07 August 2023

How social housing professionals can combat cyber-attacks

How social housing professionals can combat cyber-attacks image
Image: Rawpixel.com / Shutterstock.com.

How can the sector’s IT professionals safeguard their tech stacks? John Blackburn, operations director at IT support provider Central Networks and social housing expert, outlines some crucial steps to implement, before it’s too late.

Investing in cyber security processes can sometimes seem difficult to justify when cost savings need to be made — particularly for organisations who have never fallen victim to an attack. However, with housing associations (HAs) handling a multitude of sensitive and confidential data, combined with changing work patterns and increased reliance on technology, this creates the perfect storm for perpetrators to infiltrate systems.

So, how can the sector’s IT professionals safeguard their tech stacks? Cyber criminals will capitalise on weak security within IT systems, and at a more accelerated rate than ever before. A 2023 ‘Ransomware Insights’ report indicates that over 70% of global organisations were victimised by these attacks over the previous year. Having a large digital footprint, with multiple points of entry, HAs are increasingly susceptible to these threats too.

The threat of data publication is often more impactful for local government organisations such as HAs. They will commonly hold both personal and special category data that needs more protection due to its sensitivity — such as racial or ethnic origin. The sector is already well served by a healthy claimant legal community, and a data breach arising out of a cyber-attack can expose organisations to a significant legal cost from claims.

Names, phone numbers, postcodes, bank details — tenant data relies on a robust IT security system to keep it out of the wrong hands.

Prioritising resources

HAs face many challenges when it comes to cyber security, including recruiting and retaining suitably qualified staff trained in security management. In addition, infrastructure hosted in the cloud can grow quicker than most organisations can keep up with — making data, people, and processes vulnerable to attack. Often, IT teams are unfairly burdened with defence responsibilities beyond their expertise. So, who can they turn to?

Outsourcing technology requirements means organisations can ‘rest easy’ in the event of disaster – from data breaches to nuisance network downtime — whether inside or outside of operational hours, as well as be alleviated to focus on core business activities.

Optimising IT infrastructure

Outdated legacy software can hinder performance, lack adaptability, and harbour concealed security vulnerabilities. Assess current infrastructure, audit security tools, firewalls, and policies to identify strengths and areas for enhancement.

A specialist third-party will not only advise where upgrades are required, but also actively manage ongoing upkeep to maximise the value of future security investments. Working with clients across an array of different sectors, they can also draw upon intelligence from other customer projects to help quickly solve recurring issues. Having the flexibility to scale up and down as required will prove key for maximising budgets too.

Ensuring complete visibility

At a time when hybrid working is more popular than ever, it’s easy for security upgrades on remote workers’ laptops or smartphones to be missed. It’s vital that organisations have a robust device management policy in place – making sure that all company equipment is updated at the same time, irrespective of its location.

Full visibility over software and hardware updates, anti-virus technology, firewalls, and Virtual Private Networks (VPNs) enables more watertight access control – ensuring only authorised personnel within the organisation can gain entry to sensitive data.

Regular ‘penetration testing’ – effectively, a simulated cyber-attack – is a practical way to determine exactly how employees would approach a real-life incident. Conducting them frequently isn’t about employee surveillance. Instead, it helps to keep everyone alert, ensures a business’s current security strategy is working, and identifies any flaws in software, hardware, endpoints, servers, and more.

Disaster recovery planning

A robust disaster recovery plan is an indispensable asset that safeguards HAs’ long-term viability and resilience. Yet all too often, as the latest Cyber Security Breaches Survey highlights, organisations wait to the wire to invest in their own protocols – often using the destruction of other organisations as a catalyst for change.

By adopting a more proactive approach, HAs can respond efficiently in times of crisis – with strategies and procedures in place to minimise downtime, mitigate risks, ensure the safety of residents, and preserve critical data and infrastructure. Swiftly restoring essential services — such as maintenance, repairs, and communication channels — can help to maintain trust and confidence among residents, employees, and stakeholders alike.

Additionally, a disaster recovery plan ensures compliance with regulatory requirements and demonstrates a commitment to risk management. It provides a structured framework for training staff, testing procedures, and identifying areas of improvement.

Navigating the challenges

By engaging with cyber security experts — with proven expertise within the social housing sector — they can assess vulnerabilities, implement robust security measures, conduct regular audits, and educate staff and tenants about risks.

Given the rapidly evolving nature of the cyber security landscape, leaning on the expertise of professionals is key to ensuring the protection of valuable information and maintaining the trust of tenants and stakeholders, both now and in the future.

SIGN UP
For your free daily news bulletin
Highways jobs

Care & Support Worker

West Northamptonshire Council
£13.52ph
36 hours per week (12 hours day shifts). Operating on a 4 week rolling rota. The current rota for this position does not include any weekend working. The team will provide quality care for our people, specialising in rehabilitation/reablement and sub-acu Northampton
Recuriter: West Northamptonshire Council

Graduate Trainee Emergency Planning and Resilience Consultant

Essex County Council
£27055.00 - £31829.00 per annum
Are you a Graduate, looking to become part of a crucial, efficient and high achieving team? England, Essex, Chelmsford
Recuriter: Essex County Council

Senior Finance Officer- Transactional Services

Essex County Council
£34121.00 - £40142.00 per annum
Senior Finance Officer- Transactional ServicesFixed Term, Full Time£34,121 up to £40,142 per annumLocation
Recuriter: Essex County Council

Social Worker

Durham County Council
Grade 9 - £35,412 - £39,152 (pre-progression) / Grade 11 - £40,777 - £45,091 (post-progression)
Applications are invited for a Social Worker within the Durham and Chester le Street Locality Team, temporary until 30 September 2026 subject to the r Durham
Recuriter: Durham County Council

Independent Reviewing Officer

Durham County Council
Grade 14 £50,269 - £54,495 pro rata
Are you a child and family social worker with 5 years of post-qualifying experience looking for the next step of your career?   What is Involved? As a Spennymoor
Recuriter: Durham County Council
Linkedin Banner