How to overcome a cyber attack in the housing sector
Risk and GovernanceSecurity

How to overcome a cyber attack in the housing sector

The UK Government’s National Cyber Strategy 2022 promises to strengthen the structures, partnerships, and networks needed to support a whole-of-society approach to cyber, and foster the growth and quality of a sustainable, innovative, and internationally competitive cyber and information security sector. Read our GRC specialist’s advice about how to replicate this in your housing organisation.

We believe that cyber security extends further than simply the protection of your systems, services, and data to include people (your employees, tenants, and partners), processes and policies, and information and data governance, whether mandated through PCI-DSS, NIST, CIS, ISO standards, or others.

When building a successful cyber security strategy, you must consider:

  • Cyber professional services
  • Endpoint and mobile security
  • Identification, authentication, and access controls
  • Incident response and management
  • Information risk assessment and management
  • Internet of Things (IoT)
  • Network security
  • Threat intelligence, monitoring, and detection
  • Awareness, training, and education

You should also include frameworks (NIST, SANS Institute, and ISO standards) as a baseline to ensure everything is up-to-date and compliant, including:

  • Business continuity and disaster recovery plans
  • Cyber security incident response plans
  • Tabletop tests to learn, develop, and mature

However, the strongest cyber security strategies understand exactly how cyber attacks unfold, and considers the challenges to overcome during one to mitigate and remediate successfully.

Read our 10 top cyber security tips for housing associations now.

 

Laptop on a desk with a secure log in on the screenWhat are the main challenges housing organisations face during a cyber attack?

There are four key challenges that you need to be aware of during a live cyber attack and incorporate remediation for within your cyber security strategy:

  1. Mistakes are made
    It’s a fact that in an immediate state of panic, decisions are made too quickly. Information isn’t communicated clearly with key stakeholders, and too often housing associations (and other housing organisations) under attack will fail to inform regulators in time, leading to fines and further challenges.
  1. Evidence is lost
    One of the most common challenges during incident response is the deletion of vital evidence of the attack and how it took place – either on purpose or accidentally. Integrity of evidence is crucial for an effective incident response, future incident prevention, and regulatory compliance when reporting.
  1. Facts become elusive
    Following an attack, everyone wants to know the facts, but in most cases, they’re hard to find. While knowing everything isn’t always possible immediately after an attack, it is important to record everything on a non-electronic device that can’t be compromised.
  1. Communication breaks down
    Inconsistent communications during a cyber attack can become confusing leading to a slow response. And more seriously, unclear communications can have significant legal repercussions.

How to create a strong cyber security strategy for your housing organisation

  • Plan, test, and build your cyber security incident response plan (CSIRP): ensure everyone knows their roles through tabletop exercises. This approach will allow you to practice and understand should you need to align in a real event, and a working, fit-for-purpose, and tested CSIRP is your best tool during a cyber attack
  • Invest in cyber security training: not as a tick box exercise but as an extension of your ‘standard’ cyber training. Train your mid and senior management in response strategies and their roles in an event
  • Create cyber attack playbooks: during a crisis, even seasoned professionals need guidance. When you’re under stress it’s easy to forget elements, and playbooks for different scenarios – that are relevant to your organisation and tested through tabletop exercises – provide an extra layer of support
  • Devise a clear-cut crisis communications strategy: include what steps to take and when, and a clear catalogue of words to use and avoid to prevent confusion or miscommunication. There are legal and financial implications at stake, so make sure whoever is responsible for your crisis communications is well-trained – this is a vastly different messaging strategy to your typical, day-to-day comms
  • Protect your people: it can be easy to forget that a crisis for your housing association could also be a crisis for your employees who are giving up their downtime to remediate and protect your organisation in the event of an attack. Avoid placing blame and show appreciation for those dealing with the attack, including providing mental health support for those involved
 

Talk to our Governance, Risk, and Compliance team about overcoming your cyber security challenges during a cyber attack

Our GRC team work as an extension of your organisation’s IT teams. We support you in planning, building, delivering, and testing your cyber plans to ensure that you are always protected against and prepared for an attack.


Speak to us now
Tracey Hannan-Jones
Tracey Hannan-Jones

Tracey is Phoenix's Lead GRC Consultant, with over 25 years' experience across Technical Information Security, Data Governance, and Compliance and Auditing.

See all posts by Tracey Hannan-Jones

About Phoenix

Phoenix enables digital transformation in the workplace, empowering UK organisations to innovate and transform with cloud and hybrid infrastructures data, AI, security, and collaboration tools. By understanding the individual goals of its customers, Phoenix delivers remarkable, outcome-focused IT solutions and services that allow UK organisations to make a difference to the lives of their employees, service users, and communities.

Phoenix is a signatory on the Race at Work Charter, and a Disability Confident and Living Wage employer. The company is also actively involved in encouraging more women into the IT industry.

 

How we handle data  |  Unsubscribe

Recent Blog Posts

  • 29-04-2024 - Further co-engineering between the two global leaders, Microsoft and Dell, brings improved management and functionality in the form of ‘Premier...... Read more
  • 25-04-2024 - Phoenix Software have been recognised for exceptional performance and innovation in Customer Cloud Data Security Phoenix announced today that it...... Read more
  • 04-04-2024 - As we innovate, QR codes are becoming commonplace. From accessing restaurant menus to event tickets, QR codes offer convenience and...... Read more

Sign Up

Please enter your details below to opt-in for the latest news, events and industry updates from Phoenix.

©2024 Phoenix Software All Rights Reserved. Phoenix Software Limited is a company registered in England and Wales, with company number 02548628 and VAT number GB 755 3490 15. Registered Address: Blenheim House, York Road, Pocklington, York, YO42 1NS