Case Study

Safeguarding DEBRA UK's Digital Mission

Charitable organisations like DEBRA UK face increasing cyber threats due to their perceived vulnerability and the sensitive data they hold. DEBRA UK sought to enhance its security measures to protect donor information and ensure operational integrity.

Michael Bradley April 2024 • 5 min read

Background

DEBRA is a UK-based national charity and patient support organisation dedicated to individuals living with epidermolysis bullosa (EB), a group of rare and painful genetic skin conditions that cause the skin to blister and tear at the slightest touch.

Their mission is to provide crucial community care and support for people living with or directly affected by EB and to conduct research to secure effective drug treatments for every type of EB. As their online and store presence grew, DEBRA UK recognised the imperative need for robust cyber security measures to safeguard donor information and maintain trust.

“We exist to make a difference to the thousands of children and adults in the UK affected by EB. Without our loyal donors we simply couldn’t do this which is why it is critical to us that their personal data is protected. A&O Cyber provided sound technical advice and a seamless experience. They understood our needs, and we now have a clear path forward to strengthen our security posture.”

- Martin Rolfe, IT Manager, DEBRA UK

Objectives

Protect Donor Information: Ensure the security of sensitive donor data such as PCI and PII.
Verify Security Controls: Validate the effectiveness of existing security measures across digital platforms and 94 physical retail stores.

Solutions

DEBRA UK engaged A&O IT Group’s cyber security consultancy (A&O Cyber) to conduct a thorough security assessment. Key components included:

Internal and External Infrastructure Assessments: Analysed endpoints and services, tested perimeter security.
Retail Stores Infrastructure Assessments: Verified security of in-store PoS devices, consistency of security configurations, and assessed their overall attack surface.

Results

Reduced attack surface: Assessments identified legacy systems which have since been decommissioned.
Enhanced network security: Highlighted areas where network segregation could further improve security.

Conclusion

By investing in comprehensive cyber security assessments, DEBRA UK not only protected its sensitive information but also fortified its digital infrastructure against evolving cyber threats. This case study highlights the importance of proactive cyber security measures in safeguarding the operations and reputation of charitable organisations, ensuring they can continue their vital missions without compromise.