Cyber-attacks are a major threat for any business and housing providers aren’t immune. The pandemic has forced almost all housing providers to rely more heavily on digital services to carry out their operations, but this has also enhanced their vulnerability. Email-phishing attacks alone saw a seven-fold surge during the pandemic, demonstrating the growing danger of cybercrime and the need to implement sufficient cyber-security measures to protect an organisation and its customers. If housing providers don’t take the necessary precautions to protect themselves against these attacks then they themselves will become active targets.
A realistic threat?
The threat to housing providers is very real, with several having experienced major cyber-attacks during the past year and severely disrupted services. These attacks are only likely to increase as housing providers continue to develop their digital offerings. If housing providers are going to protect themselves, they need to be aware of these types of threats and ensure that their IT systems are capable of preventing such attacks.
Importantly, it’s not only their own organisation that they need to consider, but third-party suppliers and external partners as well. With increased collaboration across both the public and private sectors, any compromise in third-party IT systems would also impact housing providers and their tenants, so this must be considered, especially when protecting sensitive data. Significantly, public-sector organisations have an above-average likelihood of using older technologies and legacy systems, both of which will increase their vulnerability to cyber-attacks.
With housing providers usually holding large amounts of sensitive data on their tenants, it’s vital they have the right systems to prevent any data losses and protect their operations. There are three core areas security teams should focus on – the corporate culture, shadow IT and third-party providers, and investment in IT security.
Improving the security culture across the organisation through user awareness and training can have a dramatic effect in prevention. Your staff and colleagues are the best defence against cyber-attacks, but they are also your organisation’s greatest vulnerability. Email phishing commonly leads to data breaches where attackers pose as legitimate sources, convincing the user to click on a link which may download a virus onto their computer or steal particular pieces of information. With consistent training and greater awareness, colleagues will be more suspicious of emails and more prepared to scrutinise them.
Shadow IT & third-party providers
Housing providers need to reduce the risks posed by shadow IT and third parties. The drive to improve productivity and innovation through the use of new software, web services and hardware without explicit approval from the IT department can introduce serious security risks to an organisation through data leaks and potential compliance violations.
Organisations can minimise this risk by educating their end users and taking preventative measures to monitor and manage unsanctioned applications. Furthermore, data is constantly shared across partners and suppliers so it’s critical to know what steps are being taken to safeguard the information further down the value chain. Without this, a housing provider may be forced to respond to incidents that are beyond its control or originate from an indirect source, resulting in significant reputational damage or loss of customer data.
Investment in IT security
Maintaining your investments in IT is crucial to remaining one step ahead. Cyber-attacks and threats are continuously evolving and becoming more complex and sophisticated. Experienced criminals can now deploy persistent attacks incredibly fast and responding to these types of threats requires an equally speedy approach from housing providers’ IT security teams.
Your IT systems and security methodologies need to be constantly re-assessed as threats adapt and change; if your systems are compromised, it’s usually too late to take preventative action because the damage will already have been done.
Ultimately, cyber security isn’t just an IT problem, but the responsibility of everyone in your organisation from the board downwards. As a result, it’s vital that each person understands how their actions, both individually and collectively, can affect the protection of their organisation and your tenants’ data. Failure to do so can result in censures and significant fines from regulatory bodies, as well as a loss of customer confidence and reputational damage.
Proactive cyber security and risk management needs to become an everyday part of a housing providers’ culture, and each colleague, supplier and third party needs to play their role in preventing any potential attacks or breaches.
Steve Baldry is the IT director of Orbit Group.