Claranet Limited

Social Engineering Assessments

Social Engineering covers an almost infinite range of techniques and approaches designed to trick employees into providing a level of unauthorised access to a network or system which could then be used as a platform for a wider cyber attack. Activities include phishing, vishing, smishing, and physical access breach simulation.

Features

• Phishing and spear phishing campaigns
• Vishing and smishing campaigns; for example helpdesk spoofing
• Physical access breach simulations
• Baiting; for example USB drop exercises
• Open Source Intelligence Gathering (OSINT)

Benefits

• Understand how well your employees withstand typical human-foscussed attacks
• Track responses and apply targeted training where needed
• Design effective defensive policies and procedures
• Turn a potentially uncontrolled weakness into a strong defensive layer
• See your organisation as attackers would
• Raise security awareness by empowering employees
• Benefit from experienced testers using robust, real-world methods
• Demonstrate internally and externally that attack vectors are understood

£1,000 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

103262886743502

Contact

Claranet UK Bid Team
020 7685 8000
UK-bidteam@claranet.com

Planning

• Planning service: Yes
• How the planning service works: Claranet works with clients to design a series of social engineering activities that accurately reflect the risks to the data being protected. An example; the most common form of social engineering, and the one with the highest success rate, is still phishing. This type of attack simulation will be appropriate for any organisation where staff handle sensitive data. Sometimes a simple generic email template will be deemed sufficient to entice an employee to take a potentially dangerous action. However sometimes industry or department-specific content will increase the chances of employees being deceived and will be considered by the organisation as a likely threat due to the ease of finding individuals and their roles through social media information gathering. In cases like these, Claranet helps the organisation to understand its threats, from which perspectives the simulated attacks should be delivered, and what approach is considered the most likely to succeed. Our extensive experience suggests that any social engineering exercise should be collaborative and consultative and Claranet provides clear guidance and advice as to how best to design and deploy such activities, and how to interpret the results and take appropriate actions to strengthen the defense.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Cybersecurity awareness training for non-IT staff
  • ISO27001 Auditing
  • Cyber Essentials
  • Red Team Exercises
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Other
• Other security testing certifications: OSCP

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Social Engineering exercises consume technical resource and a specific skillset and therefore carries a lead-time between order and delivery. This lead time varies and should be considered when planning delivery of testing during a project. Please ask for current lead times. Although testing can be delivered out of office hours (9am-5pm), this is chargeable at a higher rate and can be subject to longer lead times as the amount of available resource will be lower. Although social engineering is seen as real-world attack simulation, we are always bound by the appropriate laws and other limitations agreed with clients.

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Claranet provides support around the social engineering it provides in the form of pre-test scoping assistance (helping the organisation to select appropriate attack perspectives), guidance regarding suitable levels of access for the attack simulations, as well as training and advice following completion of the tests. Support is priced based upon the technical resource it requires and is calculated based upon the day rate for penetration testing. All engagements are assigned a technical resource (in this case a penetration tester) and an account manager (for project management, commercial negotiations and resource scheduling).

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS
• ISO/IEC 27001 accreditation date: 06/06/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 7Safe Limited
• PCI DSS accreditation date: 01/01/2019
• What the PCI DSS doesn’t cover: Our PCI-DSS only covers physical security requirements 1 to 8. 10 and 11 are not covered
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO22301

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sustainability is a core element of our CSR strategy. At Claranet, we recognise the significance of our environmental footprint, even if it’s small, and are dedicated to perpetual improvements in energy conservation and waste minimisation throughout our operations. Our Senior Management Team has defined environmental and energy policies with a structure for setting and revising environmental objectives and goals.; • Our approach to environmental management includes:; • Committing to lessen our environmental impact.; • Integrating environmental performance and management into our business practice.; • Encouraging recycling and eco-awareness across our workforce, clientele, and suppliers.; • Reducing eco-toxic emissions from company vehicles.; • Reducing our energy use.; • Aligning with stakeholders to meet or excel in environmental standards.; • Adhering to applicable environmental laws and regulations.; • Conducting regular audits to measure and report on environmental metrics and establish goals.; Our energy management is focused on:; • Complying with legal standards for energy use.; • Implementing and, where possible, exceeding best practices for energy management.; • Allocating resources to meet our energy objectives and improve our management system continuously.; • Procuring energy-efficient solutions and services when feasible.; • Using data to monitor significant energy use and set targets for reducing consumption across the enterprise.; Our commitment to sustainability is reinforced by certifications such as ISO14001 for Environmental Management, ISO50001 for Energy Management, and the Cisco Environmental Sustainability Specialisation.; Aiming for net zero by 2050, we are proactively seeking ways to achieve this sooner. Our efforts are transparent, with an external Carbon Reduction Plan available upon request.

  Equal opportunity

  Offering the opportunity to advance our people’s professional development is one thing, however, ensuring that everyone, no matter who they are, has that opportunity is something that we pride ourselves on. Diversity and Inclusion is a highly regarded topic at Claranet and one that we strive to work towards. We are committed to driving diversity and inclusion in a measurable way. ; Our HR and Management teams are working closely on diversity and inclusion initiatives to support the reduction in the gap in pay between men and women. We have a group of employees who have volunteered themselves to work together the ensure some of the most meaningful diversity and inclusion dates throughout the calendar year are acknowledged and/or celebrated with the goal of ensuring all of our employees feel a sense of belonging at Claranet. We are a signatory with the Tech Talent Charter (TTC) who pride themselves on bringing organisations together to drive greater diversity and inclusion within the Technology sector. Not only does this support women getting into technology, but those from multi-ethnic and lower socio-economic backgrounds as well. We are excited to be a part of this movement and hope to contribute to making the UK technology sector truly inclusive. We are also one of the founding members of the Technology Community for Racial Equality (T4CRE). We are proud to support this organisation that is focused on promoting diversity, equity, and inclusion in the technology industry (https://tc4re.org/who-we-are/). ; Our recruitment strategy and policy also heavily supports this. The makeup of our Senior Management Team further evidences our commitment to inclusivity, as it continues to represent an equal split between men and women, which is essential to leading a diverse workforce and promoting equality.

  Wellbeing

  Claranet are passionate about people and fostering a healthy and nurturing work environment.; Our dedicated Wellbeing and Engagement team, work in partnership with external providers to deliver our health and wellbeing scheme: Health is Wealth. The scheme is comprised of talks led by professionals, access to exercise classes, discounted gym memberships and access to a fully trained Mental Health First Aiders team. Some of our notable events include, a Stress Awareness seminar, Disability Awareness talk delivered by Lee Spencer, Employee led activity to celebrate Neurodiversity Week, Women in technology celebrations, Happiness in the Workplace celebration week and Imposters Syndrome webinar. Our in-house team plan employee activity based on employee feedback and suggestions, enabling us to deliver a very diverse programme and support network within the workplace.; In conjunction with this we also provide all employees with access to the Employee Assistance Program (EAP). This facility provides an independent, confidential, and unlimited service available 24 hours a day, 365 days a year. It provides access to specialist professionals who offer advice on stress and anxiety as well as a range of other issues such as bereavement support, legal guidance, and health related issues.; Our employees also benefit from core and voluntary benefits including dental cover and private medical that covers pre-existing conditions with a range of options to cover partners or families. Voluntary Critical Illness Cover of up to £150,000 also gives our employees and their families financial and practical support at times of need.

Pricing

• Price: £1,000 to £1,500 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.