Empowering Enable to support communities throughout Scotland

Founded in 1954, Enable is one of the fastest growing and most impactful charities in Scotland, which “believes in an equal society where everyone has the right to live, work and participate as active and respected citizens in the communities of their choice.”

Enable consists of three pillars: Enable Cares, Enable Works and Enable Communities. Across the group, and throughout Scotland, Enable delivers:

• Self-directed health and social care support
• Employability, education and training
• Community projects and campaigns.

Employing 2,500 staff and with 12,000 members and supporters, Enable is one of the 40 largest non-public sector employers in Scotland, and actively supports over 13,000 people to live independently as active citizens in their local communities.

As one of Scotland’s largest charities, the organisation is on a multi-year mission to digitally transform its operations. It’s determined to digitally enable its entire workforce so that they can use the latest tools to increase efficiencies to deliver first-class services to improve living standards for tens of thousands of families.

Setting out on its transformation journey several years ago, Enable’s leadership team knew from the start that building strong cyber resilience was one of the pillars of its ambitious programme.

“We invested a lot in digital transformation but lacked the relevant security controls to thoroughly monitor our IT estate,” explains Jacquie Anderson, Head of ICT and Change at Enable.

Flagging phishing emails with the Big Red Button

“Quorum Cyber is willing to help us on our journey but they appreciate that we’re a non-profit organisation without deep pockets,” says Jacquie. “When we started working together, there was no helicopter view of Enable’s IT estate, no clear view of our security. Working alongside Quorum Cyber for several years, we feel safe that they have our backs so that we can focus on delivering the best service we can to all the people we serve throughout the country.”

They focused on protecting their users from phishing emails with the Big Red Button – a simple and effective service that allows employees to notify, at the touch of a button, Quorum Cyber’s security analysts of any suspicious emails they receive.

This service was particularly important for Enable, whose frontline employees’ primary responsibilities are to help and care for people with disabilities and long-term health conditions, and who use a mobile phone rather than a laptop and who don’t work in an office. Phishing remains one of the most common tactics for threat actors to attempt to infiltrate organisations, and so all employees must play their part by identifying and escalating any suspicious messages.

Jacquie continues, “Having this key service delivered by Quorum Cyber is integral in giving ICT and Enable the comfort that any reported suspicious emails are thoroughly reviewed by Quorum Cyber and we are given the go-ahead to proceed or take the relevant actions to remove these suspect emails from our estate.”

Comprehensive security up to 2026

Having benefitted from Quorum Cyber’s protection of a three-year Managed Detection and Response (MDR) service from 2020 to 2023, Enable recently signed an extension to the contract with Quorum Cyber, under the watchful eye of the Security Operations Centre (SOC) team based in the UK. This deal keeps round-the-clock monitoring, detection and response in place through the current hostile and unpredictable digital climate, until 2026.

“There’s no way we could run a 24×7 SOC ourselves,” says Jacquie. “This contract means that no matter where I am in the world, I can trust Quorum Cyber to protect our organisation. Having a competent SOC team running our MDR service allows me to sleep at night. There are robust processes in place which includes proportionate delegated authority, allowing them to make the right evidence-based decisions and take the most appropriate actions on Enable’s behalf at any time of the day or night. I trust them 100%.

“When the time came to renew our contract, it was a very easy decision to make. The relationship, partnership, trust, and cost made it straightforward to continue as we were. We’re a large organisation, so naturally we were approached by numerous security vendors, but we didn’t need to undertake a lengthy and costly open procurement process, as we were satisfied that a continuation of the partnership was not only competitive financially, but robust and reliable operationally.”

With experienced cyber security professionals in hot demand, more organisations like Enable are calculating that it’s often better to outsource a managed service like MDR and leave the challenges of hiring, training, and retaining qualified cyber security analysts to a professional cyber security company to tackle.

All of Quorum Cyber’s services include 24×7 access to Clarity, a single dashboard for customers to see the security of their entire IT estate, and how the SOC is handling any incidents in real time. “Clarity is a fabulous tool for our team,” explains Jacquie. “It doesn’t only tell us what our vulnerabilities are, but it explains how we can fix them. And the beauty of it is that it’s not cluttered with technology jargon, so I can download service reports from it and pass these to the Enable board for them to see the continuous evolution of our cyber security posture.”

Part of the cyber security community

“Quorum Cyber is there for the greater good and they don’t want their customers to fail so they can charge them more, they want them to continuously improve and become more resilient,” says Jacquie. “This comes through whenever I speak to anyone at Quorum Cyber. You can feel the passion from the top down. The whole team wants to collaborate and help their customers – we really feel like we’re part of the community.”

Although Enable feels assured it’s in safe hands, it’s not dropping its guard. Everyone in the organisation is well aware that success can breed complacency, and complacency can lead to a breach. As such, Enable’s team is now looking at other services to enhance their security even further.