Or this kind of is. 🤪
But mostly we just want to tell all of you that CyberCoach on our website has learned some new tricks. It is far from AI (Artificial Intelligence), but by the looks of how ChatGPT would instruct you... it is still probably more useful (check the pic below).
New cool features of the CyberCoach Chat include: Security Culture Quiz, CyberCoach Subscription, Contact Us and Book a Meeting with our Team.
So what about ChatGPT then? It has clearly learned how security consultants talk, but its advice for how to build security culture is seriously outdated:
- No, your business is your top priority. Security should only be part of your mission and vision if you are a security company. Security needs to be designed to support your priorities, not the other way around.
- Close, but you will do better by explaining the importance of security for us as a society. What is the impact for people and society if your customer or business data leaks? Can your company’s services be used to spread disinformation? Can you do something to strengthen trust in society? By communicating to your employees that their safety is important to you, you are much more likely to get them to care about protecting your business.
- Security culture is about _how_ you implement and develop policies and procedures. If your security or IT department dictates these, you do not have a security culture. You are unlikely to even have security because your policies and procedures are unlikely to work without the input from the people whose daily work is affected by them.
- This at least we can agree on! We would go beyond this still and argue that people are more than employees. They need training, support, and tools to stay secure also outside work.
- It is 2023. Scaring people with consequences is not going to prevent mistakes, but it will prevent people reporting them and getting help. Focus on fostering an open culture of celebrating failure and learning.
- Fair enough. Making it as easy as possible is the best way to “encourage,” and making sure people dare report without having to fear consequences is even more important.
What do you think? Let us know in the comments below.
