S3 Ltd

BoxPhish - Security Awareness Training & Simulated Phishing

Boxphish provide interactive training courses and real-world phishing simulations to educate and protect our users

Features

• SaaS UK Based Security Awareness Training - Easily Accessible
• Delegated Administration - Assigned admin
• Varied Resources - includes videos, quizzes, infographics etc
• Hints & Tips: Security tips for end users, NCSC aligned
• Fully automated managed service - rely on our experts
• Microsoft365 & Google integration & SSO
• Interactive Reporting Suite & Dashboard & Phish Report Button
• Phishing Simulation - test your users and track results
• Continuous Security Training & Evaluation
• Pre-Configured & Completely Bespoke training content/journey

Benefits

• Dramatically reduce your phish prone users
• Improved end user awareness to spot cyber attacks
• Real time dashboard showing risk in organisation
• Greatly reduce the risk to the organisation
• Create a company wide security culture
• Boost organisation-wide cyber resilience
• Seamless user syncing and management

£4.14 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

601972218376353

Contact

Tony Mason
01628 362784
tony.mason@s3-uk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Browser
  • Internet Connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide UK office hours support directly, including technical and best practice related questions. The client also has access to a dedicated Customer Success Manager (CSM) who will assist throughout the subscription period. On top of this the full KnowBe4 technical support service is available on US hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: P1 = 1 HOUR; P2 = 2 HOURS; P3 = 4 HOURS; P4 = 1 DAY
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Managed onboarding process including training, online training modules, user guide and dedicated Customer Success Management for any additional training requirements throughout the subscription period.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: MP4
• End-of-contract data extraction: Via our Reporting tool as CSV or XLS
• End-of-contract process: Access to the portal is revoked and data delated in line with the DPO

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Fully accessible through the mobile browser
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Accessed through a browser
• Accessibility standards: None or don’t know
• Description of accessibility: They can use the user interface to interact with the product and access will depend on which rights each user is granted.
• Accessibility testing: N/A
• API: No
• Customisation available: Yes
• Description of customisation: Boxphish are a UK based provider of engaging and automated online security awareness training programmes, a proven way to develop your “human firewall”. ; ; Templates are editable via CSM, as are landing pages.; ; Now available: Custom content. This allows your organisation to personalise your training, making each training course unique to your branding and processes. You can add individual touches to modules, going into detail that’s particularly relevant in your industry, or showcasing a design style that is synonymous with your brand. This can include unique characters that have been used in ads or other areas of your organisation and provides a level of security training that is both informative and incredibly engaging.; ; The end result is a bespoke training module that looks and feels like it was created in-house. It is instantly recognisable as coming from your organisation and not only educates the users on the subject matter, but does so in a way that reaffirms their place in the organisation.; ; We will work with you throughout the process, ensuring that the final course meets all your expectations and the topic in question is not only delivered to the highest standard, but the content truly feels like it’s yours.

Scaling

• Independence of resources: Scales through AWS, serverless elastic infrastructure

Analytics

• Service usage metrics: Yes
• Metrics types: Yes, real time dashboard and historical reporting
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: BoxPhish

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Secure DB in AWS, registered IP access only, unique and strong passwords on the DB accounts with a full audit of accounts
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via the Reporting tool as CSV or XLS
• Data export formats:
  • CSV
  • Other
• Other data export formats: Pdf
• Data import formats:
  • CSV
  • Other
• Other data import formats: Through M365/Google

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Each customer has their own account which is segregated. Please see Security & Data Protection document.; BoxPhish have implemented a diverse Cyber Security strategy available in the Security and Data Protection Document
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99% uptime guarantee
• Approach to resilience: Using AWS inbuilt application resilience, not relied on a single point of infrastructure due to serverless deployment
• Outage reporting: Outages reported by email and on status webpage

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Single Sign on SAML with access based on Role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Please see Security & Data Protection Documentation

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Undisclosed
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Undisclosed
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Undisclosed
• Incident management type: Supplier-defined controls
• Incident management approach: Undisclosed

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  In addition to providing a class leading product and exemplary service, it is key we recognise we play our part in building “A Better Tomorrow”, Boxphish has created a 3-pillar plan that consists of:; 1) Supporting Sustainability -> planting tree on behalf of every customer; 2) Free education on cyber security awareness training to the younger generation; 3) % of revenue provided back to support charitable projects

  Tackling economic inequality

  In addition to providing a class leading product and exemplary service, it is key we recognise we play our part in building “A Better Tomorrow”, Boxphish has created a 3-pillar plan that consists of:; 1) Supporting Sustainability -> planting tree on behalf of every customer; 2) Free education on cyber security awareness training to the younger generation; 3) % of revenue provided back to support charitable projects

Pricing

• Price: £4.14 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A limited time period trial is available for a proof of concept by the prospective buyer. A BoxPhish engineer would set this up and walk the buyer through usage. Contact sales@s3-uk.com to arrange
• Link to free trial: Sales@s3-uk.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.