• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology Main Logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Contact
  • Home
  • Research
  • Magazine
  • Events
  • Awards
  • Recruitment
  • On Demand
Home / Free Subscriber Access / Strengthen your security against ransomware

Strengthen your security against ransomware

Although the cyber threats affecting housing providers are no different to most other organisations, the consequences of a successful cyberattack on a social housing organisation are different. During and after a major incident, most organisations worry about protecting their brand’s reputation, trying to continue running services and minimising the damage caused by any data losses. But many organisations don’t hold any sensitive personal data and the services they deliver are a commodity for consumers.

Typical cybercriminals are organised crime groups, nation states, malicious insiders and hacktivists. A housing provider is unlikely to be specifically targeted by a nation state or an organised crime group; at least half of attacks are opportunistic and haven’t been crafted to target specific housing providers.

Organised crime gangs and individuals, who use tools to automatically scan and attack, are the biggest cyberthreat to most organisations today. Their motives are usually purely financial, so they try to hold any organisation they can to ransom.

Malicious insiders and hacktivists will only target an organisation if they have a good reason to do so (although their reasoning may be misguided). Nevertheless, these groups are generally less capable of creating widespread damage. The best controls for this risk are treating employees with care and respect and making sure that nobody has too many privileges within your IT estate.

What is a ransomware attack and how is it done?

Cybercriminals will attempt to steal funds from a housing provider through social-engineering attacks. More digitally-skilled criminals will employ attacks to lock and steal company data using software programmes called ransomware. The attackers then ask for a ransom to be paid to release their control of the resources or for stolen data to be deleted without releasing it to the public. The data often includes staff and customer addresses, but often also private and confidential communications between senior leaders of the organisation.

It is advisable to not pay the ransom, but rather recover from the incident using disaster recovery processes and mitigate any damage caused by the data being released. In most cases, criminals get into housing providers’ systems through tricking somebody to give them initial access. This could be via email (i.e. phishing), a phone call to an IT helpdesk or by finding security gaps in externally-facing IT infrastructure.

How can you protect your assets and data?

Start with training your staff about social engineering, and giving them tools to report suspected incidents and attempts to socially engineer them. It also pays to regularly scan your externally-facing infrastructure.

At Quorum Cyber, we’ve observed that housing providers often have the same shortcomings when it comes to data protection. Many comprise a number of smaller organisations glued together through mergers and acquisitions. Permissions in the IT systems don’t reflect what people need access to. It’s best to adhere to the three principles of zero trust: verify explicitly; use least-privileged access; and assume breach.

How to improve your security posture

Focus on the impact to your tenants and communities. Housing providers should treat information security in the same way as physical security. Your employees can be the frontline of your defence, so advise them of what they need to do to safeguard your organisation. Ask them to feed back their worries and any suspicions of information security weaknesses they have or any signs of a security incident or breach. Then look at your external security posture, and finally at user permissions. And don’t forget to monitor security logs of the IT infrastructure.

Cybersecurity and the threat landscape both move fast. Few organisations can keep on top of everything as IT infrastructure becomes ever-more complex. It’s therefore advised to find trusted advisors internally or externally who can review your cyber security posture against a well-known security framework, such as the US’s National Institute of Standards and Technology (NIST) cybersecurity framework.

It’s also good practice to ask the teams who conduct IT and security duties to produce a range of KPIs that show whether controls are maintained. These would include awareness statistics (everybody needs to be trained), parameters regarding tests on externally-facing infrastructure, the tracking of IT vulnerabilities in the organisation, and account security (such as take-up statistics for multi-factor authentication).

Zibby Kwecka is the vCISO lead at Quorum Cyber.

See More On:

  • Vendor: Quorum Cyber
  • Topic: Infrastructure
  • Publication Date: 096 - November 2023
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Artificial intelligence in housing
  • Mobysoft – Data problems affecting complaints’ handling
  • Data, AI and private-sector strategies
  • Smart repairs & smarter homes
  • From firewalls to fortresses
  • Achieving three quick wins in AI
  • Rebuilding Selwood Housing’s IT infrastructure
  • Are you ready for organisational AI?
  • PIMSS releases AI Document Reader for compliance
  • Calico Homes cuts arrears with RentSense
  • FourNet launches digital transformation index
  • New income recovery software from Voicescape
  • Asprey Assets at YMCA
  • I love spreadsheets…
  • All watched over by machines of loving grace – AI assistants and adult social care
  • The rent revolution – The case for AI-powered payments
  • Unlocking safer living through data
  • Aareon acquires MIS ActiveH
  • Vericon launches MouldSense
  • Back to the future at Housing Technology 2025
  • FireAngel wins Which? Award
  • Maximising income and preventing homelessness
  • Anchoring digital innovation with Plentific
  • Cynon Taf Community Housing gets Housing Insight’s Arrears Manager
  • Tenants, AI & your biggest compliance risk
  • EDITOR’S NOTES – Data, standards & straight-through processing
  • AI as a social housing expert
  • South Yorkshire Housing halves arrears with Mobysoft
  • Bromford Flagship wins Aico’s smart-home competition
  • Putting VIVID’s customers in control of their tenancies

Footer

Housing Technology Main Logo
  • Instagram
  • LinkedIn
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2025 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293