Cyber security: how can housing providers prepare for cyber security threats?
Why are social housing providers targets of malicious cybercrime?
You might think that hackers would only be interested in hacking large corporations with many millions of pounds behind them. But as we have increasingly seen in the last few years, that is far from the case.
So why do hackers target the housing sector? One obvious reason is data. Social housing providers, whether huge housing associations or local councils, all store vast amounts of personal information on their tenants and applicants. Cyber criminals can then sell this data to a wide range of illicit organisations hungry for customer intel. Another reason is that hackers may want to disrupt critical services for political or personal reasons.
What are the consequences of cyberattacks on housing providers?
Let’s take a look at what happens when hackers do launch a cyberattack on housing providers.
In October 2020, Hackney Council suffered a vicious cyberattack which, nine months down the line, continues to cause major disruption to housing and benefit services. The hack is expected to cost the East London council around £10m in total.
Hackney Council is just one of many housing providers that have suffered as a result of cyber criminals.
So how can you protect yourself from cybercrime?
1. Ensure all your staff are trained
Cyber criminals commonly impersonate someone in an organisation and send fraudulent emails asking other employees for confidential data. You need to ensure your staff know how to detect a fraudulent email. Train them to:
- Check links before clicking them
- Check email addresses from the received email
- Be careful sending sensitive information. If a request seems odd, call the person in question before sending over the sought-after data
- Notify anything suspicious to IT department
The National Cyber Security Centre provides in their website a rich session on advice and guidance that covers a range of topics related to cyber security.
As 99% of housing associations are planning to move to ‘hybrid working’, implementing guides with advice for staff is recommended to ensure they can work from home securely.
2. Keep your software and systems up to date
Cyberattacks often happen because systems or software are not fully up to date resulting in vulnerabilities. Cybercriminals exploit these weaknesses to break into your network.
To prevent this from happening, invest in a patch management system to manage all software and system updates.
3. Install a Firewall
Unfortunately, there is an ever-growing plethora of sophisticated data breaches. Councils have reported more than 700 data breaches in 2020, according to a FOI research by Redscan.
Guarding your network with a firewall is one of the most effective ways to defend yourself from any cyberattack.
5. Ensure endpoint protection
Since the pandemic, we have all acclimatized to working from home. This has meant a dramatic surge in additional devices being connecting to corporate networks. Consequently, access paths to security threats are created. These paths need to be protected with specific endpoint protection software.
6. Controlling admin rights
Don’t allow employees to install software that could compromise your systems. Having managed admin rights and blocking staff from installing or even accessing certain data on your network is important.
7. Each application deserves a different password
Do not fall into the trap of using the same password for various portals. If you do, one exposure of your password will leave you vulnerable to hackers breaking access to everything in your system and any application you use. If possible, change your systems’ password policies to prompt users to update their passwords every certain period. Find out more about good password practice.
8. Backup your data
Up-to-date backups are the most effective way of recovering from a cyberattack. From cloud storage to saving files locally, establishing a data backup strategy will protect your critical data. Cloud backups are usually a good solution for most businesses as they can be done automatically, reducing human error. The speed you can retrieve your backup data is also key to ensure you face less disruptions and maintain business continuity.
Investing in cybersecurity is the best way to protect the high volume of sensitive data housing providers and local authorities hold. Especially in times when we are more vulnerable. Find out how can our housing specific software help you to manage your data securely.