The Disabilities Trust is a charity working alongside people with an acquired brain injury to help them live as independently as possible. It’s the largest not-for-profit brain injury service provider in the UK, and its services support around 750 people each year.
Its work is crucial – and with its focus on frontline care and its contact with vulnerable adults – the impact of a data breach could be devastating.
In the face of significant insider threats and the growing risk of ransomware attacks, it needed a total overhaul of its web and cloud application security to protect staff and patients alike. And as a non-profit with a small but dedicated IT team, it needed to achieve that overhaul as quickly, efficiently, and cost-effectively as possible.
The inside-out threat
When Graham Fisher, The Disabilities Trust’s Director of Digital, joined the organisation, its user activity and privacy controls needed significant attention. As Graham explains, ‘The biggest threat for us is the insider threat – inside out, not outside in. Whether that’s leavers exfiltrating our IP or confidential patient information being unwittingly shared on public forums, the impact could be critical – both reputationally, and for the people we support.’
‘That means we need to be able to carefully control which sites are used, and what apps our data flows across. However, before working with Censornet, we were trying to manage web filtering through very large, externally-managed firewalls. It was complicated and far from agile. We needed to own and drive the filtering ourselves and get a clear understanding of the patterns of information coming in and out.’
To meet these requirements, The Disabilities Trust decided to implement a Security as a Service approach. In Graham’s words, ‘We’re not security specialists – to buy endpoint products in and implement them ourselves is expensive. So the economies of scale of using a SaaS approach were far better.’
They were keen to work with a locally-based business they could meet in person. So they turned to Airnow Cybersecurity, who became one of their core partners and introduced them to Censornet.
Keep IT simple
Graham continues: ‘Our starting point with Censornet was that we wanted something effective and easy to deploy that would work straight out of the box. My mantra is to keep IT simple and easy to consume, and we knew there would be a huge benefit in acquiring that level of tooling without having to build it ourselves.
‘We ran a demo, and within 20 minutes we had pushed the agent to the desktop with rule-based criteria and were applying standard rules. Within an hour we could start blocking risky web and cloud app activity: the account was up and running almost immediately.
‘It was really easy to use. There were no complex environments, we didn’t need to get certified to use it, and there was no complex training required. As a busy IT team supporting over 1,000 employees, that was a major benefit: my IT engineers, who aren’t security specialists, can use it confidently, broaden their skills and venture into the world of IT security.’
Culture transformed, people protected, innovation enabled
Censornet has played an integral role in centrally managing web browsing and cloud application usage at The Disabilities Trust, ensuring it can discourage risky activities and behaviours.
Graham continues: ‘It’s truly changed the culture for the better, alongside a programme of training for staff on the seriousness of cybersecurity risks. We’ve moved from an open, easy-access, laid back culture to being a self-conscious, secure organisation that is very aware of the implications of not protecting itself.’
Censornet’s web and cloud application security hasn’t just enabled The Disabilities Trust to block access to risky sites and prevent data exfiltration. It’s also helped reduce other expensive, inefficient processes, such as unregulated procurement, ensuring only approved supplier sites and apps are accessible from within the organisation.
On top of that, Censornet’s integrated platform gives Graham’s team access to granular, user-friendly reports, which enable them to evaluate their complete environment, deeply understanding infrastructure and uncovering gaps in their protection.
‘I now share the intelligence we get from our data on a quarterly basis to our audit and risk committee – right down to the level of how many frontline staff are trying to access blocked sites – so we can quickly address any growing threats.’
Security isn’t out of reach for charities
For many charities, enterprise-grade security is seen as a prohibitively expensive option – forcing them to make do with substandard solutions, putting their data at risk. But as Graham concludes:
‘Censornet showed us that high-quality security can be done affordably, on a budget that fits all tastes. Nobody should go without security. If you’re in the situation we were, evaluate your core risks and get a solution in place. It can be done, and it doesn’t have to cost the earth.
‘And with this security foundation in place, The Disabilities Trust can move forward digitally. We aspire to be at the absolute cutting edge on brain injury support, and security is enabling us to progress in that space. Censornet’s security provision is a core element in our digital growth and innovation.’
You can find the full case study here.