Preparing for renewals just got easier.
Sometimes, technology can be a beautiful thing. Your mother-in-law mentions a cashmere scarf she really wants for the holidays, and two days later, it appears as an ad on Facebook. Hey, you totally forgot, but your phone didn’t! Sorry, did we say beautiful? We meant terrifying.
Unfortunately, the internet isn’t really here to be your trusted partner-in-gifting. Right now, a sophisticated phishing kit is using holiday-themed lures to trick consumers. By impersonating recognizable brands in emails, online shoppers are deceived into filling out surveys in exchange for special offers. The catch? Everyone wins a free prize, they just need your credit card info for shipping. If it’s too good to be true, it probably is. (Except the cashmere scarf — that’s perfect.)
💡 What's New on the Policyholder Dashboard?
Short answer? A lot.
Long answer? If it’s been a while since you’ve logged in, your Policyholder Dashboard definitely looks different! Check it out.
Here’s a preview of the changes you’ll find:
- Renewal-Focused Display: Your score is still displayed directly on the homepage, but now there’s an emphasis on where you stand for renewal. If you meet (or go beyond) a score of 80, you’ll pass the red needle — congrats, you’re eligible! If not, you’ll find a warning that your score has dropped below the required threshold.
- Easy Access to the Ransomware Supplemental Questionnaire: To the right, you’ll find a direct link to update all information pertinent to your internal controls. The sooner you add the relevant details, the sooner we can provide actionable security advice.
- “Recommended Actions” Tracking: A “Recommended Actions” bar now tracks your completion of each issue discovered in the Action Center. Following our guidance to boost your cyber hygiene could give you a leg up for renewals.
- Renewal and Scan Countdowns: Lastly, you’ll find two countdowns: one for your next scan, and one for renewals. No surprises = no last minute stress.
Risk + Response Tips
Security tips and service updates from SVP of Risk + Response Lauren Winchester
We view our relationship with policyholders as a partnership in risk mitigation. For any good relationship to flourish, we need open communication. Let us introduce the Environment Overview, where the floor is yours.
When the Corvus Scan looks at your external perimeter, it measures risk tied to your organization’s digital assets. This includes websites, email services, servers, and vendors. We want to be more transparent about what we see and what you can do — all in one easy, actionable location.
The “Associated Domains” section shows everything the scan has found using your primary domain, while “Excluded Domains” are domains the Risk + Response team has determined (with your guidance) not to be relevant in your overall risk assessment.
If you see something that doesn’t feel representative of your environment, click Request Additional Information on your dashboard to get in contact with the Risk + Response team.
What to watch for this month.
The Corvus Scan is a powerful asset that enables us to identify which policyholders may be at greater risk for vulnerabilities. We’ve gathered a monthly round-up of alerts and threat intel updates below:
Providers of advertising technology are facing legal and regulatory scrutiny over their handling of personal information using pixel technology (advertising analytics tool which tracks user activity). What you need to know.
On November 8th, 2022, Citrix released an advisory detailing several security flaws (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516) in Citrix Gateway and Citrix Application Delivery Controller (ADC). Citrix Gateway is commonly used as a remote access solution and Citrix ADC is a networking appliance for web applications. What you need to know.
ICYMI — Our November Threat Intel Updates
- Emotet Malware (Back Again), Law Firm Impersonators, & Dropbox Breach
- Exploiting Zero Days, Citrix Vulnerability, & SEO Poisoning
- Hive Ransomware, Holiday Phishing Scams, & Amazon RDS Leaks Data
This newsletter and its contents are intended for general guidance and informational purposes only. This newsletter is under no circumstances intended to be used or considered as specific insurance or information security advice.