Cybersecurity

5 best practices for securing your housing association data

Table of Contents

Cyberattacks targeting housing associations are becoming more frequent, posing significant risks to tenant data and operational stability.

Recent incidents, such as the ransomware attack on Albyn Housing Society, which exposed sensitive personal data of staff and tenants and brought operations to a standstill, highlight the serious risks that housing associations face.

Kirsty Morrison, Chief Executive of Albyn Housing Society, said:

“It is devastating that a charity whose main focus and purpose is to maintain and build homes, and support communities and individuals, has been targeted in this manner.”

This article will explain why keeping your data safe is crucial for your organisation.

You’ll find practical tips to help you strengthen your cybersecurity and ensure you’re doing everything possible to protect your tenants and maintain their trust.

Implement strong access controls

Access controls act as the first line of defence, determining who can access your systems and what they can do once inside.

For housing associations handling sensitive tenant information, proper access controls are essential.

The ransomware attack on Flagship Group is a prime example of the consequences of weak access controls. After the attack, Flagship Group confirmed:

The incident has caused considerable disruption to our staff and customer services and we are concentrating on emergency situations, to ensure our customers are safe. Some personal customer and staff data has been compromised.

Microsoft’s Tools for access control

Microsoft’s got some great tools to help with this.

For starters, Microsoft Entra is fantastic for managing who can access what. It lets you enforce strong authentication methods, like Multi-Factor Authentication (MFA).

MFA sign-in screen

This means users need more than just a password to get in, like a code from their phone or a fingerprint. If a password gets compromised, the extra layer of security keeps attackers out. It’s like having a double lock on your door.

4 practical steps to improve access controls

Enable Multi-Factor Authentication (MFA)

Configure MFA so that users must enter their password and provide a secondary form of verification, such as a code sent to their phone, to add an extra layer of protection in case passwords are compromised.

Use Role-Based Access Control (RBAC)

RBAC allows you to control access based on users’ roles.

This ensures only authorised staff can access sensitive tenant data, while other employees only access information relevant to their duties.

In Azure, configure RBAC to assign the minimum necessary permissions to each user, limiting potential damage in the event of a breach.

Regularly review and update access permissions

People come and go, roles change, and so should access permissions. Regularly check who has access to what and update it as needed.

Use a Security Incident and Event Management (SIEM) tool like Microsoft Sentinel to keep an eye on access logs and spot anything unusual. This way, you’re catching potential issues before they become problems.

Implement Conditional Access policies

Conditional Access in Azure checks for more than just a password.

A screenshot of the page for creating a new policy, where you select options to specify users and groups.

Set policies that require MFA or other security measures based on things like location or device.

If someone tries to access your systems from an unfamiliar place, they’ll have to jump through extra hoops.

Regularly update and patch systems

Many breaches occur because attackers exploit known vulnerabilities in outdated systems. By regularly updating your systems, you reduce the chances of a successful attack and protect your housing association’s sensitive data.

The biggest ransomware attack in history

As reported by the BBC, the infamous WannaCry ransomware attack in 2017 spread rapidly by exploiting vulnerabilities in outdated Windows systems that had not been patched.

2017 wannacry ransomware attack infographic

Critical services were disrupted, with the NHS forced to cancel surgeries and appointments.

The attack caused billions of dollars in damages, exposing vulnerabilities in outdated systems and prompting a global push for better cybersecurity and patch management practices.

Microsoft’s tools for system updates

Microsoft offers several tools and services to help you manage system updates and patches effectively.

Microsoft Update Catalog provides the latest updates for various Microsoft products, ensuring you can quickly apply patches.

Screenshot of Microsoft Udpdate Catalog
Screenshot of Microsoft Udpdate Catalog

Manage and deploy updates across your organisation’s devices with Microsoft Endpoint Manager. It simplifies the process of keeping systems current and secure.

Practical steps to keep your systems updated

Enable automatic updates

Enable automatic updates to ensure that your systems receive the latest patches as soon as they’re released. This reduces the risk of vulnerabilities being exploited because you’re always running the most secure version of your software.

Configure automatic updates through the Windows Update settings, ensuring your operating system and applications are always up-to-date.

Regularly check for updates

Even if you have automatic updates enabled, it’s a good practice to manually check for updates on a regular basis.

This helps ensure that no updates are missed and that any issues with automatic updates are addressed promptly.

Check for and apply updates to ensure your systems are fully patched through Microsoft Update.

Screenshot of Windows Update
Screenshot of Windows Update

Implement a patch management policy

Establish a patch management policy to streamline the process of applying updates across your organisation.

This policy should include procedures for testing patches before deployment, scheduling regular update cycles, and tracking applied updates.

You can use Microsoft Endpoint Manager to manage and enforce this policy, making it easier to maintain a secure environment.

Monitor and respond to vulnerabilities

Stay informed about new vulnerabilities and patches through resources such as Microsoft Security Response Center and security advisories.

Set up alerts for critical updates and vulnerabilities to ensure timely responses.

Microsoft Sentinel can also help monitor for signs of exploitation and alert you to potential issues related to outdated software.

Screenshot of scheduled analytics rule templates in Microsoft Azure portal.
Screenshot of scheduled analytics rule templates in Microsoft Azure portal.
To monitor for signs of exploitation or outdated software in Microsoft Sentinel, go to the Incidents or Analytics page to view alerts and rules, or use Hunting and Logs to run queries for deeper investigation.

Educate and train staff

It’s no secret that human error is one of the leading causes of data breaches.

In fact, many cyberattacks start with someone accidentally clicking on a malicious link or opening a suspicious email attachment.

The Clarion Housing Association cyber attack in June 2022 was caused by a ransomware attack, which disrupted IT and phone systems, delayed tenant services, and raised concerns about data security. Like many ransomware incidents, it likely involved attackers using phishing techniques to gain unauthorised access to Clarion’s systems.

Phishing attacks have become a go-to strategy for hackers looking to gain access to systems. If your staff aren’t trained to recognise these kinds of threats, your association could easily become a target.

Practical steps for training your staff

Start with basic cybersecurity awareness

Begin by making sure your team understands the basics of cybersecurity.

This includes how to create strong passwords, the importance of using Multi-Factor Authentication (MFA), and recognising common types of cyberattacks, such as phishing and malware.

You can use Microsoft Learn to access easy-to-understand training materials or even create your own courses tailored to your organisation’s needs.

Screenshot of Microsoft Learn
Screenshot of Microsoft Learn

Conduct regular phishing simulations

Phishing attacks are one of the most common threats your staff will face, so it’s essential they know how to spot them.

Set up phishing simulations using Microsoft Defender for Office 365. This allows you to test your employees’ responses in a safe environment.

The Launch a simulation button on the Simulations tab in Attack simulation training in the Microsoft Defender portal

These exercises are a great way to raise awareness and improve staff vigilance. Hopefully, they will think twice before clicking on unexpected links or attachments.

Offer ongoing training and refreshers

Cybersecurity isn’t something you can teach once and forget about. The threat landscape is constantly changing, and so should your training efforts.

Make cybersecurity training a regular part of your staff’s development. Encourage them to take relevant courses on Microsoft Learn and stay updated on the latest threats and best practices.

Regular refreshers will help reinforce their knowledge and build a culture of security within your organisation.

Encourage staff to report suspicious activity

Create a culture where staff feel comfortable reporting anything suspicious. It could be an unusual email, a strange pop-up, or something they’ve noticed while working remotely.

The results of selecting the Report button after selecting multiple messages in Outlook on the web.
The results of selecting the Report button in Outlook on the web.

The quicker potential threats are flagged, the faster you can respond and prevent a breach. Consider setting up a simple reporting system, and ensure your team knows how to use it.

Microsoft Sentinel can help you monitor and investigate suspicious activity that’s reported, allowing you to take swift action when needed.

Optimise Azure security with Entra and Microsoft Sentinel

As more housing associations move their operations to the cloud, securing your digital environment is more critical than ever.

Azure is a powerful cloud platform, but it needs to be properly secured to ensure tenant data is protected. Without optimisation, you leave gaps that attackers can exploit.

You can improve your Azure security by using Microsoft Entra and Microsoft Sentinel. This means your systems are always monitored, protected, and compliant.

How Microsoft Entra strengthens your identity security

Microsoft Entra is your go-to solution for managing identities and securing access to your Azure environment.

It allows you to control who has access to your resources, how they access them, and what they can do once inside.

For housing associations, this means protecting sensitive tenant data while allowing your staff to work efficiently.

Centralised identity management

You can streamline identity management with Microsoft Entra, ensuring that only the right people have access to the right data. It simplifies the process of setting up and managing access across all your systems.

Whether staff are accessing tenant records or financial systems, you can enforce strong identity controls to ensure their access is secure.

Multi-Factor Authentication (MFA)

One of Entra’s key features is the ability to enforce Multi-Factor Authentication (MFA) across your organisation.

This adds an extra layer of security, making it harder for attackers to gain access even if they’ve stolen a password. By requiring a second form of authentication, like a code from a mobile device, you ensure that only authorised users get in.

Conditional access policies

Entra allows you to create conditional access policies that help you control access based on specific conditions, such as the user’s location or the device they’re using.

For instance, if someone tries to access your system from an unfamiliar or risky location, you can require additional verification steps or block access entirely.

This ensures that only trusted users and devices can get into your environment.

How Microsoft Sentinel improves visibility and response

While Entra helps control access, Microsoft Sentinel is your all-seeing eye.

screenshot of microsoft sentinel overview
Screenshot of Microsoft Sentinel overview

It’s a Security Information and Event Management (SIEM) tool that collects data across your cloud environment, helping you detect, prevent, and respond to threats in real time.

Housing associations deal with vast amounts of sensitive data, so having full visibility into your Azure environment is essential.

Real-time threat detection

Microsoft Sentinel gives you real-time monitoring of your Azure environment. It collects data from various sources, such as your servers, devices, and user activities, and uses built-in AI to detect unusual or suspicious activity.

This means you can spot threats early, before they cause serious damage. With this level of insight, you’re not just reacting to threats, you’re staying ahead of them.

Automated incident response

Sentinel automates your responses to specific threats.

Set up automated workflows so the system responds immediately when a threat is detected. The action could be blocking access, sending an alert, or starting an investigation.

This reduces the time it takes to address potential breaches, minimising the impact of any attack.

Customisable alerts and reports

Every housing association is unique, and so are your security needs.

Customise alerts in Microsoft Sentinel based on your specific requirements. Set up custom alerts to notify you about unusual login attempts, suspicious data transfers, or any other activity that could indicate a potential threat.

Generate detailed reports to gain insight into your security posture and identify areas for improvement.

Develop and test an Incident Response Plan (IRP)

There’s always a chance something could slip through the cracks. No matter the strength of your security.

That’s why having a solid Incident Response Plan (IRP) is essential. It’s your blueprint for how to respond quickly and effectively if a breach or attack occurs.

Security incident management phases.
Security incident management phases.

For housing associations, where sensitive tenant data is at risk, a well-prepared response can make all the difference between a manageable incident and a full-blown crisis.

What should be in your IRP?

An IRP isn’t just a document that sits on a shelf. It needs to be a practical, actionable plan that everyone in your organisation understands.

It outlines the steps your team should take if there’s a security breach, from identifying the issue to communicating with stakeholders and recovering your systems.

cloudguard incident response planning services

CloudGuard can help housing associations shape and develop their Incident Response Plan.

Key elements of an effective IRP

Define roles and responsibilities

The first step in creating your IRP is assigning clear roles and responsibilities.

Everyone on your team needs to know exactly what their job is during an incident. Who’s responsible for identifying the threat? Who communicates with external partners, like IT providers or even law enforcement?

Set up predefined groups and communication channels in Microsoft Teams for quick collaboration during an incident, ensuring everyone stays informed and connected.

Set up a clear communication plan

Communication is critical during a cyber incident. Your IRP should include detailed communication protocols, both internal and external.

Internally, your staff should know how to report a suspected breach and what steps to take next. Externally, you may need to communicate with tenants, regulators, and even the media.

Going back to the Clarion Housing cyber attack, the BBC reported that residents were left frustrated by the lack of communication following the attack.

Outline steps for containment and recovery

Once an incident is identified, your team needs to act quickly to contain the breach and minimise the damage.

This part of your IRP should outline specific steps for isolating affected systems, securing any exposed data, and preventing further spread.

If a phishing attack results in unauthorised access, your team should know how to revoke access immediately using Microsoft Entra to shut down compromised accounts.

revoking access in Microsoft Entra
Revoking access in Microsoft Entra

After containment, the focus shifts to recovery. This ensures your housing association can return to normal operations.

Regularly test your IRP

Writing an IRP is only half the job. You need to regularly test it to ensure it’s effective.

Run drills that simulate different types of cyberattacks, from ransomware to data breaches, and evaluate how well your team responds.

Microsoft tools like Azure Security Center and Microsoft Defender can simulate attacks in a controlled environment, allowing you to stress-test your plan. Alternatively, CloudGuard’s TableTop Excercises (TTX) allow you to test various attack simulations and get expert insight into improving your IRP.

Testing helps identify gaps and areas for improvement, so when a real incident occurs, your team is prepared and confident in their ability to respond.

Learn from incidents and improve

Every incident, whether real or a drill, provides valuable lessons.

Your IRP should include a process for reviewing and analysing the response after an incident. This helps you identify what worked well and where improvements are needed.

View the detailed incident reports in Microsoft Sentinel to assess your response and identify any weaknesses.

Summary

By implementing strong access controls, regularly updating systems, educating staff, optimising your Azure security, and developing a robust Incident Response Plan, you can significantly reduce the risk of a breach.

These practical steps not only protect sensitive tenant data and keep your operations running but also helps maintain trust and ensure compliance.

Remember, cybersecurity is not just a one-off task. It’s an ongoing commitment.

TL;DR: key actionable steps

  1. Implement strong access controls
    • Use Multi-Factor Authentication (MFA) and role-based access control to secure systems.
    • Deploy Microsoft Entra for identity management and conditional access.
  2. Regularly update and patch systems
    • Schedule automatic updates to avoid vulnerabilities.
    • Use Microsoft Defender and Azure Security Center to manage patches and assess risks.
  3. Educate and train staff
    • Conduct regular cybersecurity training, focusing on phishing awareness.
    • Use Microsoft Defender for Office 365 for phishing simulations and training programs.
  4. Optimise Azure security with Entra and Microsoft Sentinel
    • Enforce identity and access management with Microsoft Entra.
    • Use Microsoft Sentinel for real-time threat detection and automated incident response.
  5. Develop and test an Incident Response Plan (IRP)
    • Create a detailed plan, assign roles, and test regularly.
    • Use Microsoft Sentinel to monitor, detect, and improve incident responses.
Author: Thomas Shelton
Share:
Author: Thomas Shelton
Share:

Related Resources

two men talking on a podcast posted on linkedin with a red arrow pointing towards a deepfake
Why Social Engineering Always Works: How Hackers Use Phishing & Deepfakes
We’ve all done the training, so why are attackers still getting through? Attackers no longer rely on bad spelling or suspicious links, they use AI-generated deepfakes and psychological profiling to manipulate people with astonishing precision. By exploiting the brain’s emergency response system, they trigger fear, urgency, or authority to override...
Dark purple background with claude logo and words pro, team and enterprise.
Claude Business Security: Choosing the Right Account for SMBs
When I shared my last article, a few people got in touch asking for a more practical follow-up, specifically around how small teams can use Claude Pro without putting business data at risk. This piece goes step by step through exactly that. Understand what you’re actually adopting Claude Pro is...
Two analysts looking surprised. Purple cyber background with phishing hook.
What Happens After a Phishing Attack? A Real Microsoft 365 Incident Walkthrough
If your organisation thinks a password reset or MFA alone are enough, think again. In this phishing attack breakdown by CloudGuard’s SOC team, Conor and Jon reveal the reality behind an actual breach involving a UK law firm, exposing how hackers use four methods to regain access long after initial...
purple background with computer that says threat from the field in cartoon like design
Cyber Threat Trends Q1 2026: Data Theft, AI Attacks and Emerging Risks
Executive Summary Every 90 days, we review the latest cyber threat trends to identify what IT leaders should learn, where resilience gaps are widening, and what practical actions organisations should take next.  The first quarter of 2026 has been intense. The UK threat picture is not defined by one single...
Microsoft Defender for Cloud
Microsoft Defender for Cloud Cloud environments change fast. New workloads, new services and new risks appear daily, often without full visibility or clear ownership. Microsoft Defender for Cloud provides continuous assessment across Azure, hybrid and multi-cloud environments to help organisations understand and reduce cloud security risk. CloudGuard ensures your cloud...
Woman looking at tablet with cyber imagery across the top.
The Limitations of External Penetration Testing (And What to Do About Them)
Core argument  Traditional internal penetration tests gives executives false confidence because it’s typically scope-limited, scheduled, doesn’t reflect real attacker behaviour and ignores the AI threats with user access. Would you feel comfortable boarding a plane if the pilot had practised emergency landings but had never actually simulated an engine failure?  So, why do businesses specifically exclude their...
CloudGuard logo and Stonewater Housing logo on a pastel purple background
Stonewater Housing Achieves 24/7 Security Monitoring Without Expanding Its IT Team
Image of man with half blue face on left and half red face on right. ÂŁ20 notes falling in the background.
Date | Time: 24/03/2026 | 12:00 pm
[On Demand] The AI-Enabled Insider Threat: When Trusted Access Becomes Competitive Advantage
Your most trusted employees can now distil years of institutional knowledge in days, sometimes without realising the risk they’re creating. Insider risk has fundamentally changed. We’re past the days of someone copying files onto a USB stick. Today, trusted employees are using AI tools to summarise reports, analyse strategy documents,...
Continuous Security Validation: How to Prove Your Cybersecurity Controls Actually Work
Core argument CISOs are increasingly measured not by the security they implement, but by the breaches they fail to prevent. Most cybersecurity investments create a false sense of protection because they’re never truly tested under realistic conditions.  Zero trust applied new controls but the new wave of Agentic AI solutions will fundamentally...
Get In Touch

Our Cybersecurity Services Can Instantly Improve Your Business’ Security Posture

Complete the form to find out more about any of our one-off or managed cybersecurity services. Not seeing what you’re looking for? Our cybersecurity consultants and MXDR experts are always on-hand to provide the guidance and support you need.