BoxPhish - Security Awareness Training & Simulated Phishing
Boxphish provide interactive training courses and real-world phishing simulations to educate and protect our users
Features
- SaaS Based Security Training - Easily Accessible
- Delegated Administration - Assigned admin
- Varied Resources - includes videos, quizzes, infographics etc
- Hints & Tips - Security tips for the end users
- Fully automated managed service - rely on our experts.
- Office 365 & Google integration
- Interactive Reporting Suite & Dashboard
- Phishing Simulation - test your users and track results
- Continuous Security Training & Evaluation
- Pre-Configured & Bespoke training journeys available
Benefits
- Dramatically reduce your phishing prone users
- Improved end user awareness to spot cyber attacks
- Real time dashboard showing risk in organisation
- Greatly reduce the risk to the organisation
Pricing
£3.75 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at tony.mason@s3-uk.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 13
Service ID
8 8 5 7 0 7 1 9 1 5 3 0 3 2 7
Contact
S3 Ltd
Tony Mason
Telephone: 01628 362784
Email: tony.mason@s3-uk.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
-
- Browser
- Internet Connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We provide UK office hours support directly, including technical and best practice related questions. The client also has access to a dedicated Customer Success Manager (CSM) who will assist throughout the subscription period. On top of this the full KnowBe4 technical support service is available on US hours.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
P1 = 1 HOUR
P2 = 2 HOURS
P3 = 4 HOURS
P4 = 1 DAY - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Manged onboarding process including training, online training modules, user guide and dedicated Customer Success Management for any additional training requirements throughout the subscription period.
- Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
- MP4
- End-of-contract data extraction
- Via our Reporting tool as CSV or XLS
- End-of-contract process
- Access to the portal is revoked and data delated in line with the DPO
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Fully accessible through the mobile browser
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Accessed through a browser
- Accessibility standards
- None or don’t know
- Description of accessibility
- They can use the user interface to interact with the product and access will depend on which rights each user is granted.
- Accessibility testing
- N/A
- API
- No
- Customisation available
- Yes
- Description of customisation
- Templates are editable via CSM as are landing pages. The training content is not directly customisable although certain editing can be done on your behalf via the CSM
Scaling
- Independence of resources
- Scales through AWS, serverless elastic infrastructure
Analytics
- Service usage metrics
- Yes
- Metrics types
- Yes, real time dashboard and historical reporting
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- BoxPhish
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Secure DB in AWS, registered IP access only, unique and strong passwords on the DB accounts with a full audit of accounts
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Via the Reporting tool as CSV or XLS
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
- Through M365/Google
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
-
Each customer has their own account which is segregated. Please see Security & Data Protection document.
BoxPhish have implemented a diverse Cyber Security strategy available in the Security and Data Protection Document - Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.99% uptime guarantee
- Approach to resilience
- Using AWS inbuilt application resilience, not relied on a single point of infrastructure due to serverless deployment
- Outage reporting
- Outages reported by email and on status webpage
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Single Sign on SAML with access based on Role.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Cyber Essentials
- Information security policies and processes
- Please see Security & Data Protection Documentation
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Undisclosed
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Undisclosed
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Undisclosed
- Incident management type
- Supplier-defined controls
- Incident management approach
- Undisclosed
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
S3 is committed to doing all it can to ensure our practices are environmentally sound - Covid-19 recovery
-
Covid-19 recovery
We operate strict Covid-19 protocols to keep staff and customers safe - Tackling economic inequality
-
Tackling economic inequality
S3 ensure they do all they can to tackle economic inequality where at all possible - Equal opportunity
-
Equal opportunity
S3 is a great believer in equal opportunities for all as can be seen clearly in our recruitment practices for example - Wellbeing
-
Wellbeing
Physical and mental well being are very important to the management at S3 and they do everything possible to accommodate requirements from its staff and customers
Pricing
- Price
- £3.75 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A limited time period trial is available for a proof of concept by the prospective buyer. A BoxPhish engineer would set this up and walk the buyer through usage.
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at tony.mason@s3-uk.com.
Tell them what format you need. It will help if you say what assistive technology you use.