Ask Us Anything
Plain English answers to the questions we hear most often. If yours isn't here, call us on 1800 930 329 and a real person will pick up.
No questions match that search. Try different words, or contact us.
About Red Flagg™
5 questionsWho is Red Flagg™?
Red Flagg™ is an Australian cyber security company built specifically for charities, residential communities, and small to medium businesses — the organisations that need real protection but can't justify enterprise prices.
Founded by Darryl Pickering, with more than thirty years of experience in IT, leadership and governance. Every customer gets a named analyst on their reports and a direct phone line to the team.
Where are you based and who do you serve?
We're proudly Australian owned and operated, headquartered in Australia. Our team is Australian, and we support customers across Australia, the United States, and South Africa.
For Australian customers, data is handled by Australian staff on Australian soil, governed by Australian privacy law. For USA and South African customers, we apply the equivalent local regulatory framework (see the International section below for details).
Are you actually a Microsoft Partner?
Yes. Red Flagg™ is a certified Microsoft Partner with GDAP (Granular Delegated Admin Privileges) access. That means we can purchase and manage your Microsoft 365 licences, configure your environment from scratch, and administer Microsoft Defender, Intune, Purview, Entra ID, and Conditional Access on your behalf — all under one relationship.
Why don't you list analyst or director names on the website?
Publicly, our team is referenced by role and level — not names. The cyber industry is a target-rich environment. When attackers know the individual names, photos, and contact details of a security team, they can craft more convincing social engineering attacks against that team's customers. We apply the same principle to our own team that we teach you: reduce unnecessary exposure.
Once you're a customer, this changes. Every monthly report carries your analyst's name and photo. And if you'd like to know the names of our analysts, directors, or any team member before engaging with us — just ask. We're happy to share this information privately with any genuine customer or prospective customer.
See our About page for the full explanation.
Are you a registered business?
Yes. Red Flagg Pty Ltd, ABN 81 683 346 116. Registered in Australia, operating under Australian law, subject to the Australian Privacy Principles and the Notifiable Data Breaches scheme. International operations run through the same legal entity with locally-compliant data handling.
Plans & Pricing
7 questionsHow much do your plans cost?
Business plans start from $250 per month (AUD). Final pricing depends on your organisation size (per seat), the plan tier, and any project-based extras. We quote every customer specifically — no surprises, no hidden fees.
Senior Protection plans are fixed: Protective $9.99/mo, Wrap Around $29.99/mo (ex GST, billed monthly).
For USA and South African customers, quotes are provided in local currency at the market-appropriate rate. See business plans → · See Senior Protection →
What's the difference between Business Plus and Business Shield?
Business Plus delivers Essential Eight Level 0 — 10 awareness and culture controls, MailCheck™ active reviews, DarkWebCheck™, and Microsoft 365 Security Administration. Business hours support (Mon–Fri, 8am–5pm local). Most organisations start here.
Business Shield delivers Essential Eight Level 1 — the full 48 technical controls over 12–24 months, plus a dedicated named analyst, extended 7-day support (8am–8pm local), Customer Portal access, and full Microsoft 365 administration. For larger NFPs, regulated sectors, or organisations audited by funders.
Do you really offer NFP pricing?
Yes — significantly reduced rates for registered not-for-profits and social enterprises on every plan. We accept equivalent charity status across all three regions: ACNC registration in Australia, 501(c)(3) in the USA, and NPC/PBO status in South Africa.
We also offer fully pro-bono support for organisations working with vulnerable communities where budget genuinely isn't possible. Ask us when you get in touch — we'll find a way to make it work.
Are there lock-in contracts?
No. Every plan is monthly, no lock-in, cancel any time. We bill monthly as standard and offer annual billing with a small discount if you prefer. No exit fees, no minimum term.
What payment options do you accept?
Direct debit, BPAY (Australia), ACH (USA), EFT (South Africa), and credit card. Monthly or annual billing. For Additional Services (project-based work), you can pay in one off or across 12 monthly instalments. All prices are quoted ex tax in local currency.
Can I change plans later?
Yes. You can upgrade or downgrade any time at the start of your next billing month. Most customers start on Protect or Plus and upgrade to Shield as their maturity grows — that's the path our Maturity Path is designed for.
What counts as a “seat”?
A seat is one active staff member or user you want us to protect — typically someone with an email account and a device. Volunteers who don't have their own accounts aren't counted. We'll walk through your staff list with you before quoting to make sure the number is right.
Senior Protection
6 questionsCan I set up a plan for my mum or dad?
Absolutely — this is how most Senior Protection plans start. You set it up on their behalf, we'll make a welcome call to get to know them by name, and we give them a direct hotline number.
From then on, they call us when something feels off — and you don't have to be the one answering at midnight.
What does the hotline actually do?
If a message, call or email doesn't feel right, they call us — 1800 930 329 (Australia), local toll-free numbers for USA and South Africa available on sign-up, 8am to 8pm local time, 7 days a week. A real person picks up, asks what's happening, and tells them in plain English whether it's safe, suspicious, or a scam.
No apps to install, no technical jargon. If you can make a phone call, you can use Red Flagg™.
What if Mum isn't tech-savvy?
That's exactly who Senior Protection is built for. Our team is trained to take the time needed, explain things patiently, and never make anyone feel silly for asking. No judgement — only help.
We also offer on-site sessions at residential villages where we talk to residents in person about common scams and how to use the hotline.
What's the difference between Protective and Wrap Around?
Protective ($9.99/mo) is your everyday prevention plan — hotline, email checks, phishing checks, Safe Text™, 8am–5pm support.
Wrap Around ($29.99/mo) includes everything in Protective, plus full recovery support if something does go wrong — technical case manager, forensic device cleanup, bank liaison, legal recovery support, welfare checks. Extended hours 8am–8pm.
Most families choose Wrap Around for peace of mind. Both have a 28-day trial.
What happens if Mum has already been scammed?
Call us. On the Wrap Around plan we step in straight away — we work with your bank to freeze transactions, change passwords, prepare a proper evidence pack for police, and clean up any compromised devices.
Even if she's not on a plan yet, we can help via the one-off Device Clean Up service. The sooner we're involved, the better the chance of limiting the damage.
Do you work with residential villages directly?
Yes. Our Residential Community Plan covers every resident in a village under a single community fee paid by the village — not the individual resident. We include on-site information sessions, a family portal, and quarterly scam activity reports to management.
We work with retirement villages, over-55s communities, and aged care providers across Australia, the USA, and South Africa. If you're a village manager, book a site visit and we'll talk through how it works for your community.
How We Work
6 questionsWhat is MailCheck™?
MailCheck™ is a button in Outlook that lets you forward a suspicious email straight to us. We check it and tell you whether it's safe — usually within ten minutes — before you click anything.
It's the fastest way to get a second opinion on a dodgy-looking email. Available on Business Plus and Business Shield plans.
What is DarkWebCheck™?
Monthly scans of dark web marketplaces, breach databases, and known leak sites to check if your staff credentials or organisational data have been exposed in a breach somewhere.
It's usually the first indicator of a data breach — if credentials have leaked, we catch it before attackers can use them. Included on Plus and Shield.
What is the Essential Eight?
The Essential Eight is the Australian Signals Directorate's baseline cyber security framework — eight strategies that prevent the vast majority of cyber attacks. It's become the Australian Government's standard reference for organisational cyber maturity.
Red Flagg™ structures our plans around it. Level 0 is our 10-control culture and awareness layer that sits underneath Essential Eight. Level 1 is the full 48-control Essential Eight baseline. Level 2–3 is for higher-risk organisations and delivered project-by-project.
We also align to NIST CSF and CIS Controls v8 alongside Essential Eight — the same frameworks enterprise CISOs use, and the frameworks our USA and South African customers map against locally.
What's the difference between Level 0 and Level 1?
Level 0 (10 controls) — culture and awareness. Staff training, reporting habits, phishing simulation, the human basics that stop most scams before technical controls are even tested. Typically 6–12 months to embed properly.
Level 1 (48 controls) — the full Essential Eight technical baseline. Delivered progressively over 12–24 months in most environments so nothing overwhelms your team and each control actually sticks.
Read the full breakdown on our How We Work page.
Who will actually look after our account?
A named analyst from our team. On Business Shield, you get a dedicated named analyst on every report and a direct line for day-to-day support. On Business Plus, our Cyber Operations Desk is your primary point of contact — and you'll still see named people on your monthly reports.
Publicly we reference our team by level (L1, L2, L3) for security reasons, but as a customer you'll know exactly who is handling your account by name. We never outsource — every Red Flagg™ analyst is Australian and vetted.
What's DeID™ Data Protection?
DeID™ is our data-protection service that removes personally identifiable information from documents and data before it enters AI tools like Microsoft Copilot or ChatGPT. Compliant with Australian Privacy Principles (APP), HIPAA (USA), and POPIA (South Africa).
This is a newer service (launched 2026) for organisations rolling out AI tools and worried about accidentally feeding sensitive data into them. Available as an Additional Service — no subscription needed.
Getting Started
5 questionsWhat is a Cyber Maturity Assessment?
A free, no-obligation review of where your organisation sits against the Essential Eight baseline (plus NIST CSF and CIS Controls v8 for USA and international organisations). We look at your current Microsoft 365 setup, staff awareness, security controls, and reporting culture — then give you a clear written report with practical recommendations.
Takes about an hour of your time. Written report arrives within 7 business days. No sales pressure afterwards — if we're not the right fit, we'll tell you.
How long does onboarding take?
Typical onboarding is 2–4 weeks depending on your plan and current setup. Business Protect is quickest (around 1–2 weeks). Business Plus takes 2–3 weeks. Business Shield takes 3–4 weeks because we're setting up the customer portal, analyst assignment, and full Level 1 plan.
We handle the technical work — you'll spend about 2 hours total with us across the whole onboarding.
What if we've already been breached?
Call us first on 1800 930 329 (or the local number we provide on sign-up for USA/South Africa). Even if you're not a customer yet, we can advise on immediate containment steps. If you need professional incident response, our Forensic Services team can deploy within one business day to investigate, contain, and prepare evidence for insurance or regulatory notification.
Don't wait. The sooner we're involved, the better the outcome.
Do we need technical staff to work with you?
No. Many of our customers have no in-house IT. We talk to whoever makes the decisions — usually the CEO, business manager, or office manager — in plain English. Our reports are written for a board, not for engineers.
If you do have technical staff, they'll get the more detailed analyst reports and direct access to our team as well. See the Technical Customers section for more on how we work alongside your IT team.
Can we try before we commit?
Yes — start with a free Cyber Maturity Assessment. No obligation, no credit card, just a genuine review of where you stand. If you decide to come on board, Senior Protection plans include a 28-day trial, and all business plans are monthly with no lock-in.
Security & Trust
5 questionsWhere is our data stored?
All customer data is stored on Microsoft Azure, with region-specific hosting based on your jurisdiction: Australia East (Sydney) and Australia Southeast (Melbourne) for Australian customers; East US and West US 2 for USA customers; South Africa North (Johannesburg) for South African customers. All regions are ISO 27001 and SOC 2 certified.
Data sovereignty is maintained at all times. Our own operational systems are hosted in Australia.
Do you access our systems directly?
Only with your explicit permission, via Microsoft's Granular Delegated Admin Privileges (GDAP). This means our access is scoped to exactly what's needed for your plan — no more. Every action we take is logged and auditable in your Microsoft tenant. You can revoke access at any time from your Microsoft admin panel.
Who sees our data at Red Flagg™?
Only the named analyst assigned to your account and our senior leadership when required for incident response. We don't sell data, we don't share data, and we don't use customer data to train any AI system. Our data handling complies with the Australian Privacy Principles, the Notifiable Data Breaches scheme, and the equivalent regulations in the USA (including HIPAA where applicable) and South Africa (POPIA).
What happens to our data if we cancel?
You keep control of your Microsoft tenant — we simply offboard our GDAP access. Any reports, scorecards, or documents we've produced for you are yours to keep. We retain minimal billing and account records only, per local tax authority requirements (ATO in Australia, IRS in USA, SARS in South Africa), and we delete operational data within 90 days of cancellation.
Have any Red Flagg™ customers been breached?
To date, zero confirmed breaches across all Red Flagg™ customers. Zero compromised credentials found in dark web checks. 75% average phishing reporting rate across our customer base.
We don't promise this will continue forever — no one can. What we promise is that if something does happen, we'll be the first to catch it, the first to contain it, and the last to give up on you.
For Technical Customers
7 questionsHow does GDAP scoping work? Can we limit what you can do?
Yes. GDAP (Granular Delegated Admin Privileges) is enforced through Microsoft Entra and lets you grant us only the specific role assignments your plan needs. We typically request: Security Administrator, Intune Administrator, Exchange Administrator, and Reports Reader. Higher tiers may include Conditional Access Administrator for Level 1 work.
You set the access duration (we recommend 12 months, renewable). Every action is logged in your Entra Audit Log and Unified Audit Log — visible to you, exportable on demand. You can revoke access in one click from admin.microsoft.com → GDAP relationships.
If your security policy requires JIT (just-in-time) elevation rather than persistent admin, we support that workflow too — tell us during onboarding.
What MFA and Conditional Access policies do you deploy?
For Level 0 we ensure MFA is enabled for all users using Microsoft Authenticator (push or number-matching, not SMS). We disable legacy authentication and enforce modern auth across all clients.
For Level 1 we layer Conditional Access policies aligned to ACSC Essential Eight Maturity Level 1: phishing-resistant MFA for privileged accounts, device compliance enforcement (via Intune), block legacy auth, geo-blocking for non-operating regions (configurable), and risk-based sign-in controls via Entra ID Protection (P2 licence required).
We document every policy in your tenant Policy Catalog and provide a quarterly review report. You retain veto power over any policy — nothing gets enforced without sign-off.
Can you work alongside our existing IT team or MSP?
Yes, and we frequently do. About a third of our Business Shield customers have an in-house IT team or a separate MSP handling general support, while we focus on the security layer. We co-exist in the same Microsoft tenant via scoped GDAP — we don't need exclusive access.
We'll establish a clear RACI (Responsible, Accountable, Consulted, Informed) matrix during onboarding so everyone knows who handles what: typically your team owns endpoints, accounts, and helpdesk; we own security configuration, monitoring, and incident response. We share findings via a shared Teams channel or your existing ticketing system if preferred.
Do you integrate with our SIEM or EDR?
For Microsoft-native stacks, we work natively with Microsoft Defender for Business, Defender for Endpoint, Defender for Cloud Apps, and Sentinel. We can configure custom analytics rules, hunting queries, and automated response playbooks in Sentinel for Level 2–3 customers.
For non-Microsoft tooling (Splunk, CrowdStrike, SentinelOne, Elastic, Wazuh, etc.), we ingest alerts via webhook or API into our analyst dashboard for correlation. We don't replace your existing EDR — we complement it. Email integrations@redflagg.com.au with your stack and we'll confirm what's supported.
Can we export our security telemetry and reports?
Yes. All raw telemetry stays in your Microsoft tenant — we don't pull it into a separate data store. Your team can query it directly via KQL in Defender Advanced Hunting, Sentinel, or the Microsoft Graph Security API.
The reports we generate (monthly scorecards, quarterly board reports, incident reports) are delivered as PDFs and structured JSON exports if requested. We can also schedule API push to your data warehouse on Business Shield. No vendor lock-in — if you ever cancel, you keep everything we've produced.
Do you support on-premises infrastructure or hybrid environments?
Our default is cloud-first (Microsoft 365, Azure, Entra ID). For hybrid environments we support Entra Connect sync, hybrid Azure AD join, and Defender for Identity for monitoring on-prem domain controllers. For pure on-prem or air-gapped environments, we generally recommend a different specialist — our model is built around the Microsoft cloud control plane.
If your environment is mixed, we'll be straightforward in the Cyber Maturity Assessment about which parts we can effectively secure and which need a different provider.
How do you handle BYOD and unmanaged devices?
For BYOD we deploy Intune App Protection Policies (APP/MAM) rather than full device enrolment — protecting corporate data inside Outlook, Teams, and OneDrive without managing the personal device itself. This is the ACSC-recommended approach for staff-owned devices accessing organisational data.
For unmanaged contractor or partner access, we recommend Conditional Access policies that require compliant or hybrid Azure AD-joined devices for sensitive resources. We can configure session controls (download blocks, watermarking, restricted access) via Defender for Cloud Apps for browser-based access from unmanaged devices.
International (USA & South Africa)
4 questionsHow does Red Flagg™ work for USA customers?
We deliver our full service to USA organisations — NFPs (501(c)(3) included), small to medium businesses, and residential communities. USA customer data is hosted in Microsoft Azure US regions (East US and West US 2), and we align our frameworks to NIST CSF and CIS Controls v8 as the primary standards rather than ACSC Essential Eight (which remains the Australian government reference).
USA customers are supported by our Australian team during extended hours that overlap with USA business hours. 24-hour incident response is available on Business Shield.
How does Red Flagg™ work for South African customers?
We serve South African NFPs (NPCs and PBOs), small to medium businesses, and residential estates. South African customer data is hosted in Microsoft Azure South Africa North (Johannesburg), with data sovereignty compliant with POPIA (Protection of Personal Information Act).
We align to international security frameworks (NIST CSF and CIS Controls v8), and we're experienced in handling the specific scam and fraud patterns seen in the South African market — including business email compromise and SIM-swap attacks.
Do you comply with HIPAA, POPIA, and GDPR?
Yes — our data handling practices meet the requirements of the Australian Privacy Principles, HIPAA (for USA healthcare-adjacent organisations), and POPIA (South Africa). We sign Business Associate Agreements (BAAs) for HIPAA-covered entities on request, and we'll sign bespoke Data Processing Agreements (DPAs) for any customer that needs one.
GDPR compliance is maintained for any customer data that touches EU residents, even if the customer entity is outside the EU.
Do I get the same named analyst experience across regions?
Yes. Every Business Shield customer — Australian, American, or South African — gets a dedicated named analyst on their monthly reports and a direct communication channel. Cross-region incidents get escalated through the same L3 team. No outsourcing, no call centres, no hand-off to a generic support pool.
Still have questions?
Call a real person on 1800 930 329 (Australia), or request local numbers for the USA and South Africa. 8am to 8pm local time, 7 days. Or email us and we'll get back to you within one business day — often much sooner.