Do you offer a free cybersecurity audit in Ireland?

Yes. Intellix offers a free, non-intrusive 3–5 page external cybersecurity audit for SMEs and mid-market organisations in Ireland and the UK. Delivered in 7 working days. Covers DNS, DMARC/SPF/DKIM, TLS, security headers, application surface and Business Email Compromise readiness. Mapped to GDPR Art. 32, NIS2 and MITRE ATT&CK.

How much does a paid cybersecurity audit cost?

Paid tiers start at €1,500 for the Deep-dive Report (the report most clients hand to their insurer or board — internal scan, cloud configuration review, MFA audit and risk register), €5,000 for the Full Security Assessment (external penetration test, phishing simulation, vendor coordination, retest), and €8,000 for the NIS2 Readiness Programme (gap analysis against all ten Article 21 measures, policy drafting, board briefing, CISO/DPO scorecard). For ongoing coverage: €500/quarter Quarterly Monitoring and from €1,800/month Managed Cybersecurity Oversight. Every scope is fixed-price and confirmed before work starts.

Do you build custom software in Ireland?

Yes. Custom software development is one of our core service lines. We build B2B portals, internal operational tools, ERP-grade production systems (Keystone), integrations across Shopify / Akeneo / Sage, and customer-facing platforms. Same team delivers the code, the cloud infrastructure and the long-term support. UK + Ireland delivery, EU data jurisdiction.

Do you build AI and machine-learning software?

Yes. We build applied AI and ML systems for serious operators — retrieval-augmented (RAG) assistants on private data, computer-vision pipelines for production lines, document automation, demand forecasting, fraud and anomaly detection, and LLM integration into existing software. Delivery is product-engineering-grade with evaluation, observability, cost control and EU data residency.

Can you help us comply with NIS2 in Ireland?

Yes. We deliver NIS2 readiness assessments and remediation for in-scope Irish and UK SMEs. Findings are indexed against the eight NIS2 control families (governance, supply-chain, vulnerability management, incident handling, cryptography, access control, asset management, business continuity) with a CISO/DPO scorecard. Optional ongoing oversight available.

Are you a Netgate pfSense partner?

Yes. Intellix deploys and supports Netgate pfSense for hotels, hospitality groups, food producers and B2B portal operators across Ireland and the UK. We handle the firewall design, captive-portal guest WiFi, VLAN segmentation, VPN and ongoing change management.

Do you provide DMARC, SPF and DKIM setup?

Yes. Email authentication setup is one of the highest-impact cybersecurity controls for any organisation. We configure SPF mechanisms, DKIM selectors, DMARC policy enforcement (move from p=none to p=reject safely), MTA-STS and TLS-RPT — and validate the changes via reporting. Included in the Deep-dive Report and as a standalone engagement.

Do you support hospitality WiFi and hotel IT in Ireland?

Hospitality is a core wedge for us. Hotels handle guest data, PCI scope, captive-portal WiFi, PMS / POS integrations, and 24/7 uptime obligations. We deliver hospitality-grade WiFi (Ubiquiti, pfSense), Microsoft 365 security hardening, backup and ransomware readiness, vendor coordination and ongoing managed cybersecurity oversight — built around the operational rhythm of a hotel or restaurant.

All field notes

Cybersecurity

How to check if your Microsoft 365 tenant is exposed to email impersonation

Asif Khan 16 May 2026#Microsoft 365#DMARC#BEC

Business Email Compromise (BEC) is the most expensive cybercrime in Ireland and the UK right now. The 2025 IBM Cost of a Data Breach Report put the average BEC incident at €4.5M when the wire transfer lands. The mechanics are unglamorous: a finance person gets an email that looks like it's from the CEO or a known supplier, asking to change bank details on a pending payment. It works because most Microsoft 365 tenants have at least three of the five gaps below.

1. Is SPF on `~all` instead of `-all`?

Run dig TXT yourdomain.com (or use mxtoolbox.com). Look at the SPF record. If it ends in ~all (softfail), receivers are told to accept but mark spoofed mail. If it ends in -all (hardfail), receivers are told to reject spoofed mail. Hardfail is what you want, but only after step 2 below.

2. Is DKIM signing on every sender?

Open the Microsoft 365 Defender portal → Email & collaboration → Policies & rules → Threat policies → Email authentication settings → DKIM. Confirm both selectors are enabled for every accepted domain. Then think about every other service that sends as you — Mailchimp, Stripe, your CRM, your invoicing tool, your booking engine. Each needs its own DKIM selector signed with your domain. If even one isn't, moving DMARC to p=reject will break it.

3. Is DMARC at `p=none`?

p=none means receivers ignore your DMARC policy entirely. It's where everyone starts but staying there for years tells attackers your domain is unprotected. The progression is: p=none (monitoring only) → p=quarantine (suspicious mail to junk) → p=reject (suspicious mail bounced). Most tenants we audit have sat on p=none for 3+ years.

4. Is Defender impersonation protection on for board/finance/IT?

Defender for Office 365 Plan 2 (included in Microsoft 365 Business Premium and E5) has a user-impersonation policy that catches display-name spoofing — the most common BEC pattern. Open Defender → Anti-phishing policies → check whether your CEO, CFO, IT lead and at least one finance contact are listed as 'protected users'. In 80% of the tenants we audit, this list is empty.

5. Is MFA on every account?

Not 'most accounts'. Every account. Especially shared mailboxes that finance/accounts/sales use. Especially break-glass admin accounts. Especially the dormant account belonging to the contractor who left in March 2023. Open Microsoft Entra → Users → Per-user MFA → sort by 'Multi-factor auth status'. Any account showing 'Disabled' is one phishing click from being yours-no-more.

What to do next

If any of these five made you wince: book the free Intellix external review. We run all five checks plus another twenty in 48 hours, no tenant access required. PDF brief to your inbox. Request the free review.

More field notes

Something here resonate? Talk to us →