Read our latest announcements, company news, security and privacy lessons, leadership thoughts and more. Subscribe below to stay up to date.
May 26, 2023
Microlearning is a learning approach that breaks down information into bite-sized pieces or small units, making it easier to understand and retain. It's an effective methodology, particularly in our fast-paced digital world, where attention spans are shorter and multitasking is more common. By focusing on one concept at a time, microlearning ensures that learners don't feel overwhelmed, fostering better engagement and comprehension.
May 25, 2023
Cloud computing has transformed the way businesses operate by providing an opportunity for companies to offload IT responsibilities to external service providers. Amazon Web Services (AWS), the leading player in the industry, provides a broad set of cloud services ranging from computing power to storage and databases. Understanding the shared responsibility model becomes crucial as companies migrate their data and applications to the cloud. This model defines who is responsible for what in the complex world of cloud security and compliance.
May 24, 2023
Many businesses, especially growth-focused startups, have shifted towards Software as a Service (SaaS) applications to streamline operations and increase productivity. While these applications bring numerous advantages, integrating them with sensitive data can expose organizations to various risks. Understanding these risks can help businesses implement the right strategies and safeguards to secure their data effectively.
May 22, 2023
Malware, another name for "malicious software," is a significant threat in today's digital landscape. It encompasses a broad range of programs and files intended to harm or infiltrate computers and networks without the users' consent. While the range of malware attacks has increased over the years, some types remain common and pose a significant risk to both individual users and organizations. This article will explore the most common types of malware attacks, their modes of operation, and their impacts.
May 19, 2023
Employee training is a core function of every successful company, regardless of size. However, the effectiveness of these programs hinges on the level of engagement of the employees involved. Therefore, it's vital to understand and track the right metrics to assess training engagement accurately. These metrics provide insight into the effectiveness of training programs, employee motivation, and the ability to apply newly acquired skills in their work.
May 18, 2023
In the evolving landscape of business, one of the most significant yet often overlooked factors contributing to operational risks is the human element. Employees, regardless of their roles, can inadvertently or intentionally create vulnerabilities that might threaten an organization's information security, financial stability, or overall reputation. Mitigating human risk, therefore, should be a priority for businesses. One of the most effective ways to minimize these risks is through cultivating a culture of security awareness.
May 17, 2023
As we close in on the halfway point of 2023, it's clear that phishing, a form of cyberattack where targets are targeted by email, telephone, or text message by someone posing as a legitimate institution, continues to be a significant threat. Near weekly attacks and data breaches resulting from phishing are in the news. This article covers the most common successful phishing techniques used this year, aiming to raise awareness and boost defenses against these insidious attacks.
May 16, 2023
In the most recent, weekly edition of Haekka Security Digest, we use a recent T-Mobile breach to highlight breach reporting laws and best practices for what to include in a breach notification.
May 15, 2023
While Slack is primarily known for its functionality as a business communication platform, its features make it an excellent candidate for an innovative Learning Management System (LMS). This post will guide you on how to adapt Slack as an LMS as a standalone system for an instructor or teacher, allowing for a unique and interactive educational experience.
May 12, 2023
Service Organization Control (SOC) 2 is a set of auditing criteria designed to ensure that organizations providing outsourced services can manage and protect the privacy and security of their client's data. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 reports are particularly important for organizations handling sensitive information in industries such as finance, healthcare, and technology. This article will delve into the training required to meet SOC 2 requirements and achieve compliance.
May 11, 2023
In the ever-evolving digital landscape, businesses face an increasing number of cybersecurity threats. To mitigate these risks, many organizations require employees to undergo mandatory security awareness training. However, it's not uncommon for employees to view these training sessions with disdain. In this blog post, we will explore the primary reasons why employees dislike required security awareness training and offer suggestions to make the process more engaging and effective.
May 10, 2023
Learning Management Systems (LMS) have become an essential tool for educational institutions and organizations, enabling them to create, distribute, and manage learning materials in a digital environment. However, the success of an LMS is dependent on the level of engagement from its users. In this article, we will explore strategies to increase engagement with your LMS, ensuring that learners benefit from the platform's full potential.
May 9, 2023
Last week was World Password Day. Our weekly, Slack-delivered Stream post reiterated best practices for setting and using passwords. We also covered the emergence of passkeys, which will likely replace many passwords in the coming years. Subscribe your team to weekly Streams in Slack today.
May 8, 2023
Software as a Service (SaaS) tools have revolutionized the way work is done, streamlining processes, improving efficiency, and promoting collaboration. However, to fully capitalize on these tools' potential and investment, we propose integrating training content to ensure employees understand and utilize the software effectively as well as apply company policies and procedures in SaaS workflows. In this blog post, we will discuss the value of integrating training content into SaaS tools, the benefits, and a step-by-step guide to successfully implementing this strategy.
May 5, 2023
As eLearning continues to evolve and expand its reach, the demand for standardized and reliable methods to track and manage learning experiences grows. Two of the most prominent eLearning standards, SCORM (Shareable Content Object Reference Model) and xAPI (Experience API), are often compared due to their respective features and capabilities. This article explores the key differences between SCORM and xAPI to help you make an informed decision when selecting the most suitable standard for your eLearning needs.
May 4, 2023
World Password Day, observed annually on the first Thursday of May, is a day dedicated to promoting better password habits and raising awareness about the importance of digital security. In today's fast-paced digital landscape, passwords play a crucial role in safeguarding our online lives. So, let's delve into the significance of this day and learn some tips to strengthen your password game.
May 3, 2023
Engagement is a crucial factor in the learning process. Whether it's in a traditional classroom setting, workplace training, or online courses, keeping learners engaged is a key determinant of success. In this blog post, we will explore the importance of engagement in training, discuss its benefits, and suggest strategies to improve engagement in various learning environments.
May 2, 2023
In this weekly Security Digest Stream, we discuss the prevalence of SaaS apps and their corresponding risk. As more SaaS apps are used to collect and connect to sensitive data, it is important to limit exposure when breaches occur, turn off access that is not required, and limit access to those that require it.
May 1, 2023
Phishing has become an increasingly prevalent threat in the digital age. Cybercriminals are continuously finding new ways to trick users into revealing sensitive information or downloading malware. In this blog post, we'll explore the different types of phishing, their characteristics, and how to stay vigilant against these nefarious schemes.
April 28, 2023
In today's digital age, the integration of SaaS apps with sensitive company data has become increasingly common. While these apps offer many benefits, such as improved productivity and efficiency, they pose significant security risks that must be carefully considered.
April 27, 2023
As cyber threats continue to evolve, companies need to recognize that their employees can be a weak link in their security program. Social engineering attacks, like phishing emails and phone scams, often rely on human error to succeed. Therefore, it's crucial for organizations to measure human risk and take steps to improve their employees' security awareness.
April 26, 2023
Keeping your workforce up to date with current social engineering scams is required to reduce the risk of human actions. But, with new technologies, especially AI and ChatGPT, new tools, content, and types of attacks are highly dynamic (think weekly). How do you keep employees up to date, maintain a security mindset, and reduce the chances of success of social engineering attacks? In this post, we cover several approaches employed by companies.
April 25, 2023
With the state of Indiana on the verge of passing new privacy legislation, it's worth noting the similarities in data subject rights between all of the recent privacy legislation. Data subject rights are at the heart of all new privacy legislation. That's why we cover it in our weekly Security Digest Stream.
April 24, 2023
COVID-19 accelerated the adoption of different work models, such as office, hybrid, and remote work. While these models offer various advantages, they also present unique human risk factors that employers and employees should consider. In this blog post, we'll explore the differences in human risk between office, hybrid, and remote work, focusing on factors such as data security, mental health, and productivity.
April 21, 2023
ChatGPTs applications range from providing assistance in customer service and technical support to being used in the mental health and educational sectors. However, with its widespread adoption, concerns about security and privacy have risen. This blog post will explore the potential threats associated with the extensive use of ChatGPT and discuss ways to mitigate these risks.