Social Engineering Assessments

×

Email Phishing Security Assessment

Service Overview

The Email Phishing Security Assessment evaluates an organisation’s exposure to phishing attacks delivered via email, focusing on both technical controls and user susceptibility.

The objective of this assessment is to identify weaknesses in email security controls and user awareness that could enable successful phishing-based compromise.

Scope & Focus

The assessment may include, but is not limited to, the evaluation of:

• Email security gateway configuration and filtering controls
• Authentication mechanisms such as SPF, DKIM, and DMARC
• User awareness and response behaviours
• Reporting and incident handling processes
• Protection against common phishing and spoofing techniques
• Monitoring and alerting capabilities
• Integration with broader security operations
• Alignment with recognised email security best practice

The specific scope is defined during formal engagement scoping and confirmed prior to commencement.

Engagement & Delivery

The Email Phishing Security Assessment is delivered under formal scoping and explicit authorisation and is managed through the Nanorisk Security Portal.

The assessment may combine:

• controlled phishing simulations
• configuration and control review

All activities are conducted in accordance with agreed rules of engagement and designed to minimise operational impact and user disruption.

Outputs & Reporting

Clients receive:

• An Email Phishing Security Assessment report
• Identified weaknesses with contextual risk explanation
• Practical recommendations to reduce phishing-related risk
• Secure access to findings and engagement artefacts via the Nanorisk Security Portal

Findings support improved resilience against email-based social engineering attacks.

Important Notes

• This assessment focuses on preparedness and control effectiveness rather than blame or individual performance
• Findings reflect a point-in-time view of phishing resilience during the assessment period
• The assessment does not guarantee prevention of all phishing attacks

×

Smishing (SMS Phishing) Security Assessment

Service Overview

The Smishing (SMS Phishing) Security Assessment evaluates an organisation’s exposure to phishing attacks delivered via SMS and mobile messaging platforms.

The objective of this assessment is to identify weaknesses in technical controls and user awareness that could enable successful smishing-based compromise.

Scope & Focus

The assessment may include, but is not limited to, the evaluation of:

• User awareness and response behaviours
• Reporting and incident handling processes
• Mobile messaging security controls
• Protection against spoofed or malicious messages
• Integration with mobile security and monitoring systems
• Detection and response capabilities
• Alignment with recognised mobile and messaging security best practice

The specific scope is defined during formal engagement scoping and confirmed prior to commencement.

Engagement & Delivery

The Smishing Security Assessment is delivered under formal scoping and explicit authorisation and is managed through the Nanorisk Security Portal.

The assessment may combine:

• controlled smishing simulations
• process and control review

All activities are conducted in accordance with agreed rules of engagement and designed to minimise operational impact and user disruption.

Outputs & Reporting

Clients receive:

• A Smishing Security Assessment report
• Identified weaknesses with contextual risk explanation
• Practical recommendations to reduce SMS-based phishing risk
• Secure access to findings and engagement artefacts via the Nanorisk Security Portal

Findings support improved resilience against mobile messaging-based social engineering attacks.

Important Notes

• This assessment focuses on preparedness and control effectiveness rather than individual performance
• Findings reflect a point-in-time view of smishing resilience during the assessment period
• The assessment does not guarantee prevention of all smishing attacks

×

Vishing (Telephone Phishing) Security Assessment

Service Overview

The Vishing (Telephone Phishing) Security Assessment evaluates an organisation’s exposure to social engineering attacks conducted via telephone communications.

The objective of this assessment is to identify weaknesses in procedural controls and user awareness that could enable successful voice-based social engineering attacks.

Scope & Focus

The assessment may include, but is not limited to, the evaluation of:

• User awareness and response behaviours
• Verification and identity confirmation procedures
• Call handling and escalation processes
• Protection against caller spoofing and impersonation
• Incident reporting and response mechanisms
• Integration with security and fraud detection processes
• Alignment with recognised social engineering defence best practice

The specific scope is defined during formal engagement scoping and confirmed prior to commencement.

Engagement & Delivery

The Vishing Security Assessment is delivered under formal scoping and explicit authorisation and is managed through the Nanorisk Security Portal.

The assessment may combine:

• controlled vishing simulations
• process and control review

All activities are conducted in accordance with agreed rules of engagement and designed to minimise operational impact and user disruption.

Outputs & Reporting

Clients receive:

• A Vishing Security Assessment report
• Identified weaknesses with contextual risk explanation
• Practical recommendations to reduce voice-based social engineering risk
• Secure access to findings and engagement artefacts via the Nanorisk Security Portal

Findings support improved resilience against telephone-based social engineering attacks.

Important Notes

• This assessment focuses on preparedness and control effectiveness rather than individual performance
• Findings reflect a point-in-time view of vishing resilience during the assessment period
• The assessment does not guarantee prevention of all vishing attacks

×

Physical Security Assessment

Service Overview

The Physical Security Assessment evaluates the effectiveness of physical controls designed to protect facilities, assets, and personnel from unauthorised access or interference.

The objective of this assessment is to identify weaknesses in physical security measures that could enable unauthorised entry, asset compromise, or support broader cyber or insider threats.

Scope & Focus

The assessment may include, but is not limited to, the evaluation of:

• Access control systems and entry mechanisms
• Visitor management and security procedures
• Perimeter security controls
• CCTV and monitoring arrangements
• Secure areas and asset protection
• Tailgating and unauthorised access risks
• Alignment with recognised physical security best practice

The specific scope is defined during formal engagement scoping and confirmed prior to commencement.

Engagement & Delivery

The Physical Security Assessment is delivered under formal scoping and explicit authorisation and is managed through the Nanorisk Security Portal.

The assessment may combine:

• physical control review
• controlled on-site testing where permitted

All activities are conducted in accordance with agreed rules of engagement and local legal and safety requirements.

Outputs & Reporting

Clients receive:

• A Physical Security Assessment report
• Identified weaknesses with contextual risk explanation
• Practical recommendations to improve physical protection
• Secure access to findings and engagement artefacts via the Nanorisk Security Portal

Findings support improved protection of facilities and critical assets.

Important Notes

• This assessment focuses on physical security controls rather than cybersecurity controls alone
• Findings reflect a point-in-time view of physical security during the assessment period
• The assessment does not guarantee identification of all physical security weaknesses

×

Cookie Policy

This website uses a minimal number of cookies. We do not use analytics, tracking, or marketing cookies.

What cookies do we use?

The only cookies set on this website are by Google reCAPTCHA, which is used on our contact form to prevent spam submissions. These are classified as strictly necessary cookies required for the form to function securely.

reCAPTCHA Cookies

• _GRECAPTCHA — used by Google reCAPTCHA to provide spam protection on the contact form
• NID — a Google cookie used to remember preferences and provide functionality for reCAPTCHA

These cookies are set by Google. You can read Google's privacy policy at policies.google.com/privacy.

Local Storage

We do not store any personal data in your browser's local storage.

Third-Party Cookies

We do not use any third-party analytics, advertising, or social media tracking cookies.

Managing Cookies

You can control and delete cookies through your browser settings. Disabling cookies may affect the functionality of the contact form. For more information on managing cookies, visit allaboutcookies.org.

Contact

If you have questions about our use of cookies, please contact us at info@nanorisk.co.uk.

Last updated: March 2026