Cybersecurity is a critical concern for organisations of all shapes and sizes, and that includes charities. When Charity Link first approached KIT365 following a local cybersecurity event, the organisation, which supports 5,000 – 6,000 vulnerable individuals and families across Leicestershire, Rutland and Northamptonshire each year, was looking for guidance on Cyber Essentials accreditation. However, what started as a request for Cyber Essentials support soon evolved into a different cybersecurity challenge
Identifying the challenge
Charity Link was aware that cybersecurity was an area it needed to look at. Laura O’Flynn, operations manager at Charity Link, explains: “The nature of our charity means we deal with sensitive information and we recognised that we had some work to do on our cybersecurity. We knew that Cyber Essentials is a government-approved standard specifically for small-to-medium sized organisations, so we thought that would be a good place to start and asked KIT365 for guidance.”
Before beginning any accreditation process, KIT365’s CEO, Rob Kneller, wanted to first assess Charity Link’s existing cybersecurity measures.
“Cybersecurity isn’t one-size-fits-all,” explains Rob. “Before organisations embark on any accreditation, it’s vital to take the time to understand where they are currently in their cybersecurity journey. If this doesn’t happen, organisations can end up applying for certification before having the right foundations in place and being ready to do so.”
A thorough cybersecurity review
To get a clearer picture, KIT365 conducted an on-site cybersecurity review. Prior to this, KIT365 had shared the Cyber Essentials questionnaire with Laura so the Charity Link team had already identified some potential weaknesses. The review by the KIT365 identified further security gaps and vulnerabilities, and it became clear that improving cybersecurity at Charity Link wouldn’t just involve technical fixes but would also require a shift in the organisation’s culture and an increased awareness of all things cybersecurity.
“Small, everyday habits, like writing down passwords for example, can create significant risks,” Rob adds. “Sometimes organisations are too close to their own processes to see even the most obvious vulnerabilities and that’s why a fresh pair of eyes and an external perspective can be invaluable.”
A shift in approach: laying firm foundations
While Charity Link had initially sought Cyber Essentials accreditation, KIT365 recommended a different approach.
“Rob and his team were refreshingly honest,” says Laura. “They told us that jumping straight into Cyber Essentials wouldn’t be in our best interest at this stage. Instead of just pushing us through the process, which we clearly wouldn’t have been successful at the first time of trying, they recommended we take a step back to reassess and strengthen our cybersecurity foundations first.”
To gain deeper insights into the current situation, KIT365 installed monitoring tools within Charity Link’s IT environment. This allowed the team to track vulnerabilities, identify weak points and highlight any problems. The finding would then inform a detailed assessment of the charity’s security posture.
“Rather than rushing into accreditation, we wanted to equip Charity Link with the knowledge and tools to make meaningful, lasting improvements,” Rob explains. “That meant monitoring systems to enable us to provide a tailored cybersecurity roadmap rather than a generic list of tick boxes.”
Findings and plan of action
After a period of monitoring, KIT365 provided Charity Link with a comprehensive, jargon-free report, which detailed key vulnerabilities and subsequent recommended actions.
Laura was impressed: “The report was incredibly clear and easy to understand. It wasn’t full of complicated technical jargon and it gave us a step-by-step breakdown of where we stood and what we needed to do next.”
Alongside this report, KIT365 provided a vulnerability security assessment and tailored guidance on what Charity Link should be looking for when choosing an IT supplier that would align with Charity Link’s specific needs.
“Thanks to KIT365, we now have a much clearer idea of what to look for in an IT provider,” Laura says. “We’ve gone from making assumptions about our cybersecurity and IT environment in general, to having a clear, evidence-based strategy.”
Building organisational awareness of cybersecurity
One of the key action points for Charity Link was the cultural shift required with regards to how the organisation approaches cybersecurity.
“KIT365 didn’t just focus on technical fixes, but helped and encouraged us to change our mindset too,” Laura continues. “They understood the challenges charities face and tailored the advice accordingly, taking into account any training needs we might have and any financial constraints as well. Their approach was not about fear-mongering and judgement but about education and empowerment.”
Laura has since used the findings to present to the charity’s board of trustees, ensuring that cybersecurity is now firmly embedded in the organisation’s strategic planning.
Looking to the future
With a solid cybersecurity foundation now in place, Charity Link plans to revisit Cyber Essentials accreditation in the next 6–12 months; this time, with confidence.
“We’ve gone from feeling overwhelmed to having a clear, achievable plan,” Laura says. “We know exactly what steps to take next, and that’s all thanks to KIT365’s guidance.”
For Rob and the KIT365 team, this is exactly what cybersecurity support should look like:
“Our goal isn’t just to tick boxes for our clients, it’s to make sure they are genuinely more secure and also more confident in their ability to make the right choices when it comes to cybersecurity. Seeing Charity Link transform its approach to cybersecurity has been really rewarding and we’re glad to have been able to play a role in their cybersecurity journey.”
KIT365’s partnership with Charity Link has not only improved the charity’s cybersecurity but has also empowered the charity to take control of its digital safety moving forward. Through a tailored, transparent, informative and hands-on approach, KIT365 has helped Charity Link navigate the complexities of cybersecurity, ensuring better protection as the charity grows, helping the organisation to work towards cybersecurity excellence.
