how it works
Every CCL Protect subscription begins with a consultative Cyber Review: a practical, plain-English look at your people, processes, technology and risk exposure. You get:
A practical view of your current risks
A tailored roadmap for improving resilience
Confidence in your baseline defences
Everything is managed by our expert team and can be flexed to suit your set-up, whether you have internal IT, an MSP, or need us to be your virtual cyber function.
Get protectedTest your frontline by checking staff responses to realistic email threats.
- What is a phishing assessment?
It’s a controlled test where we send simulated phishing emails to your staff to see how they respond. The aim is to measure awareness, highlight risks, and guide training.
- Will employees get in trouble if they click the test link?
No. The goal is education, not punishment. Anyone who clicks can be redirected to a short refresher so they understand the risk straight away.
- How realistic are the test emails?
They’re designed to look just like real phishing attempts, from fake delivery notices to convincing business email, so staff get genuine practice spotting threats.
- How often should we run phishing assessments?
Quarterly is a good baseline, but some businesses choose monthly for high-risk teams such as finance or HR. Regular testing keeps awareness sharp.
- What kind of reporting do we get?
You’ll see clear, anonymised results: click rates, reporting rates, and trends over time. This helps track improvement and demonstrate progress to clients or insurers.
Identify weaknesses in your systems before attackers do.
- How often should scans be done?
At least quarterly, but monthly or continuous scanning provides better protection.
- Does it slow down or disrupt systems?
No, scans are safe, non-intrusive, and designed to run in the background.
- Do you fix the issues found?
The scans flag risks, and we provide remediation guidance. Fixes can be handled internally or via additional support.
- Is this the same as penetration testing?
Not quite. Scans identify known vulnerabilities, while penetration testing goes deeper into active exploitation and simulation.
Embed secure behaviours and address known issues.
- How is the training delivered?
Online modules, interactive sessions, and refreshers are all available depending on needs.
- Is it relevant to non-technical staff?
Absolutely, training is designed to be practical, jargon-free, and accessible to everyone.
- How often do employees need training?
Annual training with quarterly refreshers is a good baseline. CCL Protect allows for monthly sessions to cover different topics or sections of the workforce.
- Can training results be measured?
Yes, participation and performance are tracked, so businesses can demonstrate compliance and improvement.
Get alerts when stolen credentials/IP appear on criminal marketplaces.
- What types of data can be found on the dark web?
Emails, usernames, passwords, payment details, and sometimes sensitive documents.
- Does dark web monitoring stop my data from being leaked?
No, it alerts you when data is found so you can act quickly to contain the risk.
- Is my business too small to be targeted?
Not at all, attackers often target SMEs because they assume controls are weaker.
- What happens if my data is found?
We notify you immediately and recommend the right response, such as password resets or further investigation.
Track improvements, highlight concerns and evolve your roadmap.
CCL’s accreditations – CHECK, CREST and Cyber Essentials – are more than badges. They show that our work is independently tested, recognised and trusted across government, industry and law enforcement. It’s assurance that your business is in safe hands.
IT support is reactive, fixing problems when they arise. Protect is proactive, regularly scanning for risks, testing staff readiness and monitoring threats before they become incidents.
It’s a mark of trust and credibility but also of huge practical value as it means they can deploy instantly in certain environments, such as highly sensitive government and enterprise systems, where SMEs may be involved in the supply chain or developing their own protected IP.
Yes. IT providers keep systems running, but cyber security requires specialist skills, from penetration testing to incident response. Besides, IT teams can already be fully stretched with Business as Usual, so it makes sense to have security experts on call from both a resourcing and knowledge perspective.
CCL Protect gives you your own fully-fledged cyber team, without the in-house cost.
Get protected