Home > App content > Response app FAQs

FAQs: Cyber Response app

To help you get the most out of our award-winning Response app, we've put together some FAQs.

Topic

Anyone who is part of your organization can use the CFC Response app. They just need to download the app to their phone and use your policy number (e.g. ESJ1234567890) as the registration code. Response is also used to deliver real-time threat alerts, as well as reporting cyber incidents - therefore it is worth considering who you would like to have access to this level of communication.

Unfortunately, you cannot add multiple policies under one account in the Response app; you will need to register a new account with the policy number of the policy you wish to add. To do this, you should log out of the account you are currently logged in to, this will take you back to the app login screen. Then press 'register' and register with your details again using the new policy number you wish to add. Once you have registered the new account, you can log out and switch between policies.

Please note, you cannot use the same email to register another account on the app.

You don't need to do anything! If you've renewed your policy, we will automatically update the policy number associated with your account in our database, so you can continue using the Response app without changing anything.

Only an admin user is able to delete user accounts from my response team. Simply go to 'My response team', enter teammate details, scroll to the bottom and click 'Delete user'.

If there's no admin in your company, get in touch with our internal support team at appsupport@cfc.com, and we'll be able to assist you with these access changes.

Currently, the Response app is only able to monitor the domain used at registration. 

Firstly, our real-time critical threat alerts will be your first backstop of protection. Through proactive cyber attack prevention technologies, our team can spot problems fast and send you critical alerts with guidance on how to mitigate any issues. 

Additionally, you can access a range of free cyber security tools, only available to app users, by tapping "Tools" in the bottom navigation bar. These tools include:

  • Phishing simulation – this is a simulated email campaign that goes out to members of your team whose credentials are most vulnerable. These emails look like phishing emails in order to show users how easy it is to fall victim and to raise awareness of this criminal tactic.

  • Dark web monitoring – this tool scours the dark web for information relating to your business, including corporate login credentials and other breaches of sensitive data relating to your domain name.

  • Deep scanning – this service actively scans your business's network footprint to identify claims-correlated vulnerabilities that could lead to cyber attacks or ransomware.

We need to know your business domain to run the tools accurately. Additionally, for us to effectively find threats and send you alerts, we need to know your IP address. See another FAQ item relating to "gateway IP address" for more information. 

Nope! Access to Response and it's tools is free for CFC cyber policy holders.

If the switch is toggled on under the ‘Tools’ section, then it’s active! We only notify you at the time a breach occurs, with a summary of what we found, so no news is good news. To ensure we are scanning for the correct domain, please ensure the email addresses registered on the account under 'My response team' contain the correct domain.

We cooperate with a partner who continually scans the dark web for breaches. We derive the domain to scan from the email address used at registration and ask our partner if there's been a breach for it every day. If any data has been found, we instantly notify our users including all the information found. 

This service actively scans the external surface of a business's network, looking for vulnerabilities that have been known to end in an attack and claim. If we detect anything suspicious on your network, we'll send you a notification to let you know.

We scour the deep and dark web for compromised credentials from your business. We then collate these emails into a list for you to review. Once approved, we send our faux phishing email to these approved and vulnerable employees, to see who falls for fake email.

The feedback is then packaged into a report sent back to you to show who may need more training.

Haven't received a phishing email? Worry not, you're being adequately protected!

In our phishing campaigns, we include email addresses manually added by the user and all the email addresses we can find for your company online, including those breached on the dark web. As such, some older email addresses are often picked up, but we also validate the list before sending the phishing emails to help remove those likely to bounce (e.g. generic mailboxes, or former employees).

So although an email address appears on the list, we won't always send a phishing email to that address if we believe it's no longer valid. If an email address displayed on the list is outdated, it can be removed by an admin user with access to the tools.

To add or remove email addresses from the target list, simply click the link in either the phishing information page under 'Tools', or the link within the notification you receive when a phishing campaign starts.

Note that only those with admin rights for tool enablement will be able to manage email addresses. 

When you enable phishing, we will scan the internet for any compromised email addresses we can find for your company. If your target list does not display, this is because you have registered with an email address from a generic or free email provider (such as Gmail).

We don't phish these domains, so please ensure your account is registered with your company email address, then disable and re-enable phishing to see your updated target list of email addresses. If your target list is empty, this is most likely because we have not found any emails from your domain on the internet yet.

You may add your colleagues' email addresses manually - see 'How do I make changes to the list of phishing targets?' above to find out how to do this.

Unfortunately, it is not currently possible to bulk upload email addresses as targets to the phishing campaign. Targets can only be added via the Response app.

Currently, we cannot customise templates for individual customers.

We run one template per campaign for all organisations, these are often Microsoft themed as many of our customers use Microsoft services, however we do also use Google suite as a basis for some phishing templates.

Currently, the phishing and dark web monitoring tools only monitor the domain of the first account that registered for the app. However, the deep scanning tool scans for related network assets, as identified by our data science team. You can send us more domains and IPs to update our records for deep scanning. Drop appsupport@cfc.com and email for help doing this.

The sender email addresses and IP addresses will vary between campaigns, we do this to ensure that each message is unique and improve overall deliverability of the campaign. Therefore there is no requirement to whitelist any IP addresses or domains.

"Ask the expert" is a direct route for any technical cyber questions you might have. It puts you in communication with our specialist team who will will respond within 48 hours and to offer advice on cyber risk mitigation, best practices and cyber security services on offer. 

Please note that this service is not for policy coverage questions or renewal queries. These will need to go to your broker. 

Some of our frequently asked questions are:

  • What is two-step authentication and why might we need it?

  • How can you help us in the event of an incident?

  • How can we prevent attempts to gain unauthorized access to corporate accounts?

If in doubt, it’s better to reach out than to not. If you suspect something has happened, or could be about to occur, still report it as an incident within the "Notify" tab (you can select the incident type as "other"), and someone from the CFC team will get back to you within 30 minutes or less with the best plan of action. It’s what we’re here for!

  1. One of the incident response team will respond to you via telephone in 15 minutes or less. We will run through the circumstances of your incident with you and advise you of any immediate steps that you can take.

  2. We will assess whether any other specialist services (forensic services, business resumption, legal, etc.) are required to get you back to business as usual.

  3. We will email you a summary of the incident and the appointed partner vendor will contact you to determine the level of assistance required.

  4. After mutually agreeing on the scope of work, we will work to get you back to business as usual as quickly as possible. Alongside this, a cyber claims specialist will be appointed who will proactively work with you throughout the lifecycle of the claim to advise you on steps that need to be taken.

If you get an alert, make sure you read the full detailed report that will be included within the notification. Each alert will be different and may have different actions. If in doubt, please reach out on our "Ask the expert" chat function. 

The most common advice we give is:

  1. If a password is included in the breach, change all corporate passwords for the user where possible. Ensure you have a robust password policy in place and implement 2FA for all externally-facing accounts. Educate users about the risks of password reuse and monitor the accounts closely.

  2. If only your email address or phone numbers are involved, be aware that the affected users may be at higher risk of being targeted in a phishing campaign. Alert these users, monitor their accounts closely, and educate them on ways to spot a phishing email.

The cyber security tools operate out of our servers, not from your device; the Response app is only required form of consent for us to operate these features. We identify your company network via the IP address linked to your company website.

The app is only available on iOS and Android devices, such as mobile phones and tablets. The app is not currently available for download or use on laptops or desktop PCs.

We do have an incident response plan template – which you can download from here. We also have guidance on how to build your own plan here, plus considerations you should keep in mind when creating the plan.

You can find all cyber-related articles, infographics, case studies, advisories, and more on our Cyber Knowledge Hub, helping you stay up-to-date with relevant cyber events

If there is anything more specific in terms of best practices that you are looking for, such as ways of defending against specific types of attacks or staff awareness training resources, please get in touch at  cybermarketing@cfc.com and we can provide more specific advice.