacks? John Blackburn, operations director at IT support provider Central Networks and social housing expert, outlines some crucial steps to implement, before it’s too late.

Investing in cyber security processes can sometimes seem difficult to justify when cost savings need to be made — particularly for organisations who have never fallen victim to an attack. However, with housing associations (HAs) handling a multitude of sensitive and confidential data, combined with changing work patterns and increased reliance on technology, this creates the perfect storm for perpetrators to infiltrate systems.

So, how can the sector’s IT professionals safeguard their tech stacks? Cyber criminals will capitalise on weak security within IT systems, and at a more accelerated rate than ever before. A 2023 ‘Ransomware Insights’ report indicates that over 70% of global organisations were victimised by these attacks over the previous year. Having a large digital footprint, with multiple points of entry, HAs are increasingly susceptible to these threats too.

The threat of data publication is often more impactful for local government organisations such as HAs. They will commonly hold both personal and special category data that needs more protection due to its sensitivity — such as racial or ethnic origin. The sector is already well served by a healthy claimant legal community, and a data breach arising out of a cyber-attack can expose organisations to a significant legal cost from claims.

Names, phone numbers, postcodes, bank details — tenant data relies on a robust IT security system to keep it out of the wrong hands.

Prioritising resources

HAs face many challenges when it comes to cyber security, including recruiting and retaining suitably qualified staff trained in security management. In addition, infrastructure hosted in the cloud can grow quicker than most organisations can keep up with — making data, people, and processes vulnerable to attack. Often, IT teams are unfairly burdened with defence responsibilities beyond their expertise. So, who can they turn to?

Outsourcing technology requirements means organisations can ‘rest easy’ in the event of disaster – from data breaches to nuisance network downtime — whether inside or outside of operational hours, as well as be alleviated to focus on core business activities.

Optimising IT infrastructure

Outdated legacy software can hinder performance, lack adaptability, and harbour concealed security vulnerabilities. Assess current infrastructure, audit security tools, firewalls, and policies to identify strengths and areas for enhancement.

A specialist third-party will not only advise where upgrades are required, but also actively manage ongoing upkeep to maximise the value of future security investments. Working with clients across an array of different sectors, they can also draw upon intelligence from other customer projects to help quickly solve recurring issues. Having the flexibility to scale up and down as required will prove key for maximising budgets too.

Ensuring complete visibility

At a time when hybrid working is more popular than ever, it’s easy for security upgrades on remote workers’ laptops or smartphones to be missed. It’s vital that organisations have a robust device management policy in place – making sure that all company equipment is updated at the same time, irrespective of its location.

Full visibility over software and hardware updates, anti-virus technology, firewalls, and Virtual Private Networks (VPNs) enables more watertight access control – ensuring only authorised personnel within the organisation can gain entry to sensitive data.

Regular ‘penetration testing’ – effectively, a simulated cyber-attack – is a practical way to determine exactly how employees would approach a real-life incident. Conducting them frequently isn’t about employee surveillance. Instead, it helps to keep everyone alert, ensures a business’s current security strategy is working, and identifies any flaws in software, hardware, endpoints, servers, and more.

Disaster recovery planning

A robust disaster recovery plan is an indispensable asset that safeguards HAs’ long-term viability and resilience. Yet all too often, as the latest Cyber Security Breaches Survey highlights, organisations wait to the wire to invest in their own protocols – often using the destruction of other organisations as a catalyst for change.

By adopting a more proactive approach, HAs can respond efficiently in times of crisis – with strategies and procedures in place to minimise downtime, mitigate risks, ensure the safety of residents, and preserve critical data and infrastructure. Swiftly restoring essential services — such as maintenance, repairs, and communication channels — can help to maintain trust and confidence among residents, employees, and stakeholders alike.

Additionally, a disaster recovery plan ensures compliance with regulatory requirements and demonstrates a commitment to risk management. It provides a structured framework for training staff, testing procedures, and identifying areas of improvement.

Navigating the challenges

By engaging with cyber security experts — with proven expertise within the social housing sector — they can assess vulnerabilities, implement robust security measures, conduct regular audits, and educate staff and tenants about risks.

Given the rapidly evolving nature of the cyber security landscape, leaning on the expertise of professionals is key to ensuring the protection of valuable information and maintaining the trust of tenants and stakeholders, both now and in the future.

SIGN UP
For your free daily news bulletin
Highways jobs

Director of Public Health

Royal Borough of Greenwich
Up to £131,210
The Public Health department is at the heart of the council’s business. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Head of Regeneration and Growth

Plymouth City Council
£68,387 - £74,411 (MFS and relocation available, pay award pending)
This is a unique opportunity to lead our award-winning development team and directly deliver hundreds of millions of pounds of projects. Plymouth, Devon
Recuriter: Plymouth City Council

Director of Adult Social Care

Wiltshire Council
£119,390 - £127,137
Join us as the Director of Adult Social Care and make a real difference to people’s lives. Wiltshire
Recuriter: Wiltshire Council

Assistant Director Planning, Performance & Engagement

East Sussex County Council
up to £97,700
With strong local communities, unspoilt countryside and vibrant coastal towns, East Sussex offers an exceptional quality of life to many. East Sussex
Recuriter: East Sussex County Council

Director of Finance & Commerce

Lancashire County Council
Up to £114,339
You will play a critical role in driving the organisation through complex change and innovation. Lancashire
Recuriter: Lancashire County Council
Linkedin Banner