Cyber-security and social housing

Cyber-security and social housing

We live in a data-driven world, the use of pen and paper is a dying art, though my barely eligible notebook would beg to differ… Everything we do is seemingly documented and analysed by some algorithm or person behind a screen. You know what I am talking about, you mention going for a walk then suddenly your social media is awash with ads for hiking boots. Naturally, this has some backlash, and the concept of online privacy, cyber-security, and data protection has never been higher on people’s agendas and this is not going to change.

Within the sphere of social housing, data protection is needed, few industries deal with such sensitive data and as such, few industries have such an emphasis on protecting their data. Many large organisations have a dedicated GDPR officer, a job that didn’t exist in the not-so-distant past. However, despite the importance of the concept, some smaller organizations may find themselves lacking in knowledge when it comes to cyber-security best practices.

There are however some simple steps people can take to minimise the risks when navigating the online environment.

Improve your password security

Now, like most people, I would say you are probably guilty of this, using a small range of passwords for anything you sign-up for. With the number of sites demanding a log-in these days, it seems impossible to remember even the small variations of one password…

Though, the importance of passwords in protecting your sensitive data cannot be understated, so try your best to break your old habits and use these steps to improve your online armour. Your online-self will thank you, I promise!

Password security for social housing organisations is of paramount importance, considering the level of sensitive of personal data stored in relation to tenants and properties.

1. Use different passwords 

Think of it like this, you live your life with one key. This key starts your car, opens your front door, opens your garage door, and your parent’s front door. Sounds pretty handy I know but what if you lost it, you would feel pretty compromised. Now imagine what your password can unlock, you should view the passwords you use the same way.

Websites and service providers should store your passwords in a heavily encrypted format. That way, even if they are hacked they’re indecipherable. Sadly that’s not always the case so assume they don’t. If you find it impractical to have a password per site, at least use different ones for the most sensitive ones such as your social housing software or Internet banking. Or consider a dedicated password manager such as 1Password.

2. Avoid dictionary words

Take it from us, we operate in the software world, and with the territory, you learn what the bad guys are up to. Potential data thieves often use automated software to run through the dictionary, as well as common password variations. I speak of course of the dreaded “password” or the just as bad “password123”. You would be surprised how many accounts that would get them into.

Check out this list of 2020s most common passwords here, if you spot yours… maybe it is time for a change.

3. Mixing up letters and numbers

This is the norm these days, when making an account on a website they often ask for “at least 8 characters’ or “one upper case”, etc. To be honest, it is probably why my most frequent email subject is “password reset”… Though, getting into the habit of doing this without being asked will not only make them easier to remember but do wonders for your security.

Substitute letters with similar numbers, such as the letters I or E with 1 or 3. Or replace s with a $ dollar sign, use your imagination. Get at least one capital letter in there, go for 8 or more characters and you’re set. A useful trick, base your password on a sentence and mix the initials. For example, “My first house was on 123 Home street” could yield “mfhwo123Hs”. Secure and more memorable than you’d think, eh? Or even use your keyboard to make shapes, for example, %tgbHU8* makes a V on your keyboard.

4. Be careful where and when you log into your software

Trying to get a bit of work done on the fly? Found yourself with a spare minute in the airport? Beware! logging in, or entering your password on unsecured or open networks make them prime pickings for hackers. Perhaps consider using a VPN (Virtual Private Network), this will hide your IP address and let you browse anonymously, check out how to make public WIFI a little more secure here.

5. Check your password strength and remember to log out 

Hopefully, you’ll now have thought up some extremely obscure and memorable passwords to use. So why not put it to the test, a number of sites such as will give you an indication of how long it might take to crack it. I just tried my email password and it should be safe for 46,700 years. I’ve set a reminder for Feb 48721 to change it again…  Also, a simple one to remember, don’t forget to log out of any site or system you use. This is particularly relevant for shared devices, but you never know who in the office could be wanting revenge for you stealing their mug…

Use robust and secure software

The most robust social housing software will have features such as individual logins, strong password policies, and encryption of sensitive data.

Remember it’s not just stealing your data that’s the problem. If someone accesses your social housing software using your details then it will appear to be you, and unless or until you can prove otherwise you will be held accountable for anything they do. Password security for housing officers is critical to protect your organisation and your tenants.

Finding software which emphasises data protection and security should be top of your necessary criteria list when considering your options.

Two-factor authentication

You’ve probably heard this term being thrown around, but what does it actually mean. Put simply, it means that there is one extra step between your precious data and that would be cyber-criminal. Usually, this comes in the form of a one-time passcode sent to your phone, it means that a hacker needs more than your username and password.

A real-world example of two-factor authentication would be withdrawing money from an ATM, not only do you have to have to present your car (1st factor) but also, know your pin (2nd).

By choosing websites or software that have two-factor authentication you can rest a little easier, knowing your data is safe.

Choose a software that has different user access levels

In the world of data security and GDPR, choosing who can access data is extremely important. Choosing software that enables you or your organisation to control who has access to the most sensitive data should be top of your list of priorities when deciding on what one to go for. Knowing that your data is stored in such a way that only certain people can view it, nevermind edit, is invaluable. Picking one in which you can define individual roles for users will reduce future headaches or data-related stress. Knowing that only certain people within the organisation can see the most sensitive data will help you reduce the risks of data breaches and all-around data security.

Hopefully, you’ve got some useful and usable tips from this, and remember if your password is “Password123” hang your head in shame…


Useful links

Common passwords of 2020

How to stay secure on public WIFI

How secure is your password?

15 tips to better password security by McAfee

Affinity and different user access controls

More from the Affinity blog 




Related Posts

A Quick Guide to Asset Management in Social Housing

Chances are if you work in social housing, you’ve heard...

RTB Renewal Registrations

Change, the one thing everyone says is constant. Even the...