Client Stories
mhs homes
Find out how Littlefish worked with mhs homes group to implement a robust cyber security strategy along with other innovative services.
Customer overview
mhs homes group manages 9,500 homes in the Medway, Maidstone, Gravesham, Dartford, and Tonbridge and Malling areas of Kent. As the largest, independent social landlord in the UK, the group also includes Heart of Medway Housing Association which manages over 900 homes and is regulated by the Regulator of Social Housing.
Over thirty years old, the organisation employs over 280 employees and is committed to providing safe, sustainable, and affordable homes as a stepping-stone to a better future.
In an ever-evolving landscape, there’s always more to learn and new threats emerging, so I’m confident that Littlefish can help us with that.
Service Challenges
Pre-COVID-19, mhs homes felt happy they had strong cyber security processes in place. Measures such as access control (ensuring that only authorised users are granted access to sensitive information), patch management (the process of identifying, acquiring, testing, and applying patches, e.g., software updates, to systems, applications, and devices) and malware protection (aimed at detecting, preventing, and removing malicious software from computers, networks, and devices) were kept up-to-date and the organisation felt its data was secure.
However, during the COVID-19 pandemic, when lockdown measures were put in place, the organisation had to quickly change the way it worked. mhs homes moved from mostly office-based to entirely home working, involving new equipment such as laptops and other internet-connected devices, and all requiring remote access to the organisation’s network.
Once lockdown measures were lifted – and like many UK companies – the organisation’s new attitude to more flexible working remained, and many mhs homes employees chose to split their time between traditional office-based working and working remotely.
Of course, along with this new way of working came additional cyber security challenges; resources became more strained by securing remote access, monitoring for security threats, and supporting a dispersed workforce.
Additionally, after completing a tabletop exercise with Littlefish – a process designed to help organisations to identify different risk scenarios and prepare for them, as well as considering one or various simulated scenarios that could negatively impact the organisation – conversations around at cyber security at mhs homes turned to, not just preventative security measures, but also more proactive planning.
It made sense to us to go to an organisation that could offer us a range of security services … we chose Littlefish because they could provide everything we needed.
A robust security solution from Littlefish
Initially, Littlefish undertook two types of penetration testing:
- Social engineering (in this case, physically trying to enter mhs homes’ building)
- External infrastructure testing (testing everything public facing and publicly available over the internet)
Littlefish also undertook internal vulnerability testing and a build review to check how well mhs homes’ internal security and device configuration stood against known vulnerabilities and configuration hardening techniques.
The above, along with the findings from the tabletop review, enabled Littlefish to instil new and robust security measures in priority order.
Positive outcomes
The testing carried out by Littlefish allowed mhs homes, in collaboration with the Littlefish cyber security team, to quickly remediate security vulnerabilities and set in place a remediation plan all stakeholders agreed to.
Furthermore, the tabletop exercise undertaken with Littlefish’s security experts, imparted a good understanding of inter-departmental communications at mhs homes in the event a critical scenario should take place. This led to the organisation improving business communication and planning to facilitate business continuity should the worst happen.