Cybercraft
← In a Box Testing

What does an attacker see when they scan your business from the internet?

The Security Health Check answers the question your board has probably already asked. A clean, repeatable assessment of your external security exposure β€” scored A to F, delivered with a clear list of what to fix.

A-F scorecard boards understand Three tiers Quarterly repeat available
A
B
C
D
F

A score your board will understand immediately

Every Security Health Check produces an A-F scorecard across your key security domains. There's no translation from technical findings to business language β€” the grade speaks for itself. A means strong. F means urgent action required. Most businesses landing here for the first time come in somewhere between C and D.

Choose your tier

Three tiers for three different questions

Pick the tier that matches what your board, insurer, or operations team actually wants to know.

1

External Surface Check

Any business that wants to know what is visible and potentially exploitable from the internet β€” a strong annual baseline.

What it covers

  • All external-facing domains and subdomains
  • Open ports and services
  • SSL/TLS certificate validity and configuration
  • Exposed admin panels and sensitive endpoints
  • DNS security configuration (SPF, DKIM, DMARC)
  • Public data disclosure
Book Tier 1
2

M365 & Entra ID Health Check

Businesses running Microsoft 365 that need a cloud identity and security pulse check β€” especially ahead of insurance renewal or a DISP application.

What it covers

  • Entra ID configuration and admin account review
  • Conditional access policy gaps
  • MFA coverage across all accounts
  • Exchange Online email security settings
  • SharePoint external sharing exposure
  • Teams data controls
Book Tier 2
3

Comprehensive Posture Check

Businesses that want a complete picture β€” external surface, cloud identity, and internal posture β€” or boards that need a defensible quarterly report.

What it covers

  • Everything in Tier 1 and Tier 2
  • Internal network visibility assessment
  • Policy and configuration review
  • Consolidated A-F posture scorecard
  • One-page executive brief
  • Quarterly trend comparison (repeat clients)
Book Tier 3

Security isn't a one-time event

The Security Health Check is designed to run quarterly β€” so you always know where you stand, and your board always has a current answer. Each quarter, your score is tracked against the previous period. Improvement is visible. Regressions are caught early.

Most clients start with a one-off check to get their baseline, then move to a quarterly cadence once they see what it surfaces.

  • Quarterly scorecard with trend tracking
  • Board-ready one-page executive brief each cycle
  • Changes in your external surface caught between cycles
  • Insurers and enterprise clients increasingly expect periodic evidence

Example: Posture score over four quarters

Q1
D
Q2
C
Q3
C+
Q4
B

Illustrative only. Starting scores vary by business.

Where to next?

βš–οΈ
Risk & Vendor Assessments Understand the business impact behind your score β€” prioritised risk register and action plan.
πŸ“„
Policy & Procedures Document the security controls your score shows you should have in place.
🚨
Incident Response Planning Know what to do when something goes wrong β€” not just that something might.

See how this fits: Insurance renewal path Β· Starting from scratch

Ready to see your score?

Tell us a bit about your business and what's prompted the question β€” we'll recommend the right tier and get you booked in.

Book your health check

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.