How can housing providers manage digital risks?
In his blog post, Ninesh Muthiah, Founder and Chief Executive Officer of SFHA Sector Associate Home Connections discusses the steps housing providers can take to protect their digital infrasructure from cyber risks.
By Ninesh Muthiah, Founder and Chief Executive Officer of Home Connections
In today’s world, digital transformation is not something any organisation can afford to neglect. Housing providers have not traditionally been seen as particularly tech-savvy, however with the Coronavirus pandemic pushing them into remote working, they have come out the other end, digitally stronger. Digitisation reaps many benefits. However, it also brings some serious risks.
In my 20 plus years working in the housing sector, I never seen such momentum for digital transformation. However, with the pandemic-inspired digital transformation, new opportunities have emerged for hackers, from the vast data held by housing providers, as well as the chaos faced by many organisations who had to rethink and change their processes. So, one of the key challenges of 2021 will be how to embrace digital transformation whilst ensuring this is not detrimental to your organisation’s security.
New processes, new risks
As 99% of housing associations plan to move to a hybrid working model, the time is right to review these newly implemented solutions in the light of data governance, legislation compliance and security. Ask yourself, are the solutions the right fit in the longer term?
Whether you implemented a new IT system or changed a business process, continuous testing of your digital infrastructure for vulnerabilities is indispensable. And part of this evaluation is to ensure your staff are cyber aware and a strong culture of security awareness pervades the organisation.
Implementing guidelines for staff can ensure they can work from home securely. Over 700 data breaches were reported by councils last year, according to FOI research by Redscan. However, the same report revealed that only half of council employees received cyber training. This is concerning. If your staff is unaware or not carrying out your cyber security protocols, your organisation’s security is at risk of crumbling. We carry out GDPR training at least twice a year for all staff.
Secure by design
As an IT company, cybersecurity is deeply embedded in our business decisions. We recognise cybersecurity as a business risk as much as an ICT risk. A ‘secure by design’ approach can protect you against potential attacks, data breaches and any impact on the citizens that use your services. Risks must be considered at all digital project’s lifecycle - from planning and design to implementation, testing and deployment.
In my experience, adopting a proactive approach is vital for managing digital risks. Starts by adopting Murphy’s Law and thereby identifying those risks and potential vulnerabilities on the basis of ‘what could go wrong will go wrong’. Which assets do you want to evaluate? Are you confident in the processes adopted by the third-party hosted systems that manage your data? Are the newly created access paths protected?
At Home Connections, we follow a range of security protocols and provisions, with a high level of data encryption. Through automated penetration test tools, we perform continuous testing of our systems. Our solutions are all cloud-based and accredited by key ISO standards, adding increased reliability and security to our Choice Based Lettings and other systems as well as information processed by them.
A range of external tools is available to help your organisation deliver a successful vulnerability assessment. Automated scanning software, for example, uses threat intelligence to actively scan your systems and analyse them against known security risks from vulnerability databases.
The frequency of risk assessments is as important to secure your organisation’s digital infrastructure. It is not all surprising to see the lack of regular IT health checks and the use of legacy technology as two of the main digital risks the housing sector face, according to a recent report by the Ministry of Housing, Communities and Government (MHCLG). Information security and data quality are others.
Beyond identifying vulnerabilities, however, you must take a closer look at the reasons behind them, the possible impact, and how they can be alleviated. Creating a risk mitigation plan might sound daunting, but it is especially important when applying digital transformation. Follow-up audits verify if any potential threats have been eliminated as well as provide lessons-learnt to help you improve control frameworks.
Digital risks increase as we increasingly rely on technology. Remember: cybercriminals only need one exposure. Being cyber aware, having the correct procedures in place and adopting a business culture that values cybersecurity as a strategy are the tools to avoid disruption to the essential services you deliver as a housing provider.