Staying secure is becoming ever more challenging for organisations. Ransomware, phishing, and data exfiltration are constantly increasing – and cyber threats are now ten times harder to tackle. For email alone, nearly 1.2% of all emails sent globally are malicious, accounting for 3.4 billion phishing emails per day1.
Direction Forward offer a suite of tools – including monitoring, training, and certification – to help you elevate your security and compliance. Whilst the following can be used as a ‘shopping list’, where you can select which you wish to take advantage of, the best protection comes from implementing all of the below for the most comprehensive defences across all avenues and aspects.
Please note that these tools are to be used in addition to standard and baseline security measures, which you should already have in place, such as backup for services, antivirus for machines, and security for accounts.
Monitoring
Domain reputation
24/7/365 monitoring of your domain(s) reputation, which includes checks against over 100 blacklists and email compliance status including DKIM, SPF, DMARC, and BIMI.
A poor domain reputation can cause your legitimate emails to be blocked or land in spam, damaging communication and brand trust. Early detection ensures your messages reach inboxes and keeps your domain from being misused by attackers.
£10.00 per month
Domain breach
24/7/365 monitoring of your domain(s) and email addresses thereon, which includes checking if any have appeared in known data breaches or stealer logs and monitoring for any future compromise.
Compromised credentials are one of the biggest entry points for attackers. Continuous breach monitoring alerts if your organisation’s details appear in leaked data so you can act fast — resetting passwords, protecting accounts, and avoiding further compromise.
£20.00 per month
DMARC analysis
Domain-based Message Authentication Reporting & Conformance (DMARC) active monitoring and analysis, which includes checking for any platforms and systems sending emails from your domain(s) without authorisation.
This is useful in preventing scammers posing as your organisation both externally and internally, protecting your partners and clients as well as reducing the phising emails you receive. It is also helpful in monitoring all the integrated platforms in use by your organisation for inventorying and compliance.
You can find a more detailed explanation of DMARC in our article here. And you can check your current DMARC status using our DMARC checker tool here.
£20.00 per month
Training
Cyber Security and Data Protection
Two training sessions (≤ one hour each) for Cyber Security and Data Protection. Typically, these are delivered as all-hands Zoom sessions, and recorded for those who cannot attend at the time.
The Cyber Security session includes general principles and definitions, everyday good practices, how to spot phishing, how to respond to attacks, and the legal responsibilites and obligations for users. The Data Protection session includes general principles and definitions, overviews of UK legislation such as the DPA and GDPR, how to deal with personal data, how to keep all types of data secure, and the legal responsibilites and obligations for users.
This is available as an add-on service to a Support Agreement, and is billed simply as time spent on the two training sessions.
Contact us to add this
Phishing Testing
Phishing testing involves simulating targeted email-based attacks to assess how effectively your staff can recognise and respond to potential phishing attempts. The purpose of these controlled exercises is to identify any weaknesses in your organisation’s ability to detect and mitigate such threats. We help you gain assurance in your human defences by testing how users handle phishing emails, using the same tactics that cybercriminals might employ. Our findings will support your organisation in improving security awareness and training programmes to strengthen your first line of defence.
Please note that preparations must be made before this testing can be conducted. Internal methodologies for reporting phishing need to be put in place and user training – as well as advising staff that testing will occur in the future (rather than applying a ‘gotcha’ after the fact, which is not constructive).
This is available as an add-on service to a Support Agreement as it can be subject to additional costs – for example, fake email addresses and fake landing pages are used in order to conduct the tests, which can incur short term hosting charges. Typical frequencies for testing are quarterly or annually. Detailed reporting is provided following all tests.
Contact us to add this
Certification
Cyber Essentials
Certification provided by the National Cyber Security Centre (NCSC) – the UK Government’s technical authority for cyber security. We will help you reach compliance and assist you passing the assessment to achieve certification. This must be renewed annually to maintain certification, and there are third party costs from the NCSC for the assessment process (£320–600 based on the size of your organisation).
Costs to achieve this certification will depend on whether you have a Support Agreement with us, as this impacts fees and your current compliance status. If you do have a Support Agreement with us you will likely be mostly compliant already, and will probably need to produce some written internal policies in order to complete the requirements.
Contact us for an esimate
Penetration Testing
Penetration (pen) testing involves cyber security experts attempting to find and exploit vulnerabilities in IT systems. The purpose of such simulated attacks is to identify any weak spots in these systems’ defences, which attackers could take advantage of. This helps to gain assurance in the security of your systems by attempting to breach some or all of your security, using the same tools and techniques as an adversary might.
The resultant findings will be provided in a detailed certified report with remediations, and will help improve internal vulnerability assessment and management processes. Costs for penetration testing are based on the size of your organisation and complexity of your infrastructure.
Contact us for an esimate
1Stats supplied by Microsoft during October 2025.
Prices exclude VAT.