10 top cyber security tips for housing associations

Several high-profile breaches within the housing sector have placed a spotlight on the effectiveness of housing associations’ cyber security strategies in recent months. So, how do resource-constrained organisations build a robust cyber security strategy that identifies, responds to, and mitigates threats? Read our top 10 tips now.

Embedding a proactive, security-first mindset at a strategic level is key to maturing your cyber security posture and keeping your data safe – but would you know what to do if a breach happened tomorrow? Do you know what the cost would be and how to respond and remediate?

Read now: The return of the prevention first cyber security strategy

The Department for Digital, Culture, Media, and Sport’s (DCMS) 2022 Cyber Security Breaches Survey reports that within the last 12-months, 72% of charity sector board members recognised cyber security as a high priority, but only 19% of those organisations have a formal cyber security strategy in place. If we consider this alongside the 30% of charities that have identified a cyber attack in the last year, it’s clear to see how cyber incidents like the Clarion Housing breach occurred and why they are so damaging to organisations and user trust.

Without an effective strategy in place, your organisation is an easy target for attackers and the only way to effectively prevent and overcome an attack is with a robust cyber security approach.

10 top tips for reducing your attack surface

  1. Patch, patch, patch: keep systems and critical business software patched and up-to-date, leaving the hackers with very few vulnerabilities to exploit
  2. Have a plan: inevitably all organisations will be breached at some point, and whether it’s a large breach or a small breach, having a plan is essential to overcoming it. Ensure the relevant people are aware of their roles and responsibilities in the event of a breach
  3. Invest in endpoint protection: many of the leading endpoint security vendors are now using deep learning and machine learning to offer unprecedented levels of protection, identifying risks rapidly and with a high degree of accuracy resulting in less false positives
  4. Gain visibility across your network and systems: understanding events in your network is critical and ensures that things are captured and remediated before an attack can happen. Talk to our security team about implementing a SIEM solution or vulnerability scanner
  5. Strengthen governance: technology is only one part of protecting an organisation. Good governance, standards, and auditing are equally critical. Ensure governance is strong by aligning to relevant business excellence standards and security standards
  6. Mandate good password hygiene: even now, many of the large and well-known breaches happened due to brute force attacks or weak passwords. Use Identity and Access Management (IAM) and Privileged Access Management (PAM) tools to ensure your users are authenticated, and enforce the use of long and strong, locked passwords by mandating regular password changes
  7. Train your users: your users are your first line of defence in a cyber attack. User awareness training platforms educate your organisation on modern threats and best cyber security practices
    See our top free cyber security training resources
  8. Protect your emails: 96% of breaches start with an email. Using a modern email gateway eliminates impersonation attacks, and catches phishing attempts and malicious attachments
  9. Assume you have already been breached: often the best form of defence is offence. Adopting a Zero Trust Network Access (ZTNA) approach will capture any malicious traffic immediately and quickly isolate a potential breach before it escalates
  10. Protect your backups: most organisations will have some form of backup in place, however hackers will often go after the backups first, resulting in max disruption to daily operations. Using a modern backup technology ensures your backups are immutable and can’t be tampered with

Blog: Best practice to avoid a cyber security breach

How to embed governance, risk, and compliance in your cyber security strategy

Top-down governance that includes cyber security as a focus in your organisation’s overall cyber security strategy makes reducing risk easier, cheaper, and more effective. To achieve this, the NCSC’s board toolkit recommends embedding cyber security into your organisation’s core structure and objectives by following industry guidance.

Cyber security frameworks, standards, and certifications can be challenging to obtain and maintain without the right support, but working with an experienced partner to implement them will protect your organisation, employees, and service-users against cyber threats.

According to NCSC’s ‘Review of Cyber Essentials influence on cyber security attitudes and behaviours in UK organisations’:

  • 50% reported one or more occasion where they have been targeted by a cyber attack in the past 12-months
  • 93% of Cyber Essentials certified organisations claim that they are confident they are protected against common, internet based cyber attacks
  • Meanwhile, 66% claim Cyber Essentials has had a positive impact on their ability to respond to attacks

Our governance, risk, and compliance team work with you at a senior level to understand your organisation, the available resources, and how to reduce your risk.

Free cyber security review

Take advantage of our free review of your cyber security approach – based on six of the Centre for Internet Security (CIS) Top 18 Controls – with a bespoke output report and a realistic roadmap for improvement.

Book your free cyber security review

In-depth cyber security analysis

For a more in-depth analysis of your cyber security strategy, we offer a full review* of all 18 controls, reviewing every area of your approach against industry best practice. The evaluation is aligned to a framework or standard of your choice – we will help you identify the most appropriate.

Arrange your in-depth cyber security analysis

Cyber security incident response plan

Work with us to build your cyber security incident response plan to meet industry standards and best practice. We align your plan with your business continuity and disaster recovery plans and test it with an interactive tabletop exercise to ensure it meets your needs.

Book your in-depth cyber security analysis

*Please note: this service is chargeable.

Governance, risk, and compliance with Phoenix

Our governance, risk, and compliance specialists have over 30 years’ experience supporting housing organisations of all sizes to identify risk and security gaps, and how to create a realistic prevention plan.

Discover the cyber security support available to you now
Jonathan Scott
Jonathan Scott

Jonny entered the world of IT at the age of 17. After working in corporate sales for three years, he moved to a more strategic role at Phoenix within the business development team managing bids and vendor relationships. After building up the skills and knowledge to understand the relevant technologies that fit different sectors, Jonny became the Vendor Alliance Manager at Phoenix. Jonny and his team manage a portfolio of over 650 vendors.

See all posts by Jonathan Scott