If you do the Twitter thing, follow me at @HousingITguy
or LinkedIn here https://uk.linkedin.com/in/tonysmiththathousingitguy
I am familiar with the ‘Dark Web’, although I have never done any transactions on it, spookily enough. I know what its used for and what stuff ends up there. Not a decent place for nice folk I guess.
So, having read about the big recent Clarion Housing Group cyber attack, it was interesting last week to read that the police were warning residents, that it's likely their personal data has been compromised and may end up on the Dark Web. If I were a Clarion resident, to be honest I would have preferred to have heard this direct first from my landlord with an apology, rather than my local county police force. This isn't the first of this kind and will not be the last either.
As been covered in this blog in past posts, data loss and cyber awareness are risks to be evaluated and mitigated, what ever kind of organisation. From the particular viewpoint of social housing residents, loss of data, be it personal, direct debit sort codes/accounts or whatever, can be catastrophic.
While this data breach has been reported in the housing press over the last few weeks, potential loss of data has been played down, while reportedly many weeks of disruption have been suffered by customers. If a breach of personal data can be proven, clearly there are penalties that should be served on Clarion. Clearly, this lost data could be exploited this month or anytime in the future.
While we cannot undo what has gone before, how could this (potential) data breach have been prevented?
Well for starters, have some serious cyber awareness in place. Have your staff as aware of potential dangers, as well as putting the logical and software blocks/measures in place. Often our staff, the human firewall if you like, can be our Achilles heel. Lack of an enforced password policy can be the means of easy attack, tighten up and ensure that an appropriate password policy is in place and followed. Do we limit our users’ execution permissions effectively and enforce the principle of least privilege?
Have we got boundary firewalls and internet gateways tightened up? Can we detect and block executable downloads, continuously block access to known malicious domains?
What’s our malware protection like? Have we established and maintained malware defences to detect and respond to known attack code?
Is our solution portfolio up to date? As matter of course, do we patch known vulnerabilities with the latest version of software, preventing attacks which exploit software bugs?
What’s policy on listing and execution control? Do our solutions prevent new/unknown software from being able to run or install itself, (including AutoRun on USB and CD drives).
Do we actively restrict the functionality of every device, operating system and application to the minimum needed for business to function?
With all of the above in play, we need then to continuously monitor what’s occurring (as Nessa from Gavin & Stacey might say). Monitor unexpected or suspicious activity, keep training staff and have them updated on new threats and issues. Put plans in place to deal with potential incidents and learn from ones that occur. We are on a current path to put more applications and data in the Cloud, where it can be more secure than ever (if we do bother to secure it of course!).
Our UK national Cyber Security Centre term the stages as Survey, Delivery, Breach and Affect
Now I don’t know where Clarion were with all of the above, however the hope would be that they have learned from their recent experiences. The key of course is doing all that is possible in order to safeguard resident data. Once out in the wild, dark web or not, we are clearly down to damage limitation or recompense payments. I think for me, where the latter is involved, corners should not be cut. Social housing tenant data is as valuable as anyone else’s, that should definitely NOT be forgotten.
I will bring plenty of Chocolate Hobnobs ☕😋
Related Post: If you are serious about managing data, don't get Excel to do a database's job need
Catch the blog monthly archive at https://soundcloud.com/housingitguy/ |
_/_/_/_/_/_/_/_/
I would be pleased to connect with you on LinkedIn - http://uk.linkedin.com/in/tonysmiththathousingitguy Message me with any issues or queries, you would like to be explored in this blog. We generally receive a couple of suggestions each month.
Porcupine Tree – Dark Matter.
(c) Tony Smith, Acutance Consulting www.acutanceconsulting.co.uk 07854-655009
Access a quick list of our Social Housing ICT blog posts here
Could we help you or your organisation? Our contact details are here , get in touch we will be pleased to chat about your problems and help with your organisation issues.
File Under: #HomesForBritain,#HousingDAY,#InternetOfTenants,#Shout,#UKHousing, 07854655009, 1st Touch,1stTouch,360,365Agile,3squared,4Js, ACL,ALMO,AMS,AX,Aareon,Abritas,Academy,Accuserv,Accuserve,Active Housing,ActiveH,ActiveHousing,Acutence,Advanced,Affinity,Agile,Agile365,AirWatch,Alfresco,Alignment,Allpay,Amazon Web Services,Anite,Apex,App,ArchHouse,Archouse,Asprey e-state pro,Asset Management,Associates,Aurora,Average IT Costs,AWI SX Integration Toolkit,AWS, BI,BO,BPR,BancTec,BigChange,Blockwise,BluTek,Bluebox,Blueprint,Browser Applications,Business Objects,Business Planning,Business Process Review,Business social networking, CACI,Capita One Housing,CBL,CCS IT Keystone CCSIT,CEDRM,CHICS,CHR,CIH,CMS,COA,CORE,CPL,CRM,CRM2013,CRS,CTI,CTX,Cadcorp,Capita,CapitaOne,Capita One,Capital Management,Cashflow,Castle,Castleton,Castleton Technology,Cedar Open Accounts,Cerrus,Change,Charges,Chartered Institute Of Housing,Cheaper Housing IT,Chics, Citrix,Civica,Civica CTX,Civica Cx,Civica Genero,Civica Saffron,Clearview,Clik,Cloud Dialogs,CloudDialogs,Coactiva,Codeman,Comino,Commontime,Community Reward Services,Company,Competitive Dialogue process,Component Accounting,Consilium,Consolidation, Consultancy,Consultant,Consultants,Contact Manager,Context,Contractor Systems,CorVu,Cost Reductions,Covalent,Crystal Reports,Customer Relationship Management,Cx, DRS,Deeplake,Designer Software,Development Systems,Director,Document,Documotive,Docuware,Dynamic AI,DynamicAI,Dynamics 365,D365,Dynamics365, ECMK,EDM,EDRMS,ERP,ESRI,Elmhurst,Enghouse Interactive,England,English,EnterpriseBI,Estatecraft,Etive,Exhibition,Exponential-e, Facebook,Factorwise,Field Service management,Finance,Financial Systems,Financials,Footprint,Forms,Freezes,Fusion, Gas Tag,G-Cloud,GCloud,GDPR,GGP,GIS,GasTag,Genero,GeoSolveIT,Getting best from,GoTonySmith,Grasp,Grip,Group Apex, HFI (Housing Financials interface),HG,HRA,Hardware,Hitachi Systems,Hitex,HomeMaster,Hometeam,HouSys,House,Housemark,Housemark survey,Housing,Housing Contact,Housing Group,Housing Insight,Housing Management,Housing Management Consultant,Housing Partners,Housing Portfolio Management System,Hub Asset Management,Homeswapper,Housing jigsaw, Housing Support Pro,HousingIT,HousingSupportPro,HyperOptic, IMS,IT,IT Budget,IT Training,ITIL,Impact Response,In,In4,In4Systems Promaster,InfoBoss,InHouse,InMotion,InMotion2015,InMotion2016,InfoBoss,Infoflow,Information,Information Technology,Information@Work components,Informix,Innovation, Informetis,Inphase,Inside Housing,Insight,Internet Portal,Internetalia,Invu,Ireland,Irish,itLab, Keyfax,Keylogic,Keypera,Keystone,Kirona,Kypera,Keynamics, Landlord,Ledgers,Linkedin,Liquid,Locality,Localz, M3,MAVIS,MD,MDM,MI,MIS,MIS-AMS,MISCS,MRI,MS Dynamics,MRI,MS Dynamics CRM2011,Microsoft365,microsoft 365,MWL,Management,Management Server,Manifest,Measuring,Mebus,More IQ,MoreIQ,Microsoft Dynamics 365,Microsoft dynamics GP 2013,Miracle,MobileIron,Mobysoft,Monopoly board images and pictures,Montal,Mr Void,MriEngage,MrVoid,MoreIQ NDL,NINTEX,NINTEX workflow,NPS,NPS ASSIST,NPS Housing,NPS Job Manager Mobile,NROSH,Natural,Neighbourhoods and Communities,Nintexworkflow,Northgate,Northgate Codeman,Northgate Public Services,Notice, OA,OGC Buying Solutions,OJEU Limits,ORS,Ohms,OmFax,Omniledger,One,OneAdvanced,OneServe,Open source,OpenContractor,OpenHousing,Opti-time,Options,Optitime,Oracle,Orchard,Outsource and outsourcing,OutSystems, PIMMS,PIMSS Data,PM,PRINCE2,Paloma,Pamwin,PanConnect,People Value,Peoplevalue,PfH,Pick,PlanForm,Planned maintenance,Plenfific,Plus,Portfolio Management System,PowerObjects,Pro,Pro-Points,Prodo,Progress,Promaster,Propoints,Proval,Providers,Pyramid, QL,QuantSpark,Qube,QLX,Qlikview,QueryView,Queryview reporting,Quiss, RM865,ROCC,RPs,RSL,Rave,ReAct,Reality,RedkiteCRM,Red Olive,Registered,Registered Social,Rent Increase,RentSense,RentSenseLite,Repairfinder,Reporting,Reports,RobotAutomation,Rocket, Salesforce,Salesforce.Org,SAP,SASSHA,SDM,SHBVN,SM,SOTI,SP,SQL,SQL Open Housing,SQL Reporting,SQL Server,Saffron,Safron,Saturn,Scenario,Scotland,Scots,Scottish,Scout,Sequoa,Serengeti,Serros,Server,Service,Services,Servitor,Sharepoint,Sim,SimPro, Simdel,Simdell,Slash and Burn,Social Housing ICT,Social Housing Software Applications,Social Media,Software,Software solutions,Spotlight Service,Spotlightservice,Star rating,Stores and Stock,Strategic,SunAccounts,Sunguard,Surveys,Streetwise, Swordfish,Sx3,Symatrix Human,System alignment,Systems,Systemwise, T-Files,TEAMS,TED,TFiles,TP Tracker,TSG,Tagish Casework,Tagra,Task,TAIM,Technologies (India) PVT Limited,Telecetera,Template,Terminal Services,That,Three Star,Tilt,TiltAffinity,Today,Tony Smith,Tony Smith That Housing IT Guy,TonySmith that housing IT,TonySmithHou,TonySmithHousing, ,TonySmithHousingITguy,Total,Total Mobile,Totalmobile,Trace,Tribal,Twitter, U2,UC,UK,UK Housing,Ukhousing,UniClass Enterprise,Unidata,United Kingdom,Universal,Universalcredit,Universe,Unrest, Valueworks,Van Stock,Vantage,Vantage Sentinel,Version,Virtualisation,Visualmetrics,Voice,Voice and data,Voluntas, Wales,Welsh,Wheatley,Windows Server,Workflow and,Work Hub,Works Connect, XML,Xen App,XenApp,Xmbrace, ...
No comments:
Post a Comment