The Internet has become a powerful tool that is essential for an organization to perform its daily operations. However, as more organizations rely on technology, the associated risk of being affected by a cyber-attack grows exponentially. Housing agencies are at a particularly high risk due to the fact that they hold personally identifiable information (PII), and can face substantial liability if this data is ever compromised. Click here to download HAI Group’s complimentary eBook The Public and Affordable Housing Industry’s Guide to Cyber Risk for more information on how to prepare and protect your housing agency from a cyber-attack.
Even on a tight budget with limited resources, there are a number of inexpensive steps your housing agency can take to increase protection against cyber criminals.
Here are our top ten tips:
- Establish, Test, and Follow a Risk Management Plan
There are a number of plans your housing agency can establish, but two key plans to include are an incident response plan (IRP) and a disaster recovery plan (DRP). You may also consider forming a Computer Security Incident Response Team (CSIRT) to provide support for these plans. An IRP outlines what to do in the event of an ‘incident’ that disrupts daily operations, while a DRP outlines specific procedures to recover information technology (IT) infrastructure during a catastrophic incident that immobilizes operations. Once these plans are established, it is imperative that you train all employees on policies, perform dry-runs for testing, and continuously maintain these plans to keep up with changes in your environment.
- Use Strong Passwords and Change Them Regularly
Passwords for logging onto your electronic devices or other software programs should be changed every 30 days. Encourage employees to use a passphrase; described as a string of words along with numbers and special characters, as opposed to a single word, for added security.
- Be Wary of E-mail Attachments and Internet Downloads
Even with the best security, SPAM e-mails will still find a way into your inbox, which means you should always be alert before opening an e-mail. Always check for misleading domain names and subject lines making outlandish claims or monetary offers. Consider using a preview mode before opening an e-mail. After you open the e-mail, look for significant grammatical errors or requests for PII, which are all red flags for SPAM. If something seems off about an e-mail, contact the sender to confirm that they sent you the e-mail before opening it or downloading an attachment.
- Remove Unused Software and User Accounts
Unused software can make your computer or mobile device susceptible to a cyber-attack, because when you do not regularly update the software, you create security holes for hackers to enter through. Therefore, it is a good practice to periodically clean out electronic devices from unused browser plugins, apps, and more.
- Install and Use a Firewall
A firewall is a security device to protect your computer as you surf the Internet; screening out viruses and hackers from obtaining unauthorized access to your private network. While a firewall does not block out everything, it is a crucial layer of security.
- Implement Network Security with Access Control
With more employees working remotely, it is essential to have network security on portable devices to prevent unauthorized access. One thing to consider is encryption on portable devices. Once employees enter the network, you can limit who can open and read certain files to further protect sensitive information.
- Backup Your Files and Software
All of your files should be backed up every night onto your server, as well as to a secondary location that is off premise in case of a fire, flood, burglary, or hard drive malfunction.
- Keep Software Updated
Software companies regularly administer updates to enhance their products and resolve bugs. All computers should receive these updates as they are administered.
- Enforce Internet Usage Policies for Employees
Create an Internet usage policy to prohibit employees from using the Internet for personal use, including going on social media, online shopping, and checking personal e-mails. If employees know upfront that violating these rules can result in serious repercussions, they will be more inclined to abide by the rules.
- Get Technical Support When Needed
If your housing agency is affected by a cyber-attack, contact technical support to stop or slow down the breach as quickly as possible, then notify local authorities and let them escalate based on severity. Then contact an attorney immediately. Every moment is critical following an attack, and having an experienced professional working directly for you is vital so that they can begin to notify your insurance agency, analyze your coverage options, and look into your reporting obligations.