What steps can housing providers take to protect their digital infrastructures from cyber risks?
In today’s world, digital transformation isn’t something any organisation can afford to neglect. On the whole, housing providers haven’t been seen as particularly tech-savvy, but with the pandemic pushing them into remote working, they have emerged digitally stronger. However, while digitalisation offers many benefits, it also carries serious risks.
In my 20+ years in the housing sector, I’ve never seen such momentum for digital transformation. However, with pandemic-inspired digital transformations specifically, new opportunities have emerged for hackers, based on the vast amounts of data held by housing providers allied to the chaos resulting from housing providers having had to rethink and re-engineer their processes very quickly. So, one of the key challenges of the next year or so will be how to embrace digital transformation while ensuring it isn’t detrimental to your organisation’s security.
New processes & new risks
As 99 per cent of housing providers plan to move to a hybrid working model, now’s the time to review these newly-implemented solutions in the light of data governance, regulatory compliance and security. Ask yourself, are the solutions the right fit in the longer term?
Whether you implemented a new IT system or changed a business process, continuous testing of your digital infrastructure for vulnerabilities is indispensable. Part of this evaluation is to ensure that your staff are ‘cyber aware’ and a strong culture of security awareness pervades the organisation.
Implementing guidelines for staff can ensure they can work from home securely. Over 700 data breaches were reported by local councils last year, according to FoI research by Redscan. However, the same report revealed that only half of council employees received cyber training. This is concerning – if your staff are unaware or not carrying out your cyber security protocols, your organisation’s security is at risk of crumbling. For example, in our case, we carry out GDPR training at least twice a year for all staff.
Secure by design
As an IT company, cyber security is deeply embedded in our business decisions. We recognise cyber security as a business risk as much as an ICT risk. A ‘secure by design’ approach can protect you against potential attacks, data breaches and any impact on your services’ users. Risks must be considered throughout all of your digital projects’ lifecycles, from planning and design through to implementation, testing and deployment.
In my experience, adopting a proactive approach is vital for managing digital risks. Starts by adopting Murphy’s Law, identifying your risks and potential vulnerabilities on the basis of ‘what could go wrong will go wrong’. Which assets do you want to evaluate? Are you confident in the processes adopted by the third-party hosted systems managing your data? Are the newly-created access paths protected?
For example, here at Home Connections we follow a range of security protocols and provisions, with a high level of data encryption. Through automated penetration test tools, we perform continuous testing of our systems. Our solutions are all cloud-based and accredited to key ISO standards, adding increased reliability and security to our choice-based lettings and other systems as well as the information processed by them.
A range of external tools is available to help your organisation deliver a successful vulnerability assessment. For example, automated scanning software uses threat intelligence to actively scan your systems and analyse them against known security risks from vulnerability databases.
Regular IT & risk assessments
The frequency of risk assessments is important to secure your organisation’s digital infrastructure. It is not at all surprising to see the lack of regular IT health checks and the use of legacy technology as two of the main digital risks the housing sector faces, according to a recent report by the Ministry of Housing, Communities and Government. Information security and data quality are others.
However, beyond identifying vulnerabilities, you must take a closer look at the reasons behind them, the possible impact and how they can be alleviated. Creating a risk mitigation plan might sound daunting, but it’s especially important on the context of digital transformation. Follow-up audits verify if any potential threats have been eliminated as well as provide lessons to help you improve your control frameworks.
Digital risks naturally increase as we increasingly rely on technology. Remember – cyber criminals only need one exposure.
Being cyber aware, having the correct procedures and adopting a business culture that values cyber security as a strategy are the tools to avoid disruption to the essential services you deliver as a housing provider.
Ninesh Muthiah is the founder & CEO of Home Connections.