Review and implementation help improve security operations and response for the UK’s largest membership organisation.
The National Residential Landlord Association (NRLA) is the UK's largest membership organisation for private residential landlords in England and Wales. They support and represent over 95,000 members – a number that grows every day.
As they hold a large amount of client data, ensuring security controls is a foremost priority.
“When it comes to cyber security for the NRLA and our members, the cost of failure is high, while the cost of reassurance is low.” says Alastair Gilchrist, Chief Technology Officer at NRLA.
Detecting and correcting security gaps to ensure data protection
The NRLA was seeking a review of their security controls to identify any gaps in its data security and to provide reassurance and confidence to their own internal Audit and Risk Committee.
As part of their work supporting private residential property owners, the NRLA collect a rich level of data from their members, and so it’s understandable the NRLA team wanted reassurance that their member’s data was secure.
While the NRLA technology team did have previous assurances from an IT Service Provider that their data was secure, there was still a feeling that it would be appropriate for the NRLA to dig a little deeper into their security and set in place stronger mitigation strategies. By seeking further guidance and reassurance, the NRLA technology team was able to report to their Audit and Risk Committee more confidently.
The NRLA was keen for our team at The Missing Link to help identify, mitigate, and control the risk of breach or data compromises in the ever-evolving cyber security landscape.
Forging a strong partnership
Alastair Gilchrist, Chief Technology Officer at NRLA, immediately found the team at The Missing Link to be approachable and knowledgeable, and trust was established straight away.
“Thanks to The Missing Link’s Security Controls Review we now have a comprehensive roadmap to further mitigate the risk of breach or data compromise for our organisation – all for a very reasonable investment."
“After executing the review together, we have absolute trust and confidence in the expertise of The Missing Link’s team. We were impressed with their passion for our security posture, and the time they took to ensure our goals and objectives were met, including their flexibility when it came to preparing a report for our Board.”
— Alastair Gilchrist | Chief Technology Officer, National Residential Landlords Association
The importance of finding gaps and filling them in
We took a holistic posture-based outcome rather than just looking at it on an individual level to determine what security controls the NRLA should implement to improve their security posture. This approach helps us find gaps within an organisation’s security posture.
The NRLA already had themselves assessed against the Cyber Essentials. We used this as the foundation for our investigations to then build a more custom security plan.
The Missing Link was able to prioritise which controls should go in first, by aligning scores for each control and creating roadmap items into phases two and three.
The NRLA also had multiple outsourced parties for some of their solutions, so we could send questionnaires to the third parties who were managing that infrastructure to find out if the solution was the right fit. This meant that if there were gaps in the architecture, we were able to address the issues collaboratively.
At the end of the engagement, we were able to provide clear recommendations and a roadmap to NRLA to uplift their current security posture.
The value of precise Security Controls to the NRLA
The NRLA appreciated how The Missing Link managed to take a very technical report and make it easy to present to the Audit and Risk committee board meetings.
With our flexible and forthcoming approach, the NRLA was able to customise the report and outcomes to meet their needs. After receiving the Missing Link report, the NRLA was able to identify areas where they had adequate controls and where they needed more work. To assist them in addressing those gaps, we included specific recommendations about what needed to happen next.
By providing actionable results and personalised solutions we were able to help the NRLA with a Security Controls Review which led to greater cyber security resilience and presented in a format that could be easily reported back to annual risk committees.
“We've enjoyed working with The Missing Link and felt that our objectives and our goals were aligned. It was a sound investment for us as we are happy to know we are protected in terms of data security and were provided with valuable information for us to act on,” says Alastair.
Reach out to The Missing Link today to engage a security partner committed to transforming your cyber security, like our industry-leading work with NRLA.
