I’ve downloaded the app - now what?
To register, all you need is your company email address and CFC policy number (e.g. ESM1234567890). This can be found on the second page of your policy doc under Declarations. Following registration, you should then receive a confirmation email – make sure to check your spam! Your policy number will automatically update in the app when your policy renews, so there is no need to do this yourself.
What counts as an incident / when should I report an incident?
If in doubt, it’s better to reach out than not to. If you suspect something has happened, or could be about to occur, we encourage you to report it as an incident within the "Notify" tab (you can select the incident type as "other" if non-urgent). Someone from the team will get back to you within 15 minutes with the best plan of action. This all at nil deductible and may not necessarily trigger a claim.
I’ve reported an incident through the app – now what?
- A technical expert from the incident response team will get in touch within 15 minutes or less. We will run through the circumstances of your incident with you and advise you of any immediate steps that you can take.
- We will assess whether any other specialist services (forensic services, business resumption, legal, etc.) are required to get you back to business as usual.
- We will email you a summary of the incident and the appointed partner vendor will contact you to determine the level of assistance required.
- After mutually agreeing on the scope of work, we will work to get you back to business as usual as quickly as possible. Alongside this, a cyber claims specialist will be appointed who will proactively work with you throughout the lifecycle of the claim to advise you on steps that need to be taken.
Can multiple users have access to our account?
Anyone who is part of your organization can use the CFC Response app. They just need to download the app to their phone and use your policy number (e.g. ESJ1234567890) as the registration code. Response is also used to deliver real-time threat alerts, as well as reporting claims - therefore it is worth considering who you would like to have access to this level of communication. We'd recommend someone like CEO, CTO or CISO.
Can you have multiple policy numbers in the same app?
As subsidiaries are listed under separate policies, you will need to register a new account for each policy number. To do this, log out of your account for the current policy then re-register with your other policy details. You can use the same work email.
An employee who had the app has left – now what do we do?
An admin user can delete other user accounts from my response team. Simply go to 'My response team', enter teammate details, scroll to the bottom and click 'Delete user'.
If there's no admin in your company, get in touch with our internal support team at AppSupport@cfc.com, and we'll be able to assist you with these access changes.
What is Ask the expert? What sort of questions could I ask?
"Ask the expert" is a direct route for any technical questions you might have. It puts you in communication with our specialist team who will respond within 48 hours and help with cyber risk mitigation, best practices and cybersecurity services on offer.
Please note, this service is not for policy coverage questions or renewal queries. These will still need to go to your broker.
Some of our frequently asked questions are:
1. What is two-step authentication (MFA) and why might we need it?
2. How can you help us in the event of an incident?
3. How can we prevent attempts to gain unauthorised access to corporate accounts?
What cyber security tools are available and how do I access them?
Firstly, our real-time threat alerts will be your first backstop of protection. Through continuous monitoring of customer networks and analysis of the latest cyber claims, our team can spot problems quickly and send you critical alerts with guidance on rectifying any issues. You can then access the full range of cyber security tools by tapping "Tools" in the bottom navigation bar. These are entirely free and can be turned on and off as you wish.
- Phishing simulation – this is a simulated email campaign that goes out to members of your team whose credentials are most vulnerable. These emails look like common phishing emails to show users how easy it is to fall victim and to raise awareness of this criminal tactic.
- Dark web monitoring – this tool scours the dark web for information relating to your business, including corporate login credentials and other breaches of sensitive data relating to your domain name.
- Deep scanning – this service actively scans the external client network footprint to identify claims-correlated vulnerabilities that lead to cyber attacks and ransomware.
Do I need to supply any other information for the cyber security tools to work?
In order to accurately run the cyber security tools, effectively find threats and send you alerts, we need to know your IP address. You can reach out to the team at cyberthreatanalysis@cfc.com for more information regarding IP address handling.
Do the cyber security tools cost anything extra?
Nope! Access to the app is included for free to all our cyber, tech, and media policyholders.
I haven’t received any dark web monitoring notifications for a while – how do I know it’s still active?
If the switch is toggled on under the ‘Tools’ section, then it’s active. We'll only notify you at the time a breach occurs with a summary of what we found, so no news is good news! To ensure we are scanning for the correct domain, please ensure the email addresses registered on the account under 'My response team' contain the correct IP domain.
How does dark web monitoring work?
We cooperate with a partner who continually scans the dark web for breaches. They scan every day for the email address domain used at registration. If any data has been found, we instantly notify our users including all the information found.
How does deep scanning work?
This service actively scans the external client network footprint to identify claims-correlated vulnerabilities that lead to cyber attacks and ransom. If we detect anything suspicious on your network, we'll send you a notification to let you know.
How does phishing campaign actually work?
Nowadays, most companies are protected by anti-spam filters that prevent suspicious mail from landing in work inboxes. Despite security measures in place, it's still possible for malicious mail to get through and credentials be extracted from vulnerable targets.
We continuously learn about email filtering systems to work out the best tactics to use to deliver the phishing simulation email before the hackers do. As a process, we create phishing campaign lists based off compromised emails and collaborate with a verified mailing service who ensure deliverability and report on the users' reactions.
The feedback is then packaged into a report sent back to you to show who may need more training. Haven't received a phishing email? Worry not, you're being adequately protected.
Some of the email addresses the phishing campaign is targeting are outdated – where are these from?
In phishing campaigns, we include email addresses manually added by the user and all the email addresses we can find for your company online, including those breached on the dark web. As such, some older email addresses are often picked up, but we also validate the list before sending the phishing emails to help remove those likely to bounce (e.g. generic mailboxes, or former employees).
So, although an email address appears on the list, we won't always send a phishing email to that address if we believe it's no longer valid. If an email address displayed on the list is outdated, it can be removed by the user with access to tools.
I have enabled phishing, but there are no emails being targeted – why is this?
When you enable phishing, we will scan the internet for any compromised email addresses we can find for your company. If your target list does not display, this is because you have registered with an email address from generic or free email provider (such as Gmail). Understandably we don't phish these domains, so please ensure your account is registered with your company email address, then disable and re-enable phishing to see your updated target list of email addresses.
If your target list is empty, this is most likely because we have not found any emails from your domain on the internet yet. You may add your colleagues' email addresses manually - see 'How do I make changes to the list of phishing targets?' below to find out how to do this.
How do I make changes to the list of phishing targets?
To add or remove email addresses from the target list, simply click the link in either the phishing information page under 'Tools', or the link within the notification you receive when a phishing campaign starts. Only those with admin rights for tool enablement will be able to manage email addresses.
Why are CFC cyber policies encrypted?
While it’s rare for cyber policies to be the focus of a cyber attack, cyber extortion continues to be a leading cause of claims. But when encrypted, if a customer’s policy documents fall into the wrong hands they can’t be used as leverage in an extortion attempt. It only makes sense for us to offer this additional layer of protection – and peace of mind - for our cyber customers.
How do I access the decryption key for my policy documents?
In order to open your policy documents, you’ll need your policy decryption key. Go to the menu in the top right corner, where it will display under 'Contact us' if the decryption key exists for your policy. If it doesn't display in the menu (or you're in the USA), it means your policy is not encrypted and no key is required to open it.
I've renewed my policy, but can't see anywhere to update my policy number – where should I enter this?
You don't need to do anything! If you've renewed your policy, we will automatically update the policy number associated with your account in our database, so you can continue using the Response app without changing anything. If this doesn't happen automatically, you can email appsupport@cfc.com for assistance.
My company has more than one domain – can I use the tools to monitor multiple domains?
Currently, due to the need to verify the additional domains before being targeted, the Response app is only able to monitor the domain used at registration.
I’ve received a real-time threat alert about a data breach – do I need to do anything?
If you get an alert, make sure you read the full detailed report that will accompany the notification. Each alert will be different and may have different actions. If in doubt, please reach out on our "Ask the expert" chat function. The most common advice we give is:
- If a password is included in the breach, change all corporate passwords for the user where possible. Ensure you have a robust password policy in place and implement 2FA for all externally-facing accounts. Educate users about the risks of password reuse and monitor the accounts closely.
- If only addresses or phone numbers are involved, be aware that the affected users may be at higher risk of being targeted in a phishing campaign. Alert these users, monitor their accounts closely, and educate them on ways to spot a phishing email.
Do you have any educational materials or templates for cyber security best practices?
We do have an incident response plan template – simply email CyberThreatAnalysis@cfc.com and we can send it out to you. We also have guidance on how to build your own plan here, plus considerations you should keep in mind when creating the plan. You can find other infographics, case studies, advisories, and more in the ‘Knowledge’ section on our website, helping you stay up-to-date with relevant cyber content.
If there is anything more specific in terms of best practices that you are looking for, such as ways of defending against specific types of attacks or staff awareness training resources, please get in touch with Lindsey Nelson at LNelson@cfc.com and she can provide more specific advice.
How does the app scan my desktop network if it’s a mobile app?
The cyber security tools operate out of our servers, not from your device; the Response app is only required form of consent for us to operate these features. We identify your company network via the IP address linked to your company website.