A practical step-by-step guide to:
Building a Resilient Cyber Security Culture
A guide by CultureAI's GCHQ accredited security awareness professionals
Our cyber security & behaviour science experts provide a regularly updated, step-by-step and practical guide to take you from zero to having a cyber security culture where employees behave securely and proactively defend both the organisation and themselves.
Choose an option to the left to get started
Before you start
Understand what a resilient cyber security culture is and the business benefits it offers; alongside how security awareness, behaviour & culture fit together. Explore the latest in behaviour science, and see how to apply it to run incredibly effective security culture programmes.
Get management buy-in, involve stakeholders, set objectives and KPIs then communicate your security culture programme to your employee population.
Measure human risk, continuously
Start continuously measuring, benchmarking and understanding human risk and security behaviour.
1. Define your adversaries & threat actors
2. Continuously assess email filtering & identify gaps
3. Implement a continuous simulated email phishing programme
4. Import your existing phishing assessment results
5. Set up password strength assessments & audits
6. Set up continuous password exposure & breach monitoring
7. Implement continuous domain name security checks
8. Deliver security culture surveys, continuously
9. Review human risks & security behaviours regularly
10. Provide senior management with real-time security culture dashboards & reports
Empower your employees
Implement tools and resources that enable your employees to behave securely, easily.
1. Set up email & phishing filtering
2. Create a central security resource for employees
3. Create security policies, make them easy to find & accept
4. Deploy an email phishing reporting button/addin
5. Create a centralised place for end-users to report cyber threats & security incidents
6. Create a security advice chatbot
Get employees caring
Improve your employees' attitudes towards cyber security.
Raise security awareness of security threats, vulnerability & best practice
Increase your employees' understanding of cyber security threats, their vulnerability to these threats and their awareness of best practice.
Address gaps in improvement
Identify and employees and/or demographics where cyber security behaviour is not improving, and address it.