Goher Mohammed headshot

Blog: Collaboration – the call-to-action housing InfoSec needs?

Goher Mohammad, Head of Information Security
Published on 10/03/2022

Whenever news break of a data breach at a housing association, we are reminded that our sector is as much of a target as any. Gone are the days when banks, e-commerce and technology companies were the only victims of cybercriminal attacks.

Information security breaches are an all-too-common occurrence in today’s world and are now recognised as one of the biggest risks facing housing providers. Whether its legacy technology leaving security holes in our systems, or an easily compromised infrastructure environment caused by a lack of proactive management, the sector has become associated with a dated – and somewhat risky approach.

This is made all the more concerning when we consider the fundamental purpose of a housing association and the value of the information we hold. Data is as valuable an asset as finance. The nature of the tenant-landlord relationship means providers must handle vast amounts of data to keep residents safe, provide a service tailored to each person, and identify those in need of support.

In my organisation, L&Q, we house around 250,000 people in more than 105,000 homes across London, the South East and North West. As a charitable housing association, we build relationships with our residents based on trust, transparency and fairness. A cyber or data breach attacks the very foundations of those relationships, which once weakened, are difficult to repair.

With high profile leaks making headlines daily, the need to do more is clear. At L&Q we’ve established a dedicated function to proactively defend against cyber and information security threats. We’re all stepping up efforts, but is there one solution we are yet to explore?

To respond to that question, we must ask ourselves the following: what do our sector’s information security teams have in common? One answer is the collective threats we face.

Procurement and governance risks are universal issues within the housing landscape. We adopt similar governance frameworks, adhere to the same regulations, and often use the same supply chain partners. Progress for one provider is progress for another, and we all stand to gain something from a more collaborative model.

L&Q have recently spearheaded a collective intelligence alliance with other housing providers such as Clarion and Notting Hill Genesis. Bringing together information security experts that include some of the best and brightest people in the field, we are working together to improve things for the greater good. Forum members bring a range of issues to the table at monthly meetings, allowing others to pose solutions and share relevant knowledge. Similar initiatives exist in e-commerce, but these are ultimately driven by profit. Our group, however, harnesses the sector’s potential to work together to achieve shared, rather than individual, goals.

At L&Q, we put data protection at the heart of our business, using information responsibly to drive the best outcomes for our homes and residents. Our Information Security team play a critical role in this work and have grown substantially. What began as a one-man band three years ago is now a well-oiled team of eight professionals working with governance and wider IT colleagues to address gaps and fix problems. This new focus, as outlined in our corporate strategy, has seen our data protection efforts go from strength-to-strength.

Progress aside, information security in the housing sector clearly still has a perception issue. In reality, our endeavours have evolved significantly, reaping the benefits of new talent, technology, and a real appetite for change.

As Head of Information Security at L&Q, I sit on forums with companies from sectors including banking, e-commerce and not-for-profits, equally benefitting from advice given by private and public sector entities.

As attacks become increasingly sophisticated and vulnerabilities grow, the range of requirements is too broad to be fulfilled by any one organisation alone. Strategic conversations will require a collective effort against a common enemy: the cyber criminals working to bring down organisations and exploit our customers.

Only through collective working can we overcome the challenges of the modern digital world and its ever-changing landscape.

A more unified approach is necessary, and we need representatives from all sectors to take up the call to arms.