The pandemic year of 2020 saw an unprecedented spike in cyber attacks across the world with the IT companies FireEye and Solar Winds being just two of the best known of over a dozen major attacks. Given this global context it is important to assess the security risks from off-the-shelf software.
This comes after the news reported, last November, that a 32,000-home landlord was hit by a major cyber attack, which led to severe disruption of its services. This sent a clear message for other RPs and local providers - that the social housing sector is a lucrative target.
“Generic software offers a ready-made solution which can be more vulnerable to cybersecurity threats as they tend to meet only general requirements, not considering specific working practices, security policies and procedures. Solutions provided by tech giants are also a greater target because of the volume of data they hold” says Ninesh Muthiah, Founder and CEO of Home Connections.
There is a lot to consider, from securing remote working practices, improving authentication, securing corporate devices. And if services are provided by third party organisations, security assurance is needed now more than ever.
“In contrast, custom software can be built to resist cyber threats as it is designed according to specific organisational needs and countering specific threats. In such cases, bespoke software can be much harder to infiltrate” says Ninesh.
Cyber risks for the housing sector
A pre-discovery report completed by the Ministry of Housing, Communities and Government (MHCLG) in May 2020 investigated the specific problems and challenges that local authorities faced in improving their cybersecurity.
The report revealed a lack of consistent understanding of what cybersecurity entails or means for a local authority, making consistent prevention more difficult. The research highlighted that several councils are not taking all available measures to reduce the risk of an attack. Some of these relate to the regularity of IT health checks and the use of legacy technology.
There is not one single solution that could solve cyber risk as issues vary in size, severity and context and there is a continuous arms race between attackers and cyber defence. The MHCLG report recommended that taking a ‘secure by design’ approach would protect against potential attacks, data breaches and any impact on the citizens that use services. It also recommended that organisations should recognise cybersecurity as a business risk as well as an ICT risk.
"As an IT company, cybersecurity is deeply embedded in our business decisions. For 20 years, we have been trusted by over 200 local authorities and housing providers to implement and maintain robust bespoke solutions that match their specific requirements and working methods. We have procedures in place to ensure that housing officers can manage the data securely, regardless of whether they are working in the office or remotely" says Ninesh.
"We follow a range of security protocols and provisions, with a high level of data encryption. We also opted for automated penetration test tools to perform continuous testing of systems. We learnt that proactive monitoring is the best approach in keeping the data safe. Our solutions are all cloud-based, and accreditations by all key ISO standards which adds increased reliability and security to our systems and information processed by them”.
ISO 27001 is a voluntary certification which sets out best practice in terms of managing the security of assets such as financial information, intellectual property, and information entrusted by third parties. It is a thorough solution that offers a framework that can be tailored to the needs of any organisation.
The technology available for housing providers is in constant evolution, but so are cyber attacks, as they get more sophisticated each day. Investing in cybersecurity is the best way to protect the high volume of sensitive data housing providers and local authorities hold, especially in times when we are more vulnerable.