Housing providers and local authorities often rely on outmoded IT infrastructures which leaves them vulnerable to data breaches and cyber attacks. While social housing may seem like an unlikely target for cyber-criminals, the vast amount of sensitive data housing providers hold makes them a lucrative option for coordinated strikes.
Clarion Housing reported a major breach in 2022 that resulted in phone lines and IT systems being taken offline to protect tenants’ sensitive information. Bromford Housing also shut down its systems after what it called a ‘major cyber incident’ which put the data of thousands of tenants at risk. More recently, in December 2023 Connexus said that it was investigating a security incident involving unauthorised access to its systems, thought to be the result of a phishing-based, social engineering attack.
These incidents only scratch the surface of what the housing sector is dealing with; according to RSM UK, around a quarter of the country’s housing providers were affected by a cyber attack during 2022/23.
Where are the vulnerabilities?
Housing providers’ cyber-security challenges aren’t unique when it comes to public-sector operations. Many are often blending analogue and paper systems with newer digital services in a bid to modernise their operations. However, due to budget constraints and a lack of any cohesive digital transformation strategy, this modernisation is disjointed and faces constant delays and setbacks.
Roughly 60 per cent of UK council leaders have reported that their IT systems are ill-equipped to deal with the sophisticated cyber threats they are facing, a sentiment that is likely to be echoed by housing providers.
The push towards digital transformation might be exacerbating the problem. As housing providers increasingly adopt online platforms for tenant interactions and internal operations, the risk of cyber threats multiplies. This digital shift, while undoubtedly beneficial, demands an equal investment in cyber-security measures to ensure that advances in service delivery don’t compromise data security, and that’s where the problems are emerging.
Human fallibility
Vulnerabilities in social housing aren’t only due to technological inadequacies. The human element plays a pivotal role in cyber security, often representing the frontline of defence against cyber threats. According to a recent survey of security decision-makers conducted by Insight Avenue and Zivver, human error was identified as the number-one concern in terms of outbound threats for almost three-quarters of respondents.
Human errors, such as falling for phishing emails or mishandling confidential information, can lead to significant vulnerabilities. Addressing this requires not only stringent protocols and IT measures but also comprehensive education and awareness strategies. Regular training sessions, up-to-date information on the latest cyber scams and a culture of cyber-security mindfulness can empower employees to act as diligent custodians of tenants’ data, significantly reducing the risk of breaches.
Proactive defence
Implementing proactive cyber-security measures in social housing is an imperative. Beyond good cyber hygiene on networks, secure communication channels must be established for all internal and external communications, alongside the implementation of data-encryption protocols to protect sensitive tenant information during transmission and storage.
For example, enhancing email security might involve the integration of encryption technologies to ensure the confidentiality and integrity of email communications. Tools can be deployed that automatically detect sensitive information within an email and then encrypt it, ensuring that sensitive information is only read by the intended recipient. Furthermore, implementing multi-factor authentication adds an extra layer of security, verifying the identity of users before granting access to email systems and sensitive data. These measures collectively fortify housing providers’ defences against cyber threats, ensuring that tenant information and organisational data remain protected.
By taking these steps, housing providers can not only defend themselves against immediate risks but also lay the groundwork for future resilience, ensuring the long-term protection of tenants’ sensitive data.
Rick Goud is the CIO and founder of Zivver.
