Australian owned & operated · Aligned to ASD baseline cyber guidance · Human led · AU · USA · South Africa

Your people are the firewall.

Everyone else sells you tools. We start one layer lower - with your people, the ones those tools depend on. Get that right and the rest falls into place. Most outfits have never checked theirs. Have you?

Measure your Level 0 → Talk to us →

Got a question? Call a Cyber Analyst - 1800 930 329 · 8am to 8pm, 7 days

Not for profit? We have dedicated pricing for you

Monthly · No lock-in · Cancel any time · One business day response

Zero
Confirmed breaches across all customers
100%
Customer retention to date
10 min
Avg MailCheck™ response time
From $250
Per month · Per seat · No lock-in
A Refresh Worth Making

Sort your people out, and the rest follows.

Most cyber spend goes on tools. But the thing that actually protects you is simpler: people who notice when something’s off, and feel safe to flag it.

We still do the lot - patching, backups, MFA, the works. But none of it holds if your people aren’t part of the defence. So we start there, build the reporting habit, then layer the tech on top of a team that’s already switched on.

Culture isn’t the soft bit of cyber security. It’s one of your most important controls - and the one nearly everyone skips.

The Basics Are What Protect You

Most attacks are stopped by the boring stuff.

Not the flashy tools. The basics - awareness, reporting, patching, backups, MFA - stop the vast majority of attacks. So we do it back to front: people first, then build out.

You're likely here
Start here
Your people
Awareness and a reporting culture. The control that makes every other control work.
The basics
Everyday hygiene
Patching, backups, MFA, access. Unglamorous, and where most breaches are won or lost.
Built up
Hardened controls
The full Essential Eight, monitored and consistent across your environment.
Advanced
Resilient & tested
Tested response, continuous improvement, advanced controls quoted per project.

Wherever you’re sitting on that line, the next step’s the same: get your people switched on. Sort that and the rest comes easier - faster and cheaper than starting with the tech.

Measure your Level 0 →
One-off personal check · No subscription · Typically 5 to 7 business days

Have an email address?
Get your dark web check.

You get a 21-page report written by an analyst and a call to walk you through it - no jargon, promise.

Check my email now

From $120 · One-off

No subscription required.

See what’s in a report →
I had no idea my details were out there. The analyst called me and walked me through every finding - I finally understood what I needed to do.
LT
Lisa T., Melbourne Standard Scan customer
Three of my staff had credentials on the dark web and had no idea. The report was clear, the call was practical, and we had everything sorted within a week.
MR
Michael R., Sydney Business Scan customer
How We Work · In Practice

What that looks like
for your mob.

No lectures, no death-by-slideshow. We build the reporting habit into everyday work, run friendly phishing practice that teaches instead of blames, and put a named Cyber Analyst on the end of the phone for when something feels off. Your people go from being the weak link to your first line of defence. Then we layer the tech on top.

Read the full story
Don't Build On Sand

Is your cyber security built on rock, or sand?

Same thinking, boardroom version. Some setups wash away the moment they’re tested. Others hold firm. Here’s the difference.

ROCK SAND
Most teams have never tested this
Would your
people fall
for it?
One untrained click ends it - the breach, the headlines, the liability that lands on you. Most teams fail this test. Find out before someone else does.
Test your people →
Sand

What washes away under scrutiny

  • Cyber comes up "when something happens", not on every agenda
  • The CISO reports through the CEO, not directly to the board
  • No external assessment in the last 12 months
  • The incident response plan has never been tested
  • The minutes don't show what you asked, or what you were told
Rock

What stands up under scrutiny

  • Cyber and AI on every standing agenda
  • A named owner reports directly to the board, quarterly
  • An independent assessment in the last 12 months
  • A tested incident response plan, with a date
  • A written record of what you asked, and what you were told

The director's guide to cyber risk

A plain, two-minute read for Australian directors - your personal exposure, the reasonable steps test, and what to put in your next board minutes. Built by Red Flagg™.

Read the guide
Checks & Reports

One-off checks and board-ready reports

Need a single dark web check, a Microsoft 365 posture review, or a board-ready assessment - without a subscription? It is all in the store, delivered by a named analyst. No retainer, no lock-in.

Visit the store
Who We Protect

Built For You

Four mobs, one promise - the same Aussie team, the same plain talk, sorted for what you actually need.

Not For Profits

NFP pricing on every plan. A team that understands your mission, your board, and your funder compliance requirements.

NFP Pricing For charities

Residential Villages

A cyber safety line for every resident. Single community fee paid by the village. Quarterly reporting to management.

Community Plan For village managers

Small to Medium Business

Enterprise-level protection without the enterprise price tag or tech speak. Named analyst. Clear language. Monthly per-seat pricing.

Per Seat Pricing For businesses

Senior Protection

Someone to ring before anything goes wrong. Real, named people, no judgement. A separate product for individuals and families.

Senior Protection For families
Partnership Opportunity

Banks and government - prevent scam losses at population scale.

Subscribe on behalf of your customers, members, clients, or citizens. Turn regulatory exposure into a documented mitigation under the Scams Prevention Framework.

$2.03B lost to Australian scams in 2024 · SPF fines up to $50M · Reimbursement liability now live

See the partnership
What Our Customers Say

Real Australian Results

Red Flagg™ helped us build a real reporting culture across our team. Staff who previously ignored suspicious emails are now flagging them straight away. That change alone has made a genuine difference to how safe we feel day to day.
JW
Key Customer Contact Not for profit organisation - Victoria
Having a team that actively manages our Microsoft environment and sends us a clear monthly report has changed how our leadership thinks about cyber security. It’s no longer something we worry about - it’s something we manage.
AP
CEO Community services organisation - Australia
What We Do

The Whole Lot

From checking a dodgy email to sorting out a hacked laptop - handled by a named Aussie analyst, in plain language.

MailCheck™

Forward a dodgy email to us from Outlook. We check it and tell you if it’s safe - before you click.

DarkWebCheck™

We watch the dark web for your details. Usually the first sign something’s gone wrong.

Have a look →

Awareness training

Practical training that helps your team spot the warning signs early and build better habits.

Phishing tests

Friendly practice phishing that builds a reporting habit - no blame, no gotchas.

Microsoft 365

We look after your whole environment and security settings, so your team can get on with the job.

Forensic Lab

Hacked laptop? We clean it up, get the malware off, and sort the evidence pack for your bank or insurer.

We’re here for the community.

Registered not for profit? We do proper discounts. We get that budgets are tight, and we’ll always find a way to make it work.

Get NFP Pricing

Give it a go.

You can’t protect what you haven’t checked. Find out where your people really stand in five minutes - then a named analyst talks you through it. Free, no pressure, and you’ll be right.

Measure your Level 0 → Have a chat