East Anglian Air Ambulance

Two Factor Authentication

Industry:   Charity
Location:  Norwich and Cambridge

East Anglian Air Ambulance

East Anglian Air Ambulance (EAAA) is a charity that exists to save lives by delivering highly skilled doctors and critical care paramedics by air or car to seriously ill or injured people in the region.

A life-saving charity that is only kept airborne thanks to their incredible supporters.

EAAA operates out of two bases covering the region 7 days a week with a crew consisting of a specialist HEMS (Helicopter Emergency Medical Service) trained Doctor, Critical Care Paramedic and 2 pilots. Currently, EAAA operate a 7am to 7pm shift from the Norwich base and a 7am – midnight shift at the Cambridge base, with extra 7pm – 7am cover in Norwich utilising the rapid response vehicle.

Their vision is to become a life-saving service that is operational 24 hours a day, seven days a week by 2020 however they need to raise an additional £1million a year to achieve this.

For more information or to support please visit: www.eaaa.org.uk/support-us/mission24-7


EAAA offers a vital service to its patients, both through on-scene emergency care but also quick transfer to the appropriate hospital, delivery of first aid training and dedicated aftercare.

All this crucial support relies on donations from the general public to keep it running.

A huge amount of data is required to be stored within the charity, including sensitive information such as the personal details of both patients and supporters. EAAA are committed to ensuring the ongoing security of all of their stakeholder’s data, not only to protect their supporters but also to protect their future.

Strengthening security
The charity utilises email and online security software including Mimecast and Webroot. These solutions deliver increased protection against cyberattacks, with continuity during, and automated recovery following a breach. However, the focus of EAAA is to show increased cyber resilience and the ability to adapt and respond to all threats. A primary challenge is to improve email security, including phishing and spear-phishing – 94% of organisations have now experienced phishing attacks*.

Email attacks are on the rise, specifically impersonation or business email compromise (BEC). Attackers are looking to gain access to funds, sensitive data or login details. The consequences of a breach are far-reaching and can be irreversible, including heavy fines, prosecution and reputational damage. For EAAA, a breach would mean a loss of confidence from its valued supporters, perhaps even bringing to an end the crucial funding the charity relies on to carry out its life-saving work.

EAAA’s employees, as with any organisation, present one of the charity’s biggest cyber risks. Human error is now a contributing factor in more than 90% of breaches.* The challenge is to mitigate this threat, securing data and helping users detect and side-step email attacks.

*Statistics from Mimecast, The State of Email Security Report 2019.


Breakwater IT worked with EAAA to identify and implement security improvements to prevent breaches as a result of attacks on emails.

Solutions included
• Two Factor Authentication (2FA)
• Attainment of Cyber Essentials Plus
• Employee engagement and training
• Improving existing hardware to provide further encryption and security

With a large employee base, including charity and clinician teams and volunteers, all based across 4 counties and a mobile workforce that comprises 50% of personnel; it was necessary to fully involve and inform all users as to why and how these new solutions were being introduced.

Two Factor Authentication
The project started with a testing stage, with 5 users measuring the impact 2FA had on their day to day work as well as understanding the benefits of Office 365 and training needs for all their users.

Once the testing was complete, 2FA was rolled-out against each user’s Office 365 account. EAAA and Breakwater decided that it would be more beneficial to carry out the 2FA authentication at the same time as the new Office 365 installs. This gave the EAAA facilities team time to spend with each team member going through the process (following staff meetings). Some of the installation could be carried out remotely by Breakwater, meaning minimal disruption to users’ workloads.

Authenticator App
Breakwater also attended a clinician training day, enabling 2FA to be activated to a larger number of users in one sitting. When users log into their Office 365 account they are now required to approve their sign-in request using the Microsoft Authenticator app.

Authenticator provides an extra layer of security in addition to a PIN. It is a quick and easy way of signing into a personal Microsoft account, preventing unwanted identities from breaching data.

This method of approval also shows details of compromised accounts, EAAA are able to get in contact with Breakwater if there is ever a sign-in request when they are not knowingly trying to sign into an Office 365 app.

Cyber Essentials Plus
Breakwater supported EAAA through their Cyber Essentials Plus certification, providing reassurance across the charity that cyber security is taken seriously and the right controls and protection is in place. Cyber Essentials gives protection against a wide variety of the most common cyberattacks and shows a commitment to:

• Securing internet connection
• Securing devices & software
• Controlling access to data and services
• Protecting from viruses and other malware
• Keeping devices and software up to date.

Engagement & Training
Ongoing employee training is one of the most effective ways to combat users clicking on phishing emails and inadvertently causing a data breach.

EAAA recognise the important of user engagement and prior to the launch of 2FA, they presented on the benefits it would deliver, the nature of cyber threats and how to avoid an attack.

*Statistics from Mimecast, The State of Email Security Report 2019.


EAAA are now in a position to be able to continue to develop the support their charity offers and receives, safe in the knowledge that they have implemented significant security improvements, making it almost impossible for a breach to occur via a phishing email.

“Installing 2Factor Authentication alongside our upgrade to Office 365 has been an extremely critical part of EAAA’s commitment to data security. The project itself was challenging (for both EAAA and BWIT) and took longer to complete than initially expected. This was partly due to being the first client of Breakwater’s to adopt 2 factor; which meant that their team were learning about the intricacies at the same time as us, however, I would have no doubt in recommending the team for their support, enthusiasm, patience and commitment to data security.

The other main reason for the extended implementation timeframe was due to the nature of our clinical and remote teams’ availabilities to ensure full training was provided and set up was carried out successfully. Breakwater have continued to provide us with a good level of support as we have further engaged with Microsoft 365.

Installing 2factor has provided us not only with a much higher level of security for our data, but with the assurance that all of our teams have an efficient and effective means of authenticating their validity for system use. By engaging with the 2fa process, cyber security is regularly brought to the fore front of the teams’ minds.”

Louisa Sharpless EAAA

Download PDF Version

Discover how Breakwater can help your business. Call our team today on +44 (0)1603 709300 or email enquiries@breakwaterit.co.uk

Toby Kalkman

Systems Engineer

I am a technology enthusiast, and as a Systems Engineer I am in a great position to continually develop this  – working with the Breakwater team, clients and our technology partners to understand more about emerging products and expertise and how these can support organisations.

View my profile >

Case Study

Indigo Swan

Infrastructure Upgrades and Office 365 Industry: Energy Consultants Location: Norwich

Indigo Swan
Read more
Game Over

You scored


You Ranked


Enter your details to submit your score and join our leaderboard…

I agree to my email address being used for marketing campaigns.