Home / Solutions / Customer Success Stories / Leading housing association strengthens security to protect its tenants

Published: 26th July 2022 | In: Case Study

As one of the leading housing associations in the UK and one of the largest in London and the south-east of England, Notting Hill Genesis (NHG) owns and manages 66,000 homes and employs around 2,000 staff. The organisation was created thanks to the merger in 2018 of Notting Hill Housing and Genesis Housing Association, two equally-sized associations with matching social values and purpose. With roots stretching back to the 1960s, NHG prides itself on caring for all of its tenants, its partnerships with the private sector and its vision for the future.

Unfortunately, housing providers haven’t been spared from the rise in cyber-attacks over the past few years and the UK has witnessed a number of damaging incidents. Although the sector might not seem like a priority target for cybercriminals, it can be seen as a relatively easy one that stores lots of people’s personal data. Associations that house thousands of tenants, and hold some of their private information, including addresses and bank details, have suffered from data theft. In some cases, threat actors obtained staff data too. While investigating these incidents, associations have sometimes needed to take their systems offline for an indefinite period of time, with the obvious consequence of disrupting the work of their employees or the quality and speed of services to their tenants.

Prevention is better than cure

In 2021, towards the end of a three-year deal with a major US technology company, NHG sought to replace its existing Security Operations Centre (SOC) with one that would be fit for their purpose and budget. They wanted a partner who could offer 24×7 monitoring, Incident Response capabilities and an expert on Microsoft Security technologies, which provided a continuous approach to cyber security. Microsoft referred the housing association to Quorum Cyber – a Microsoft Gold Partner and member of the Microsoft Intelligent Security Association (MISA) – and they made contact via our website.

In a climate where cyber threats were increasing exponentially, NHG were very familiar with the potential dangers. The management team knew that they needed an outsourcing arrangement which provided a Security Incident and Event Management (SIEM) platform to monitor all system-generated events and determine which ones could relate to a cyber-attack.

With a busy IT team already at full capacity, they wanted a service that provided cyber security experts to manage their response capability, from monitoring all the way through to incident response and containment. In the event of an attack, the Quorum Cyber SOC would manage and resolve the problem as soon as it was detected, working in close collaboration with NHG’s IT team.

Choosing the right cyber security partner

As part of their procurement process, NHG went out to tender for a managed security service. Ultimately, they chose a cyber security partner they trusted and felt confident could manage their end-to-end security operations but also provided a true sense of partnership and collaboration. This enabled them to focus on delivering high-quality housing services to their community in over 60,000 homes, ensuring that vital services for families and vulnerable individuals were never impacted.

On-boarding and risk mitigation

As housing associations and, indirectly, the tenants they have a duty of care of, are constantly at risk from data theft, time was of the essence. So, to protect NHG and their 200,000 customers, the organisation was swiftly on-boarded onto the SOC. During this step, a full Security Maturity Assessment (SMA) identified potential weaknesses and risk areas in their IT landscape. Furthermore, NHG completed an Incident Response Readiness Assessment to be fully prepared in the event of a breach in future.

Seamlessly expanding the security team

“Under Quorum Cyber’s protection, my team has the freedom to focus on our day jobs without worrying about the threat of an imminent attack,” says Richard Holland, Head of IT Systems and Cyber Security for NHG. “Thanks to a smooth and rapid on-boarding process, they were able to bolster our defences and empower us to rapidly resolve any incidents before they had a chance to damage our organisation.”

“Working with Quorum Cyber on a day-to-day basis has been a valuable experience,” explains Gavin Inns, NHG Security Manager. “It doesn’t feel like we’re hiring an external service provider but that we’ve extended our security team to beef up our defences. We’re confident we have the best skills, tools and personnel in place to defend Notting Hill Genesis from unknown threats.”