Navigating and using your Risks Page
When you log in to your CultureAI admin dashboard, your homepage is your Risks page. Here you will see an overview of all your current open risks, broken down into nine separate sections.
In this guide, we'll look through how to navigate this page, and get the data you need from it.
What is a Risk?
Risks are security events that CultureAI has detected within your company. What you see on this page will depend on the risks you've configured to monitor.
Your Risks are split into categories, with further separate sections for each different Risk within those categories.
You've detected a Risk, what now?
Click into the risk you'd like to view, in this example, we'll look at the Email Phishing Reports.
Here you can see all the reported emails listed out, with a high level overview of each case.
Click on the 'View' button to look into the details of one of the reported emails.
You can click through the tabs at the top of the case to view the contents of the email, a screenshot of the email and other details to help to review and decide how you want to mark this report.
At the bottom of the case page, you will see a "Mark as" section, clicking one of the options will allow you choose how to mark off this report:
Risk resolved - This was a real risk but action has been taken to resolve it, such as an employee updating a weak password, or informing the employee to use SSO from now on. If we spot the same risk again, it will reopen. (Closing a risk off as risk resolved will not remove any negative impact the risk had to an employees score)
Unsure - This is for issues where you may not have a conclusive answer, and you don't feel confident if the risk raised is 100% a real risk, or safe. For example, an employee logged into a site without SSO, but you don't have SSO configured for that site, and an internal discussion is happening about enabling that (Closing a risk off as unsure will not remove any negative impact the risk had to an employees score)
Safe - Either this risk was a false positive, or something you don't consider to be a problem, for example, they logged in with a password but you're aware that at that time, there was an issue with SSO, so it's reasonable they used a password instead. (Closing a risk off as safe will remove any negative impact that the risk had to an employees score)
Auto-closing cases
You can choose to automatically close off some cases.
If someone reports a case as spam, you can choose to close off those risks automatically without an admin needing to action this.
Spam emails (while annoying), don't pose an active risk to your companies security. This prevents your case load getting clogged with spam emails, making the process of investigating phishing emails smoother.
You can also choose to have cases that have been previously reported and triaged, automatically close off with the same triage settings.
If a case comes in that's already been reported and triaged, this will then automatically close with the same settings you previously triaged it as.
Please click here to view these settings.
When you close off a case, or a case auto closes, an email will be sent out to the employee that reported the email to inform them of the case outcome.
If you'd prefer not to send these, you can disable this setting here in your dashboard.
Any simulated phishing emails that are reported, won't open a case in your Risks dashboard. Simulated Phishing emails don't need to be investigated, as we already know that these are safe and don't pose any threat to your business.
Please note, any open risks in CultureAI will auto-close after 3 months of being open with no action taken. This is to prevent old, unused cases taking space in your dashboard. You can still view them all in the overview by selecting "Closed cases" in the drop-down.
I've closed off a Risk, what do I do now?
Depending on the risk, you may have extra steps you want to take outside of CultureAI.
For example, if an employee is using a weak password, you would need to follow up with them to ensure they change this.
You should have internal processes in place to deal with situations like breached data, or an employee clicking on real phishing links.
CultureAI can help you manage your case load, by listing out outstanding cases for you to review and take any steps outside of CultureAI to manage those risks.