Cyber Incident Response Planning for housing associations

Posted Thursday 17th August by Admin User

Help prepare your housing association for worst case scenarios with this new guidance and template created by SFHA and our members.

Appears in:

IT systems
/107398.jpg

Cyber-attacks and subsequent breaches are now a daily occurrence across every sector globally. The chances are it will happen to your organisation to some degree in the next 12 months or less. Sometimes the best preventative measures in world won’t mitigate the risk, so it’s best practice to ensure you have a plan and response in place when the worst scenario does occur.

Why do you need a Cyber Incident Response Plan (CIRP)?

A cyber incident response plan is the method that NCSC advises every organisation to have in place.

Your response plan should indicate what steps to take in case of a data breach, an insider threat, social engineering attack, or a ransomware attack, for example, since the source of the breach and the outcome are often completely different based on the type of attack.

Having a response plan will put your organisation in a better position to respond properly and quickly in the right way to any and all potential incidents and mitigate the risk of further damage. It could be a costly difference depending in response time.

Guidance and template

The new guidance and template, created by SFHA along with SFHA members, will help your housing association to create a plan that you and your colleagues can work through to capture and record the details that will be critical if a cyber breach does take place. Things like having a list of the main contacts internally and externally that will need contacted as first responders; or having a specific checklist of actions to implement during the initial breach to shore it.

The template will guide you through a comprehensive list of actions to have on record, it has been designed with collaboration and awareness in mind too – by undertaking the process of creating your organisations CIRP, your staff will have a better understanding of what to do if a breach occurs.

The template includes the following steps to consider and complete:

  • Prevention and awareness of attacks
  • Preparing your response plan
  • Key things to include
  • Creating your response plan

The guidance and template we have created are simple to edit and use as organisation deems effective, some areas might not be needed depending on the size and structure of your staff. The template is a good place to begin and might prompt more questions or actions that aren’t mentioned.

Download the guidance here and the template here.

Once you have created your response plan with staff and teams the most important step will be sharing and communicating your plan with everyone in your organisation including your board members!

More information

This guidance and template was created by Gary Dickson, SFHA Digital and Design Manager along with a focus group of SFHA members. Thanks to Anne Jenkins, Susan MacKay, Leigh Pettigrew, Robert Campbell, Colin Turner and Jordan Henderson.

If you have any questions or would like support with your template contact Gary via email: gdickson@sfha.co.uk