phishIQ is our managed email security solution, combining staff training, cyber threat intelligence, and support to help your staff make informed decisions about cyber security.
We will help train your staff to recognise phishing and social engineering attacks using a combination of simulated phishing campaigns, infographics, video series and games that reinforce good security practice whilst being fun and engaging.
Phishing and impersonation attacks continue to be the most prominent form of attack on business security. Four out of every ten organisations in the United Kingdom reported a cybersecurity breach in the last year, so having a fully protected business network is essential when protecting your data.
Our Threat Intelligence solutions integrate with the platforms you already use, including Proofpoint, Mimecast, Microsoft 365, On-Premise Exchange Servers and G-Suite. We will analyse every email for malicious indicators and make sure your staff are fully educated on what to avoid, all while taking the administrative burden away from your IT department by managing the platforms.
Phishing and impersonation attacks are growing in frequency and sophistication. So we have designed phishIQ for businesses of every size.
We integrate with well-known platforms such as Microsoft 365, On-premises Exchange and G-Suite to proactively protect your employees from malicious attacks delivered by email.
Our services are built to be cost-effective while maximising risk reduction. All consultancy and managed solutions provide actionable results that protect your business from opportunistic to advanced persistent threats.
Every email displays security indicators
Empower users to make informed decisions
Defence-in-depth and Zero Trust by design
Scale up or down as needed
No minimum user requirements
Tailored Security Awareness Programme
Supported by CSIQ’s SOC and Threat Hunting Team
Meet Cyber Insurance Requirements for End User training
Harmonises with Microsoft Defender for Office 365
Compatible with G-Suite and On-premise Exchange
The SOC team continually monitors user accounts for indicators of compromise, analyse reported phishing emails, ensures that systems work correctly, and adheres to security best practices.
All platform change requests are conducted with ITIL change management, ensuring that changes and completed with the proper authority and implemented securely with sign off by a technical specialist.
Emails reported as suspicious are analysed by our threat hunting team to determine factors such as the level of sophistication in techniques used and the determination of the threat actor. In a Targeted or Advanced Persistent Threat event, the phishIQ threat hunting team will produce a report and offer recommendations to limit user vulnerability.
If a suspected compromise is discovered, an Incident Responder will perform an initial triage of the incident to determine a timeline of events and provide recommendations on a response strategy.
*All user accounts must be protected with Multi-Factor authentication to be eligible for Incident Response Triage.
Monthly reports are provided detailing training progress, individual staff risk scores, a summary of events and security recommendations identified from phishIQ Insight.
All consultancy and managed services come with access to our Risk Management Portal. All risk types including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.
Every email is checked for threat metrics, including:
When a new user starts in your organisation, we will ensure that they are set up with phishIQ and receive their initial training.
With phishIQ, you will have access to our Cyber Intelligence services, including monitoring for email health, credential leaks and chatter relating to your users on the Dark Web.
We provide tailored training to increase technical and general awareness of cyber threats such as phishing, ransomware and social engineering. All training is aligned with business goals and designed to be time effective, and we only train staff on what they need to know.
Train users to spot the latest phishing attacks using benign samples that track users who read, reply, click links, open attachments, and supply credentials. Our adaptive training tracks users via a risk score, those who are susceptible to phishing receive additional tailored training.
Use our Platform to distribute company policies to employees and contractors, track acknowledgement and the time spent reading them.
We continuously monitor the company's SPF, DMARC and DKIM records to ensure your organisation is always protected from impersonation attacks while processing the DMARC reports providing Insight on attackers attempting to impersonate staff to attack your customers.
Designed to work in combination with Microsoft 365, G-Suite or On-premise Exchange
With phishIQ + Platform, CSIQ's SOC team will manage each security feature and ensure the Platform is operating smoothly.
Using a combination of Reputation-based email filtering, whitelisting, blacklisting and Bayesian content analysis, we filter the majority of all spam. If a spam email does get through, users report it to the SOC team to ensure it is blocked for everyone.
All attachments are run within a sandbox environment to ensure they are safe to run before being delivered to the user. Malicious content will be quarantined, and the user will be informed. Users can contact our SOC team for further advice.
In the event that Microsoft 365, G-Suite or on-premise Exchange technical issues, emails will be queued and accessible within the emergency inbox allowing the business to continue operating with minimal disruption. Once services are restored, all emails are replicated back to the mailbox.
Ensure sensitive information cannot be read by anyone but the recipient by encrypting the email with end-to-end encryption. The recipient will be notified of the encrypted email waiting for them and invite them to login to the Platform to access it. Encrypted emails can be automatically purged after a defined period.
All URL's are rewritten in the email message body and logged centrally, links to websites and files are scanned to protect users from accessing malicious content.
Email digests are sent to the users periodically, summarising all emails identified as spam, allowing users to release and manage personal white / blacklists.
Filter inbound and outbound emails based on conditions, including sender and recipient address, email size, source country, subject, email headers, message types and keywords.
Prevent accidental or malicious data loss. Emails containing key phrases such as UK National Insurance and patient numbers, Taxpayer references, driving license numbers, health and financial identifiers can be quarantined and marked for review to ensure that sensitive information does not leave the organisation through email.
Designed to work in combination with Microsoft 365, G-Suite or On-premise Exchange
Ensure compliance by archiving all inbound and outbound emails for up to 10 years.
During the onboarding process, we will understand how you work so that we can support you with minimum disruption while providing prioritised remediations for any identified risks.
We review your current email health and provide recommendations on implementing SPF, DMARC and DKIM correctly and without interruption.
Our consultancy team will perform a security assessment on your Microsoft 365 environment during onboarding. The report will detail health and configuration, identify signs of compromise, and provide recommendations on securing your accounts from the latest threats.
We will conduct an assessment against a typical end-user device and provide recommendations on how to protect against malicious attachments and techniques used by advanced persistent threat groups.
Our SOC team uses our Email Threat Hunting Lifecycle to proactively monitor and respond to threats. Ensuring a timely and prioritised approach to risk reduction
Benefit from 25% off and rapid response with our Pre-Pay Contract
All consultancy and managed services include access to our Risk Management Portal.
All risk types, including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.
Monthly reports from our managed services detailing individual risk scores, a summary of events, detailed vulnerabilities, and security recommendations are all available from the platform.
Multiple vulnerabilities are typically exploited to reach a target. Our platform visualises the attack path taken by your consultant to achieve the objective.
Track your exposure over time to ensure that your IT teams are tackling the vulnerabilities identified.
If you have our pre-pay contract, simply send us a message through the platform to assist with the remediation.
To learn more about the other managed cyber security services we offer, visit our managed Attack Surface, Backup & BCDR, Firewalls, and Email Security pages.
Or get in touch to discover all of our available services.
We are proud of our industry recognised certifications in Cyber Security and Service Delivery
Absolutely. Our solutions will ensure a pass first time for all tests carried out during the Cyber Essentials Plus audit.
Spoofing is the forging of people’s names, addresses, emails, and website domains. When a hacker attempts to impersonate a known person or company, this common strategy is used in email threats such as phishing and spear-phishing.
Impersonation refers to hackers’ ability to take on another person’s identity. Assume someone is impersonating a senior executive at your organisation and sending phishing emails to the finance department seeking payment on an invoice. This attack is commonly achieved through weak DNS and email security configuration.
This type of attack is typically achieved by a hacker when a company does not correctly secure their DNS portal or allows a domain to expire. If an attacker can gain control of your DNS records, it is possible to redirect queries to servers within their control and potential infect staff and customers.
Regarding email security, cyber risks such as social engineering attacks targeting organisations are rising. Phishing emails can lead to the disclosure of sensitive information, the approval of fraudulent bills or the download of malware that can infect the corporate network.
The danger of social engineering allows a hacker to deceive and persuade people. Before sending a malicious email to your organisation, a cybercriminal will research what your company does, how it relates to other companies, and who your employees are.
Theft of email accounts is hijacking, which may result from a malware infection or account compromise. In this situation, the hacker had access to the email account and could read and send emails as if he were a staff member. This type of attack is referred to as a BEC scam (Business Email Compromise).
Send us an enquiry to get a rapid response from a cybersecurity expert.
Email Us
Call Us
"*" indicates required fields
