Redflags™ Real-time Security Awareness
RedFlags™ is a highly innovative security awareness software service; applying behavioural and learning science to deliver ongoing, context-aware and real time security awareness.
Manage operational risk from cyber-attacks targeting staff; measure engagement; meet compliance goals; keep content refreshed and relevant; allow staff to get on with delivering your business goals.
Features
- Engage employees with interesting/relevant guidance
- Impart actionable advice, policy and best practice…without feeling like it.
- Click through to more detailed content for the curious.
- GCHQ accredited content.
- Deliver real-time security alerts to the desktop during an incident.
- Highlight the threat of phishing, when employees are in email.
- Drive behaviour change with dynamic, realtime nudges to risky behaviours...
- ...USB use, web import/export, attachment handling, links in emails, etc
- Gain visibility of engagement, content dwell times, click throughs, Q&A.
- Timely awareness interventions, at the point-of-risk, encourage secure decision making.
Benefits
- Reduced compliance burden: measurement, engagement, gentle nudges to compliance.
- Reduced operational risk: users are nudged to make secure decisions.
- Reduced user impact: low-friction engaging content drip-fed through the year.
- Greater awareness retention.
- Increased visibility of risky behaviours.
- Measurement of engagement.
- Continually refreshed and updated content.
- Relevant to staff personal and home computer use.
- Quick and easy deployment with no AD or Outlook dependencies.
- Delivers the true objective of awareness – secure behaviour change.
Pricing
£1.80 to £48 a person a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 4 2 8 9 2 1 3 6 3 3 7 2 9 5
Contact
Think Cyber Security
Tim Ward
Telephone: 0203 151 8045
Email: tim.ward@thinkcyber.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
- Client supports.Net Framework 3.5+ (Windows 7, 10)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Direct support not required by users.
Support provided to IT / IT security Product Owners
48 hours - User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Customers can contact our support services via our help desk email address support@thinkcyber.co.uk.
Contact automatically creates a support ticket, which is then allocated to the relevant support team to progress.
ThinkCyber will aim to provide initial confirmation of receipt targeted within 60 minutes.
Feedback / query response targeted within 48 hours. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
1) Onboarding kick off to agree scope of product use and any customisation requirements
2) Campaign and content design phase if procured
3) Issue installer for IT team review, deployment and connectivity configuration
4) Advice and guidance for managed roll out by IT team
5) Agree content go live
6) Commence measurement and reporting aspects of service - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Reports on engagement are available on a monthly basis.
Full exports of raw engagement data can be issued on request. - End-of-contract process
-
Delivery and display of awareness content will cease at the end of the contract. Content can be continued on renewal.
Reports will remain available for 30 days at end of contract.
Customers are requested to uninstall the software application from client machines.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
-
Reports are accessible from our Redflags Portal allowing client administrators to view staff engagement with Redflags™ stories and nudges, including dwell times, click throughs to more information and answers to any questions. Where users have been nudged for a specific behaviour, the number of nudges per user and their engagement with delivered content will be included in reports, offering a measure of risky behaviours.
Content is curated by ThinkCyber administrators to client requirements. - Accessibility standards
- None or don’t know
- Description of accessibility
- Service interface used solely by client support teams. Uses standard email tooling.
- Accessibility testing
- None
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Bespoke services are available to use the RedFlags™ framework to deliver customer content and branding through each of the delivery mechanisms available:
RedFlags™ Phishing Threat Awareness: Customer sourced phishing examples integrated into syllabus by ThinkCyber where appropriate – as part of the service.
RedFlags™ Alerts: Customer sourced alerts. Customised by the customer as part of the service.
RedFlags™ Security Stories: Customer own content and branding. Customised as a chargeable service by ThinkCyber.
RedFlags™ Behaviour Change Triggers: Campaign design / customer content and branding. Customised as a chargeable service by ThinkCyber.
Scaling
- Independence of resources
- Our service will scale if user demands exceed processing capacity.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Across all of the RedFlags™ toolkit, your security awareness team gains visibility of engagement, dwell times on content, click-throughs and answers to questions per user and in aggregate. These are accessible through the Redflags™ portal.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
-
Reports on engagement are issued on a monthly basis.
Raw engagement data can be issued on request. - Data export formats
- CSV
- Data import formats
- Other
- Other data import formats
- No data upload required
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Content is pushed down to clients removing dependencies on external services for delivery of the service.
Content servers reside in Amazon Web Services (AWS).
AWS use commercially reasonable efforts to make the Included Services each available for each AWS region with a Monthly Uptime Percentage of at least 99.99. - Approach to resilience
- Available on request
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Other
- Other user authentication
-
Users access service through logging into corporate desktop. Application access to content secured via client certification authentication, and certificate pinning.
Reporting portal access requires 2FA. - Access restrictions in management interfaces and support channels
- Access to management interfaces is restricted to individual (fully qualified) IP addresses.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Other
- Description of management access authentication
-
Management access is authenticated via username and (strong) password. Access to management interfaces is restricted to individual (fully qualified) IP addresses.
Access to server configurations requires 2FA
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- IASME Governance Standard
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
-
Cyber Essentials.
IASME Governance Standard
Our governance processes align with the IASME governance standard. - Information security policies and processes
-
Information Security governance is owned at Company Board level. Our overall approach is driven by a combination of risk- and compliance-oriented factors.
We define our own information security policies and processes, aligned with Cyber Essentials and the IASME governance standard.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Tight control to smallest possible number of administrators who can change configuration.
All software products are stored and managed in a version control / software configuration management toolkit.
Deployments are run through a testing process before release.
Major changes/releases are agreed by a Change Advisory Board. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Proactive patch monitoring and rollout. Periodic vulnerability scanning/penetration testing, including on new releases. Remediation of all Critical/High/Medium vulnerabilities.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Monthly assessment of available log data to identify a defined set of anomalies.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Recording of incidents in an incident log, and reporting to board level. Incidents involving personal data to be handled in accordance with GDPR requirements.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
As an organisation we have committed to be Net Zero in 2022 - Equal opportunity
-
Equal opportunity
We are an equal opportunity employer and have staff from a very diverse range of backgrounds.
Pricing
- Price
- £1.80 to £48 a person a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
2-4 week trial demonstrating RedFlags™
Phishing Threat Awareness and RedFlags™ Security Stories capabilities