• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Search Archive
  • Home
  • Research
  • Magazine
  • Events
  • Recruitment
  • Blog
  • On Demand
  • Contact
Home / Free Subscriber Access / Thrive Homes’ social hack to better security

Thrive Homes’ social hack to better security

As head of IT at Thrive Homes, John Stenton shares his thoughts on why he believes ‘people power’ is key to strengthening housing providers’ security.

Let’s call her Gladys. She’s a lovely lady, one of the first in the office every morning. She is dedicated and hardworking, and she always has a smile and wants to help. However, Gladys does have some trepidations when it comes to technology.

Early one morning, Gladys walked over to me.

“Hi John, I think I have a dodgy email.”

“Hmmm…”, I thought, “I really should be working on this tender, but let’s go and have a look.”

We went back to her laptop where she showed me the email. I asked why she thought it was dodgy, knowing very well that Gladys had had the same security training as everyone else so she should know about phishing emails.

“Well,” Gladys said, “The email address is odd and the English is terrible. They are also asking me to click on this link quickly because I’ve run out of email space, but you’ve told me before that that won’t happen.”

“No, you won’t run out of space. So, is this a phishing email?”

“Yes, I think it is.”

I thanked Gladys and asked her if she knew what she was supposed to do next.

“Send an email to xxx, so that they can clean the email out of everyone’s inbox,” she said correctly.

This ten-minute exchange set me thinking; what had just happened? No idea – I’m in IT and we’re a little thick skinned sometimes.

A couple of weeks later, Gladys does the same thing. Over she sidles, early in the morning.

“Hi Gladys, how can I help?”

“Well, I think I have another dodgy email.”

“OK, let’s have a look.”

“You see? It’s asking me for Amazon vouchers for Elspeth (Thrive’s CEO) but it isn’t from her Thrive email address, so I think it’s a fake!”

“You’re right, Gladys, so do I. Well done, that’s an easy scam to fall for. I’m proud of you for catching that one. So, what’s the next step?”

A beaming Gladys then proceeded to tell me about sending the email onto our managed services provider so that they could check it and purge it from everyone else’s inboxes, just in case anyone else had also received the same thing.

“That’s the perfect response, Gladys. Exactly right, you’re an expert – you don’t need me to help you with checking dodgy emails anymore!”

I may be thick skinned, but even I could feel something odd going on. Still, back to our P2P systems and pay off some invoices…

Let’s now fast forward a few more weeks. I’m walking down the office (past Gladys) and what do I hear? Gladys is explaining to someone about how a particular email is a fake and asking them, “What do you need to do next?”

I smiled at how the tables had turned, then it occurred to me – what had just happened? Gladys, a self-confessed technophobe, was giving out cyber-security advice to her team and peers – what on earth was going on?

OK folks, this is it – the social hack.

We are all users, and we are all the weakest link in cyber security. In February 2020, the NCSC Weekly Threat Report claimed that 90 per cent of breaches are caused by human error.

This isn’t about end-user training; we all do that. This is about getting users to be more aware and pay attention ‘in the moment’.

Thrive’s end-users now seem to be more ‘present’; they take care to look at the web links and emails – they don’t click on ransomware, thank goodness!

How did this happen?

Giving them some of my personal attention, by showing them what they already know is right and wrong, is the key to reinforcing the training.

I am sure you could get similar results; your end-users know that your time is precious (because you don’t have time to share it, usually) so when you do, they know it’s important and they feel valued. I think of this time as an investment in order to reduce the number of times I have to stand in front of our board and explain a data breach or at least a near miss.

I can hear you already; you have too many users to do this. I know, I do too. Everyone in Thrive knows me, but I can’t spend time with all of them so choose your ‘targets’.

My first targets after Gladys were the ‘super users’. They’re already IT savvy, so get them on side, highlight the importance of their roles, share some enthusiasm with them and they will have more to share with their teams.

When the pandemic and the lockdown diminish, try to get an hour in their team meetings (it’s the equivalent of a week sitting with individual end-users). Make it fun and make it so that you’re interacting with them and concerned. They’re used to ignoring boring emails, yet face-to-face interaction from a senior manager, that’s memorable, especially if it’s fun.

You don’t have to do this on your own. Share the load with other leaders across the business. The super users are a start but bringing other managers on board will amplify the ripple effect.

Use what influence you have with the rest of your leadership team. Show them the way and remind them; a data breach is managed by you and your peers, not the person that caused it. You have to explain it to the board and the ICO, so use that as a lever to get some time from the leaders in your organisation to help get your users ‘in the moment’.

That’s my security hack – use the ‘power of the people’. Cyber criminals can destroy your business and your colleagues can stop them, but only if they understand the importance (that your time demonstrates) and are empowered by you to do the right thing.

John Stenton is the head of IT at Thrive Homes.

See More On:

  • Housing Association: Thrive Homes
  • Topic: Infrastructure
  • Publication Date: 076 - July 2020
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Free cyber-defence tools from NCSC
  • Learning from history
  • Grand Union Housing gets connected with Aico HomeLink
  • The silences in the system: Predicting and preventing damp and mould
  • Looking back and to the future: Cyberthreats in social housing
  • Hyde signs repairs contract with Totalmobile
  • Fuelling high performance automation
  • Morgan Sindall’s Carbon Zero decarbonisation tool
  • An ethical approach to arrears
  • Housing and the ever-evolving workplace
  • Supporting residents with home safety risks
  • Less innovation & more service design at RHP
  • Ateb Group outsources IT help desks to Central Networks
  • Capital Letters partners with Evo Digital to tackle homelessness
  • Calico appoints M247 for digital transformation
  • 24/7 care requires 24/7 technology
  • Govtech trends for 2023
  • Are you ready for business process automation?
  • Lincoln council moves to the cloud with Civica
  • Why do IT business improvement projects fail?
  • Flagship and Ebrik launch augmented reality app
  • Following the golden thread
  • Setting the standard for carbon-monoxide protection
  • The business case for data
  • Digital twins – When, not if…
  • Using data to build communities
  • The cyber-security jigsaw’s missing piece – Managed detection & response
  • Cyber-security challenges in housing
  • Digitalising retrofits with SHDF & HomeLink
  • Tips for improving care and support

Footer

Housing Technology
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Blog
  • Search All Articles
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2022 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293

htc23 pop banner