Brainkind is the UK’s leading charity helping people to thrive after a brain injury. The services they provide include neurological centres, rehabilitation, residential care homes, and supported living. They provide innovative, personalised and compassionate rehabilitation and ongoing support to people with brain injuries and other neurological conditions.
Brainkind currently support over 400 people with complex needs after brain injuries. Following a strategy review in 2022, they identified six aims to drive the organisation forward; the sixth one was to find the right digital solutions and become a leader in digital change and innovation.
When Graham Fisher, Director of Digital at Brainkind, undertook a review of the organisation’s digital capabilities, the first port of call was to evaluate the security posture in place, and he noticed a number of security concerns that needed attention. This led to some further research and the need to find a security partner which eventually connected them with Vambrace, a company specialising in improving cyber security infrastructure.
Vambrace took an initial look at the Brainkind’s 3-year plan and worked with them to develop a cyber strategy to help get them to where they wanted to be. As Graham explains,
“The first thing Vambrace did was the Security Scorecard. This is part of a free service they offer to charities which identifies vulnerabilities within the organisation and runs scores against third party suppliers to see who is secure and who isn’t. It helped us to look at our partners and see who didn’t meet the standards we required.”
Care services are often part of a wider digital information supply chain and a weak link in the supply chain could have a detrimental impact on a business. When using third-party IT managed services, it’s important to check that whoever handles your systems and data has good security measures in place. As Graham explains,
“We took a zero-trust approach to finding suppliers. Being able to vet and check third party suppliers with Vambrace was very beneficial to us and helped us to engage and connect with the right partners with similar values”.
Bringing people along on a change journey can be a fundamental factor to whether or not it succeeds. Brainkind were moving away from an outdated infrastructure and needed to make sure that staff knew how to use new updated systems safely.
Staff training was updated to include GDPR and IT Security modules, explaining the fundamentals on storing and sharing information safely. As Graham explains,
“The goal was to make tech simple and effective. We wanted to future proof our business, not complicate it. Educating our teams and getting them on board was key to embedding a strong security culture that has pathed the way for new opportunities.”
Brainkind benefited from an additional cost-saving service offered to charities for free by Vambrace, which involved a review of hardware resources. The company undertook a review of the hardware the charity held which was of no use, were able to sell it on and gained charitable donations which were returned to the organisation. As Graham reflects,
“We gained £4,000 on hardware that was no longer of use to us, and we also benefitted from free data destruction as part of one of Vambrace’s green initiatives. They were able to provide us with certificates to prove the data and hardware had been fully destroyed to an appropriate standard”
Brainkind worked closely with Vambrace to identify robust systems for checking and improving cyber security infrastructure across the charity. This includes cyber security services, which incorporates penetration testing, vulnerability scanning, training, and a Manage, Detection & Response service.
Through these services, Vambrace aided Brainkind in achieving Cyber Essentials+ accreditation, which helped them achieve Standards Exceeded accreditation on the Data Security & Protection Toolkit, further demonstrating the organisation’s commitment in maturing their cyber security posture.
With Vambrace powering Brainkind’s cybersecurity capability, it can now identify and eliminate high security risks, aid with asset discovery to decipher what’s out of date and what could be causing issues, and issue reports for different departments on security readiness, competence and industry compliance.
The 2 years following this joint partnership have led to innovative change throughout the charity.
“We now have a new state of the art neurological centre in York and wouldn’t have been able to consider deploying innovative digital technologies without the security updated infrastructure being in place and managed”, Graham says, pointing out the fact that the centre will become a host of new digital innovation going forward
“We’ll be implementing sensor technology, virtual reality, personalisation options and so much more. It’ll be cutting edge technology but not ‘bleeding edge’. It has to be tried and tested, and it needs to serve a person-centred purpose.”
Back to Success Stories