Bernicia has been providing quality homes and services to people in the North East for over 50 years, earning a reputation as one of the country’s leading housing providers. They provide property and estate services to over 60,000 customers.
Bernicia interacts with a wide range of people within the communities they work in, from tenants and third-party contractors delivering services, to local authorities, the police and medical providers. Like every organisation, email provides Bernicia with the most efficient way to communicate with these third parties, and as much of the data they send and receive is sensitive, Bernicia has always understood the need to protect this information, including delivering it to the correct recipient.
"Our board recognises the need to keep both our communications flowing and our clients’ data safe."
Adam Watson, Head of Security & Infrastructure at Bernicia, explains: “As a housing association that’s engaged in both maintaining currently occupied houses and building affordable homes, we share significant amounts of sensitive data. For example, we might need to liaise with a medical provider, the tenant and the building contractor to ensure a home is adapted to any requirements that our client may have.
“As email is the easiest and fastest way to share this data, our board recognises the need to keep both our communications flowing and our clients’ data safe. As an organisation, we’ve got strong governance policies and work to manage risk across the business. We have a big focus on cybersecurity in general, and from April 2020, we ran a project to reassess our email security.”
The team at Bernicia reviewed their current email security strategy, and identified areas of improvement with their existing solution, including usability and limited functionality to ensure emails were being sent to the correct recipients.
Adam adds: “We were working with an email security partner but the user experience was pretty obtuse, as our employees had to use a web portal every time they wanted to send or access an encrypted email. It also wasn’t solving the problem of misdirected email, as nothing was put in the path of the user to stop them from making obvious mistakes and sending sensitive information to the wrong recipient. Ultimately, we needed a better solution to help us meet our corporate goals around compliance and risk management.”
Following a consultation period, Bernicia decided to deploy Egress Prevent and Protect to secure the sensitive data their employees were interacting with on a daily basis and improve user adoption.
Adam explained that deploying Egress into their existing Microsoft 365 environment was a painless process: “At the start of the project, we wanted to know where Egress would stack up in the mail flow and understand how it would fit into the wider picture. Thankfully, the Egress engineer bent over backwards to help every step of the way. And it was quick! I think it only took him about two hours to get us fully set up.”
"Since deploying Egress in the old system’s place, staff have embraced the better user experience."
Since their onboarding, Bernicia’s employees have rapidly adopted Egress to maximise the investment, with Prevent and Protect now being used across the Bernicia Group. “Since deploying Egress in the old system’s place, staff have embraced the better user experience,” stated Adam. “They’ve found the security and DLP prompts unobtrusive and genuinely helpful in their day-to-day roles. Our IT team has also made good use of the Egress Analytics portal, gaining visibility over security advice offered and whether it was taken or ignored by users.”
Adam also explained how Bernicia benefitted from Egress’ existing use with a number of their partners: “We found the uptake of Egress to be particularly easy due to their large footprint within local government, healthcare, and the third sector. It’s made it nice and easy to exchange secure messages with clients, which is exactly what we were after.”
Our mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats.