Ask Us Anything
Plain English answers to the questions we hear most often. If yours isn’t here, call us on 1800 930 329 and a real person will pick up.
No questions match that search. Try different words, or contact us.
About Red Flagg™
5 questionsWho is Red Flagg™?
Red Flagg™ is an Australian cyber security company built specifically for charities, residential communities, and small to medium businesses — the organisations that need real protection but can’t justify enterprise prices.
Founded by Darryl Pickering, with more than thirty years of experience in IT, leadership and governance. Every customer gets a named analyst on their reports and a direct phone line to the team.
Where are you based and who do you serve?
We’re proudly Australian owned and operated, headquartered in Australia. Our team is Australian, and we support customers across Australia, the United States, and South Africa.
For Australian customers, data is handled by Australian staff on Australian soil, governed by Australian privacy law. For USA and South African customers, we apply the equivalent local regulatory framework.
Are you actually a Microsoft Partner?
Yes. Red Flagg™ is a certified Microsoft Partner with GDAP (Granular Delegated Admin Privileges) access. That means we can purchase and manage your Microsoft 365 licences, configure your environment from scratch, and administer Microsoft Defender, Intune, Purview, Entra ID, and Conditional Access on your behalf — all under one relationship.
Why don’t you list analyst names on the website?
Publicly, our team is referenced by role and level — not names. The cyber industry is a target-rich environment. When attackers know the individual names and contact details of a security team, they can craft more convincing attacks against that team’s customers. We apply the same principle to our own team that we teach you: reduce unnecessary exposure.
Once you’re a customer, this changes. Every monthly report carries your analyst’s name and photo. And if you’d like to know names before engaging — just ask. We’re happy to share privately with any genuine prospect.
Are you a registered business?
Yes. Red Flagg Pty Ltd, ABN 81 683 346 116. Registered in Australia, operating under Australian law, subject to the Australian Privacy Principles and the Notifiable Data Breaches scheme.
Plans & Pricing
7 questionsHow much do your plans cost?
Business plans start from $250 per month (AUD). Final pricing depends on your organisation size (per seat), the plan tier, and any project-based extras. We quote every customer specifically — no surprises, no hidden fees.
Senior Protection plans are fixed: Protective $9.99/mo, Wrap Around $29.99/mo (ex GST, billed monthly).
What’s the difference between Business Plus and Business Shield?
Business Plus delivers Essential Eight Level 0 — 10 awareness and culture controls, MailCheck™ active reviews, DarkWebCheck™, and Microsoft 365 Security Administration. Business hours support (Mon–Fri, 8am–5pm local). Most organisations start here.
Business Shield delivers Essential Eight Level 1 — the full 48 technical controls over 12–24 months, plus a dedicated named analyst, extended 7-day support (8am–8pm local), Customer Portal access, and full Microsoft 365 administration.
Do you really offer NFP pricing?
Yes — significantly reduced rates for registered not-for-profits and social enterprises on every plan. We accept equivalent charity status across all three regions: ACNC registration in Australia, 501(c)(3) in the USA, and NPC/PBO status in South Africa.
We also offer fully pro-bono support for organisations working with vulnerable communities where budget genuinely isn’t possible. Ask us — we’ll find a way to make it work.
Are there lock-in contracts?
No. Every plan is monthly, no lock-in, cancel any time. We bill monthly as standard and offer annual billing with a small discount if you prefer. No exit fees, no minimum term.
What payment options do you accept?
Direct debit, BPAY (Australia), ACH (USA), EFT (South Africa), and credit card. Monthly or annual billing. For one-off store purchases, we accept credit card through our secure Squarespace checkout. All prices are quoted ex tax in local currency.
Can I change plans later?
Yes. You can upgrade or downgrade any time at the start of your next billing month. Most customers start on Protect or Plus and upgrade to Shield as their maturity grows.
What counts as a “seat”?
A seat is one active staff member or user you want us to protect — typically someone with an email account and a device. Volunteers who don’t have their own accounts aren’t counted. We’ll walk through your staff list with you before quoting to make sure the number is right.
Senior Protection
6 questionsCan I set up a plan for my mum or dad?
Absolutely — this is how most Senior Protection plans start. You set it up on their behalf, we’ll make a welcome call to get to know them by name, and we give them a direct hotline number. From then on, they call us when something feels off — and you don’t have to be the one answering at midnight.
What does the hotline actually do?
If a message, call or email doesn’t feel right, they call us — 1800 930 329 (Australia), 8am to 8pm local time, 7 days a week. A real person picks up, asks what’s happening, and tells them in plain English whether it’s safe, suspicious, or a scam. No apps to install, no technical jargon.
What if Mum isn’t tech-savvy?
That’s exactly who Senior Protection is built for. Our team is trained to take the time needed, explain things patiently, and never make anyone feel silly for asking. No judgement — only help.
What’s the difference between Protective and Wrap Around?
Protective ($9.99/mo) is your everyday prevention plan — hotline, email checks, phishing checks, Safe Text™, 8am–5pm support.
Wrap Around ($29.99/mo) includes everything in Protective, plus full recovery support if something does go wrong — technical case manager, forensic device cleanup, bank liaison, legal recovery support, welfare checks. Extended hours 8am–8pm.
What happens if Mum has already been scammed?
Call us. On the Wrap Around plan we step in straight away — we work with your bank to freeze transactions, change passwords, prepare an evidence pack for police, and clean up any compromised devices. Even if she’s not on a plan yet, we can help via our one-off Device Clean Up service from our store. The sooner we’re involved, the better the chance of limiting the damage.
Do you work with residential villages directly?
Yes. Our Residential Community Plan covers every resident in a village under a single community fee paid by the village — not the individual resident. We include on-site information sessions, a family portal, and quarterly scam activity reports to management. Book a site visit and we’ll talk through how it works for your community.
How We Work
6 questionsWhat is MailCheck™?
MailCheck™ is a button in Outlook that lets you forward a suspicious email straight to us. We check it and tell you whether it’s safe — usually within ten minutes — before you click anything. Available on Business Plus and Business Shield plans.
What is DarkWebCheck™?
Monthly scans of dark web marketplaces, breach databases, and known leak sites to check if your staff credentials or organisational data have been exposed in a breach. It’s usually the first indicator of a data breach — if credentials have leaked, we catch it before attackers can use them. Included on Plus and Shield plans.
For a one-off personal or business dark web check, see our DarkNetCheck™ reports in the store.
What is the Essential Eight?
The Essential Eight is the Australian Signals Directorate’s baseline cyber security framework — eight strategies that prevent the vast majority of cyber attacks.
Red Flagg™ structures our plans around it. Level 0 is our 10-control culture and awareness layer. Level 1 is the full 48-control Essential Eight baseline. Level 2–3 is for higher-risk organisations and delivered project-by-project. We also align to NIST CSF and CIS Controls v8.
What’s the difference between Level 0 and Level 1?
Level 0 (10 controls) — culture and awareness. Staff training, reporting habits, phishing simulation, the human basics. Typically 6–12 months to embed properly.
Level 1 (48 controls) — the full Essential Eight technical baseline. Delivered progressively over 12–24 months. Read the full breakdown on our How We Work page.
Who will actually look after our account?
A named analyst from our team. On Business Shield, you get a dedicated named analyst on every report and a direct line for day-to-day support. On Business Plus, our Cyber Operations Desk is your primary point of contact. We never outsource — every Red Flagg™ analyst is Australian and vetted.
What’s DeID™ Data Protection?
DeID™ removes personally identifiable information from documents and data before it enters AI tools like Microsoft Copilot or ChatGPT. Compliant with Australian Privacy Principles (APP), HIPAA (USA), and POPIA (South Africa). Available as an Additional Service — no subscription needed.
Getting Started
5 questionsWhat is a Cyber Security Posture Review?
A one-off, paid review of where your organisation sits against the Essential Eight baseline. A named analyst reviews your Microsoft 365 or Google Workspace security settings, identity controls, and sharing configuration — then delivers a plain English report with a prioritised action plan. From $750. Results in 14 business days.
It’s the right starting point if you need to understand your current security posture before committing to a subscription plan. See the Microsoft 365 Posture Review →
How long does onboarding take?
Typical onboarding is 2–4 weeks depending on your plan and current setup. Business Protect is quickest (around 1–2 weeks). Business Plus takes 2–3 weeks. Business Shield takes 3–4 weeks because we’re setting up the customer portal, analyst assignment, and full Level 1 plan.
We handle the technical work — you’ll spend about 2 hours total with us across the whole onboarding.
What if we’ve already been breached?
Call us first on 1800 930 329. Even if you’re not a customer yet, we can advise on immediate containment steps. If you need professional incident response, our Forensic Services team can deploy within one business day to investigate, contain, and prepare evidence for insurance or regulatory notification.
Do we need technical staff to work with you?
No. Many of our customers have no in-house IT. We talk to whoever makes the decisions — usually the CEO, business manager, or office manager — in plain English. Our reports are written for a board, not for engineers.
Where do I start if I’m not ready for a subscription?
Our store is designed exactly for this. You can buy a one-off DarkNetCheck™ to find out if your email has been exposed, or a Cyber Security Posture Review to see how your Microsoft 365 environment stacks up. No subscription, no commitment — just a clear report from a named analyst.
If a subscription is right for you after that, we’ll talk through the options. If it’s not, we’ll tell you that too.
Checks & Reports
8 questionsWhat’s available in the Red Flagg™ store?
Our store has one-off reports and checks you can buy without any subscription. Currently available:
- DarkNetCheck™ Standard Scan — personal dark web check, $120
- DarkNetCheck™ Deep Scan — advanced personal check with stealer log lookup, $190
- DarkNetCheck™ Business — up to 25 staff email addresses, $750
- Cyber Security Posture Review — Microsoft 365 — $750
- Cyber Security Posture Review — Google Workspace — $750
- Board Readiness Assessment — Base — $1,500
- Board Readiness Assessment — Board Pack — $2,500
- Board Readiness Assessment — Premium — $3,500
All reports are written by a named analyst. No subscription needed. Browse the store →
What’s the difference between DarkNetCheck™ Standard and Deep Scan?
Standard Scan ($120) runs your email address against global breach databases and returns a 21-page analyst-written report covering every exposure found. Includes a 30-minute walkthrough call with your analyst. Results in 5 to 7 business days.
Deep Scan ($190) includes everything in Standard plus a stealer log and credential capture check, k-anonymity email search, and up to 5 additional email addresses. This is the most thorough personal check available. Same 5 to 7 business day turnaround.
Who is DarkNetCheck™ Business for?
Any business that wants to know whether their staff’s credentials have been exposed in a breach. We check up to 25 email addresses, produce a consolidated report risk-ranked per staff member, and deliver a 45-minute director briefing call with an ACSC Essential Eight action plan. $750, one-off.
It’s particularly valuable before onboarding staff to any new system, after a staff member leaves, or any time you’ve had a security incident and want to rule out credential exposure as a cause.
What is the Board Readiness Assessment?
A one-off, paid engagement that gives your board two documents: The Rock Report — a plain English 6-page Board Brief written for directors, and a full Cyber Security Technical Report — a 14-page review of your security posture for your IT team. Plus a live phishing simulation against your staff.
It’s designed around the question directors are now legally required to answer under the Corporations Act s180 and the Cyber Security Act 2024: “Have we taken reasonable steps to protect this organisation?” The Rock Report gives them evidence they have. Full details here →
What’s the difference between Base, Board Pack, and Premium?
Base ($1,500) — The Rock Report Board Brief, Cyber Security Posture Review, live phishing simulation, 60-min analyst walkthrough call. NFP rate $1,200.
Board Pack ($2,500) — Everything in Base, plus a director liability tier assessment, 10-point reasonable steps self-check, and three personalised board questions drawn from your findings. NFP rate $2,200.
Premium ($3,500) — Everything in Board Pack, plus a legal/health/finance sector addendum, two separate delivery calls (one for the board, one for IT), and a 30-day check-in call. NFP rate $3,000.
What is a Cyber Security Posture Review?
A one-off review of your Microsoft 365 or Google Workspace security configuration. A named analyst reviews identity controls, MFA setup, access permissions, sharing settings, and email security — then delivers a plain English report with a prioritised action plan. $750. Results in 14 business days. Read-only GDAP access (Microsoft) or admin access (Google) required.
Do I need a subscription to buy from the store?
No. Every item in our store is a one-off purchase — no subscription, no commitment, no ongoing fees. You buy, we deliver the report, and that’s it. If you want to continue working with us on an ongoing basis afterwards, we’ll talk through the plan options. But there’s no obligation.
What happens after I buy a report?
Within one business day of purchase you’ll receive a short engagement form (about 5 minutes). Once completed, a named analyst is assigned to your order. For DarkNetCheck™ reports, we’ll run the check and contact you within the stated timeframe to book your walkthrough call. For Posture Reviews and Board Readiness, we’ll book a 30-minute intake call to confirm access and scope.
Questions before buying? Email hello@redflagg.com.au or call 1800 930 329.
Security & Trust
5 questionsWhere is our data stored?
All customer data is stored on Microsoft Azure, with region-specific hosting: Australia East/Southeast for Australian customers; East US/West US 2 for USA customers; South Africa North (Johannesburg) for South African customers. All regions are ISO 27001 and SOC 2 certified. Data sovereignty is maintained at all times.
Do you access our systems directly?
Only with your explicit permission, via Microsoft’s Granular Delegated Admin Privileges (GDAP). Our access is scoped to exactly what’s needed for your plan — no more. Every action is logged and auditable in your Microsoft tenant. You can revoke access at any time.
Who sees our data at Red Flagg™?
Only the named analyst assigned to your account and our senior leadership when required for incident response. We don’t sell data, we don’t share data, and we don’t use customer data to train any AI system. Our data handling complies with the Australian Privacy Principles, the Notifiable Data Breaches scheme, HIPAA (USA), and POPIA (South Africa).
What happens to our data if we cancel?
You keep control of your Microsoft tenant — we simply offboard our GDAP access. Any reports or documents we’ve produced are yours to keep. We retain minimal billing records only, per local tax authority requirements, and delete operational data within 90 days of cancellation.
Have any Red Flagg™ customers been breached?
To date, zero confirmed breaches across all Red Flagg™ customers. Zero compromised credentials found in dark web checks. 75% average phishing reporting rate across our customer base.
We don’t promise this will continue forever — no one can. What we promise is that if something does happen, we’ll be the first to catch it, the first to contain it, and the last to give up on you.
For Technical Customers
7 questionsHow does GDAP scoping work? Can we limit what you can do?
Yes. GDAP lets you grant us only the specific role assignments your plan needs. We typically request: Security Administrator, Intune Administrator, Exchange Administrator, and Reports Reader. Higher tiers may include Conditional Access Administrator for Level 1 work.
Every action is logged in your Entra Audit Log and Unified Audit Log. You can revoke access in one click from admin.microsoft.com → GDAP relationships. If your security policy requires JIT elevation rather than persistent admin, we support that workflow too.
What MFA and Conditional Access policies do you deploy?
For Level 0 we ensure MFA is enabled for all users using Microsoft Authenticator (push or number-matching, not SMS) and disable legacy authentication.
For Level 1 we layer Conditional Access policies aligned to ACSC Essential Eight Maturity Level 1: phishing-resistant MFA for privileged accounts, device compliance enforcement via Intune, block legacy auth, geo-blocking for non-operating regions, and risk-based sign-in controls via Entra ID Protection (P2 licence required). You retain veto power over any policy — nothing gets enforced without sign-off.
Can you work alongside our existing IT team or MSP?
Yes, and we frequently do. We co-exist in the same Microsoft tenant via scoped GDAP — we don’t need exclusive access. We’ll establish a clear RACI matrix during onboarding: typically your team owns endpoints, accounts, and helpdesk; we own security configuration, monitoring, and incident response.
Do you integrate with our SIEM or EDR?
For Microsoft-native stacks, we work natively with Microsoft Defender for Business, Defender for Endpoint, Defender for Cloud Apps, and Sentinel. For non-Microsoft tooling (Splunk, CrowdStrike, SentinelOne, Elastic, Wazuh), we ingest alerts via webhook or API into our analyst dashboard for correlation. Email integrations@redflagg.com.au with your stack to confirm what’s supported.
Can we export our security telemetry and reports?
Yes. All raw telemetry stays in your Microsoft tenant — queryable via KQL in Defender Advanced Hunting, Sentinel, or the Microsoft Graph Security API. Reports we generate are delivered as PDFs and structured JSON exports on request. No vendor lock-in — if you ever cancel, you keep everything we’ve produced.
Do you support on-premises infrastructure or hybrid environments?
Our default is cloud-first (Microsoft 365, Azure, Entra ID). For hybrid environments we support Entra Connect sync, hybrid Azure AD join, and Defender for Identity for monitoring on-prem domain controllers. For pure on-prem or air-gapped environments, we generally recommend a different specialist — our model is built around the Microsoft cloud control plane.
How do you handle BYOD and unmanaged devices?
For BYOD we deploy Intune App Protection Policies (APP/MAM) rather than full device enrolment — protecting corporate data inside Outlook, Teams, and OneDrive without managing the personal device itself. For unmanaged contractor or partner access, we recommend Conditional Access policies that require compliant or hybrid Azure AD-joined devices for sensitive resources.
International (USA & South Africa)
4 questionsHow does Red Flagg™ work for USA customers?
We deliver our full service to USA organisations — NFPs (501(c)(3) included), small to medium businesses, and residential communities. USA customer data is hosted in Microsoft Azure US regions, and we align our frameworks to NIST CSF and CIS Controls v8 as the primary standards. USA customers are supported by our Australian team during extended hours that overlap with USA business hours.
How does Red Flagg™ work for South African customers?
We serve South African NFPs, small to medium businesses, and residential estates. South African customer data is hosted in Microsoft Azure South Africa North (Johannesburg), with data sovereignty compliant with POPIA. We align to NIST CSF and CIS Controls v8, and we’re experienced in handling the specific scam and fraud patterns seen in the South African market.
Do you comply with HIPAA, POPIA, and GDPR?
Yes — our data handling practices meet the requirements of the Australian Privacy Principles, HIPAA (for USA healthcare-adjacent organisations), and POPIA (South Africa). We sign Business Associate Agreements (BAAs) for HIPAA-covered entities on request, and bespoke Data Processing Agreements (DPAs) for any customer that needs one.
Do I get the same named analyst experience across regions?
Yes. Every Business Shield customer — Australian, American, or South African — gets a dedicated named analyst on their monthly reports and a direct communication channel. No outsourcing, no call centres, no hand-off to a generic support pool.
Still have questions?
Call a real person on 1800 930 329 (Australia), or request local numbers for the USA and South Africa. 8am to 8pm local time, 7 days. Or email us and we’ll get back to you within one business day — often much sooner.