allpay Limited, the UK’s leading payment specialist, has been certified by Cyber Essential Plus – a Government-supported and industry-backed scheme which aims to verify that organisations have the appropriate security protocols in place to stave off a cyber-attack. allpay Limited joins a small number of other organisations in receiving a certificate through the Council of Ethical Security Testers (CREST), an approved accreditation body under the UK Government.
allpay Limited’s accreditation comes as the British Chambers of Commerce reveals that one in five businesses faced cyber-attacks over the past year. For the housing association sector specifically, cyber security is emerging as a significant issue. Extended data protection, and a renewed sector regulatory regime, will increase the responsibilities and requirements on housing associations to protect themselves from breaches. The scheme’s set of critical controls offers greater protection against the most prevalent forms of attacks, thus discouraging suppliers from being irresponsible about cyber security whilst continuing to protect customers.
The extent of cyber threats, and attacks, is little known to the sector, with some housing associations potentially not even knowing their systems have been compromised, only discovering they have fallen prey to an attack once consultants have been called in. Housing Associations face being specifically targeted by fraudsters who see an opportunity in development acquisitions and stock transfers, with the primary risk being in accessing personal data and payment processes. Fraudsters are believed to penetrate phone systems first, if only to gauge potential for access.
It’s understandable that many Housing Associations, especially some of the smaller players in the market, are not yet ready to implement the necessary cyber-protection controls. However, housing associations ill-prepared for fraud will face consequences ranging from irrecoverable financial loss to regulatory intervention from the Homes and Communities Agency (HCA) – including liability for the extent of any losses. Penalties for data protection alone can top £500,000.
Simon Cook, head of compliance at allpay Limited, commented: “At a time when Housing Associations are increasingly under threat from cyber-attacks and in need of a high standard of cyber security, we are very proud to receive a Cyber Essential Plus accreditation. Alarmingly, the sector lacks awareness of the threat, reflected by evidence that councils spend eight times more on health and safety training than on IT security and data protection combined, with 86% not investing anything. Therefore, our goal is to educate and implement the correct measures to protect Housing Associations.”
This is not the first time allpay Limited has proactively sought to increase security for its customers. allpay Limited passed a Payment Card Industry (PCI) compliance audit to become a level 1 payments service provider – the highest level in compliance. With security breaches becoming increasingly common, it is all the more critical for organisations to prove they are PCI compliant. allpay Limited’s status as PCI DSS compliant enables it to manage payments securely on behalf of an organisation, minimising risk whilst also saving time and resources.