During late 2023, Practical Infosec were fortunate enough to have the opportunity to conduct an engagement with UK-based charity: Parathyroid UK. This project was a personal highlight, delivering the entire end-to-end process to increase their security resilience.
Who is Parathyroid UK?
Parathyroid UK is a small charity based in the UK & Ireland, providing practical and emotional support to those affected by parathyroid conditions. It is run entirely voluntarily by patients who also campaign for better treatment and raise awareness about their potentially life threatening conditions to help educate health professionals. If you would like to get involved with their wonderful work they would love to hear from you. https://parathyroiduk.org/support-us/
What was the engagement and what did it achieve?
Parathyroid UK took the light version of our security health check service as part of the pro bono support we offer for charities and similar organisations, you can find out more here.
This service allowed us to provide clarity on how secure they were today, and provide recommendations on how to improve their digital environment. Learning more about their context, we were able to audit and assess key systems and data.
Using this information and suitable data (cyber breach report data), we were able to analyse key risks and ways to improve. Great progress was also made before the publishing of the report. The whole experience was truly a pleasure and we are extremely grateful to be able to offer Parathyroid UK peace of mind.
Post Engagement Q&A with Liz Glenister, CEO at Parathyroid UK
Below are some thoughts on the overall engagement experience:
Farzan Mirza: So my first question is what situation or circumstances prompted you to seek support from us in the first place?
Liz Glenister: We had suffered a cyber incident a few years ago, but a mutual party of ours had come to our rescue, and continues to keep an eye on us. He flagged up Practical Infosec to me and I thought it was a really good idea to have our security verified as I was worried about the handover*. I wanted to make sure that I was just handing over something that was good and safe, not going to cause anybody else any worries.
*Parathyroid UK are currently in the process of a handover to a new CEO
Liz Glenister: Just the opportunity to find out that we were doing the right thing and was there anything else that we needed to know, should we be doing, were we still at risk?
Farzan Mirza: Perfect, the next question is how was your overall experience working with us? If you had to rate it from one to ten, one being bad and ten being great.
Liz Glenister: Definitely eleven, It's been a joy and a pleasure. Really I was quite scared to be honest because IT is not my forte and I thought it was going to be horribly technical, I wouldn't understand it and It wasn't that at all mainly because of you and how you handled it, with enormous patience and humour.
Farzan Mirza: Glad someone finds me funny! Security can be a very mundane topic at times you felt like that it was communicated okay, there wasn't anything that confused you?
Liz Glenister: No, I felt like you sort of held my hand through the whole thing step by step, made everything very clear, explanations were brilliant. Communication in between our calls was excellent, emails were very thorough. No, I really don't have a single complaint.
Liz Glenister: And I've learned a lot we all have. Which is great.
Farzan Mirza: That's the most important thing. I think some good learning lessons like why not to use “dog12345” as a password.
Farzan Mirza: I'm glad to hear that, this was one of my first end-to-end engagements. I wanted to know from your view that the communication was fine. I wanted to make sure I was reaching out to you appropriately, giving you enough time to get things done. Did it feel quiet at any point?
Liz Glenister: Not at all. No, no, you've been absolutely great. Very efficient. Communication has been great. You've been very respectful of my situation as well. I haven't felt pushed which is very common in these things and I haven't been made to feel silly in any way, in fact quite the opposite.
Liz Glenister: You’ve handled it very well. Just hit a really nice natural tone with the whole thing. It's been excellent.
Farzan Mirza: I'm really glad. When it comes to speaking about security it can be so technical and pressuring. Security normally is viewed as a blocker, “don’t do this don't do that” and that's not how I wish to communicate security. It has to blend practicality and context and alongside other factors.
Liz Glenister: You very carefully managed to humanise the entire experience.
Farzan Mirza: Thank you. Next question, is there anything that surprised you with working with us?
Liz Glenister: Yes because I expected it to be very formal and quite dull. It was informal, relaxed and really interesting. I actually found it interesting!
Farzan Mirza: I wanted to avoid it being very formal, nobody likes to lecture or a school lesson. Whenever we deliver something for example, our training sessions, we try to make sure that it's engaging because I've been on the opposite end of it, you quickly lose track.
Liz Glenister: Yes, yes, and when I think it's important that You feel relaxed as well. And you clearly do and that makes me feel relaxed and when you're relaxed you learn better.
Farzan Mirza: I think you're able to understand the situation so much better just by having a relaxed environment. I'm very grateful for the way that you presented all this information to me. It allowed me to just look at things in detail. Hopefully giving you the right advice.
Liz Glenister: Well you did that and it was very thorough and it was incredibly detailed. It didn't feel burdensome in any way.
Farzan Mirza: Brilliant and final question around the report, did you find it useful and to what you expected? Also, in terms of the report structure was it presented in a way that was clear to follow?
Liz Glenister: I had no idea what to expect and I was very pleasantly surprised. I thought it was very well structured. Complicated things were made simple to understand and the pace was good, which I think is important. I didn't ever feel rushed or pushed.
Farzan Mirza: I wanted to also present the awesome progress we had made during our sessions. Some great wins were achieved.
Something missing from the report, which you made me aware of, were your internal meetings that showed that cyber security was actually an unspoken worry. Probably the best part in the entire process is that people feel more at ease after this report.
Liz Glenister: Yeah, it's really been really helpful and really beneficial to everybody in ways that we just simply weren’t expecting. Thanks from the whole team as well because it's going to have a big knock on effect.
Running in a small charity. it's just been very reassuring for us to know that we've been checked out, we're okay and we're doing the right thing. That's really important to us.
Farzan Mirza: I'm happy we managed to deliver a piece of work that, in your case, was pro bono, but at the same time is still effective and delivers value.
Liz Glenister: Yeah, it's been a wonderful opportunity and we're incredibly grateful to have it. We didn't expect it and it was a great surprise.
Nonprofit without budget to spend on cyber security?
Pick from any of our services (excluding The Security Journey) for free! Find out more information here.
Furthermore, we offer 50% off additional services after the free service has been used. You can see our prices in more detail here.