Access to Business (A2B) is the Wolverhampton based charity that supports disadvantaged people in the Black Country towards training, employment and self-employment and enterprise. The charity is an independent and authoritative advocate for those with health problems and disabilities, offering intensive one to one support and running training courses in IT and finance. In 2017, A2B were awarded the ‘Queens Award for Voluntary Service’ which is the highest award given to volunteer groups across the UK. During the Spring lockdown, the charity managed to put their services online in a record time in order to continue supporting their clients and in the same year became Cyber Essentials certified. I spoke to Elvira Wilson, the Business, Finance and Compliance manager to ask her how they did it and to compile an Access to Business Case Study.
“We are quite a medium size charity, with 22 employees, and it is important for us when procuring contracts to demonstrate the quality of our work. We already have ISO 9001, Matrix quality standards, and also Disability Confident Leader quality framework.
Last year our website was badly hacked and we were unable to clean it out so we had to totally re-write the whole website. It was a difficult exercise and a very worrying experience. Cyber security and data protection was always very important to us but it was difficult to know if we were doing everything that we should. We also started to notice that contracts were increasingly asking for Cyber Essentials certification and we realised that this pathway really fitted in very well with what we needed to do. We had a look at different schemes, but Cyber Essentials was affordable and it also included cyber insurance.
We felt positive when we logged on to the Cyber Essentials questionnaire for the first time in February, and although we didn’t satisfy everything straight away, we took our time to try to improve systems and work through different processes, for example, enabling some dual authentication. Of course, half-way through this process, we all had to work from home so things were even more difficult. When we started to work from home, we had to provide staff with IT equipment to work from home. Cyber security essentials checklist helped us to understand what we have to put in place to ensure compliance while working from home. We engaged with our IT Consultants, Pedmore Computer Services Ltd and Tinsley NET IT Support Services to obtain specialist advice and support.
It was useful to go through the Cyber Essentials Self-Assessment questionnaire to ensure you are consistent in your approach and do not do too much or too little. When we submitted our assessment, we received the feedback that our router was out of date! We only had a couple of days to make changes and with the support of our IT consultants we managed to upgrade the router to a new compliant one.
Overall, we made several important changes to systems and procedures and also received a Cyber Security Insurance cover as part of our accreditation. I feel confident to know that we comply with essential standards and our data/systems are safe. I felt that the whole process was very helpful. Our Chief Executive and the board were very supportive, everyone understands how important it is and validated the money and time invested.”
Like many extraordinary people who work in the Charity sector, Elvira is not a stranger to making things happen out of nowhere. In a previous roles, she managed the IT Systems for a large independent women’s refuge in Wolverhampton and also involved with developing a brand new college for women in the desert of Saudi Arabia, Elvira was responsible for managing support services which included setting up servers and connecting around 350 computers. So, in the year COVID 19 forced businesses to close their doors to their customers and operate entirely online, Access to Business managed to very quickly turn things around and find new ways to support their clients.
“We had never used Microsoft Teams before, we had to learn quickly, we had to develop and deliver webinars, and it was a steep learning curve for everyone. In two or three months we managed to change our provision to totally online and support the same number of clients that we supported before. That was quite phenomenal and we’re all proud of that”.
Before lockdown, many of the services that A2B offered were available to local people due to their location in the Black Country. Now, they are all online and many are also available to anyone in the UK.
The IASME Consortium in conjunction with some of our Certification Bodies, are offering both the Government-backed Cyber Essentials and the IASME Governance certifications at a discounted price. If like A2B, you are a charity looking to protect your organisation from cyber-threats, find out more today and receive a discounted certification for your charity as part of the #cybersecurecharities initiative.
Please note, this blog may contain guidance and information that is outdated.
On 24th January 2022, the Cyber Essentials technical requirements were updated in line with current cyber security threats. The self-assessment question set changed from version ‘Beacon’ to version ‘Evendine’. Blogs and articles published before that date, may no longer accurately reflect the Cyber Essentials requirements.