The Colorado Privacy Act, or CPA, is new legislation passed by the Colorado State Government this year. The new legislation is similar to other state privacy laws like CCPA in California and CDPA in Virginia. Without a clear path to federal privacy regulation, understanding state laws is imperative.
Read full article →Two high-profile cyber attacks on critical infrastructure companies have shed much-needed light on the growing threat of ransomware across multiple sectors and industries in the last few months. Why are these pricey and dangerous attacks happening so much more frequently?
Read full article →In this post, we cover what topics should be covered when providing security awareness training to remote employees. As employees shift to remote, they need help to ensure they are secure and your networks are secure, regardless of where the actual work is performed.
Read full article →The Cybersecurity Maturity Model Certification (CMMC) was developed by the US Department of Defense (DoD) as a framework for companies providing technology and services to the DoD. DoD contractors are required to implement a cybersecurity awareness training program to participate in the CMMC.
Read full article →Information security is a priority topic for all companies in 2021. This high priority spans markets, industries, and infrastructure (cloud and on premise). Companies need to prove they can be trusted with sensitive data. Most typically, this trust comes in the form of a SOC 2 report.
Read full article →Security awareness has evolved since the early 2000s, but it’s an area that needs to be constantly updated and changed in order for companies to protect their data and maintain trust in the market. Companies will invest more and more resources into effective security awareness.
Read full article →If a business falls under CCPA compliance requirements, executives and managers must take the necessary steps towards meeting these requirements. We’ve distilled the process of complying with CCPA down into 9 short steps. Use this as a primer for CCPA.
Read full article →The American subsidiary of JBS, the world’s largest processor of fresh beef and pork, suffered a cyberattack that left their North American and Australian operations paralysed last month. The North American shutdown of the meat processing giant, who supplies meat to fast food chain McDonald’s.
Read full article →The last year was transformative for many businesses, as COVID shutdowns forced brick-and-mortar businesses to pivot to a digital presence and digital businesses began seeing more traffic than ever before. With increased attention comes an increased potential for phishing attacks.
Read full article →The most challenging aspect about securing your workforce when it’s remote is ensuring that your remote workers are in the right mindset to protect data. Having a security mindset is challenging in the office but it’s a lot harder at home or in a coffee shop. Here are some ideas that might help.
Read full article →Regardless of size or type (B2B vs B2C), all companies should do some form of security awareness training. Security awareness training should go beyond checking the box. Employees need help to make better security hygiene decisions every day.
Read full article →Slack is the operating system of many companies. As such, securing it is imperative for Slack admins. We put together a basic list of 8 tips to help Slack admins securely manage their Slack instances. This post is written for new admins to Slack.
Read full article →As Slack cements its place as the communication tool of choice for many businesses, it has increasingly become a target for attacks. The statistics are real - Slack reduces email by up to 80%. Social engineering, a primary type of cyber attack, requires communication. And today that means Slack.
Read full article →No matter what role an employee plays in an organization, they should understand essential security awareness topics and how to protect the company (and themselves) from potential cyber-attacks and security breaches. Here are a few of the most critical topics to cover in 2021.
Read full article →Starting today, anyone can sign up for Haekka for free. This will give you access to the entire product for teams of 10 or less. For larger teams, you can still sign up and kick the tires without paying, which will provide the opportunity to give Haekka a try without having to worry about a time lim
Read full article →Today we’re excited to announce that we’ll be joining the Winter 2021 class of Techstars Boulder — virtually of course! Our decision to join the program came after meeting Andres and the Techstars team. We examined where we are as a company and what our goals are over the next 12-24.
Read full article →We could not be more excited to finally announce our pre-seed round of funding — a round we closed last spring but delayed the announcement. Raising capital in the middle of a global pandemic was particularly challenging, but also exciting. Market conditions forced a lot of good questions for us.
Read full article →2020 is over. Many people are breathing a sigh of relief, though 2021 feels a lot like 2020 so far. The trends in security awareness are going to be shaped by the changes that went into place in 2020 and are not going away in 2021.
Read full article →In our last post, we covered the SANS Security Awareness Maturity Model. At Haekka, we take a slightly different view of security awareness programs, something we call human risk maturity. We view security awareness from the perspective of the goal, or job to be done (JTBD).
Read full article →At Haekka, we think about security awareness in stages. We start with basic awareness, move up to engagement, and then on to effectiveness. Each of these stages corresponds to a job to be done (JTBD). We’ll cover these stages in a later article. This post is focused on a similar model from SANS.
Read full article →Phishing is something every company should be actively trying to prevent. Phishing is the most commonly exploited threat to your company’s data. The lack of social engagement around phishing training is a missed opportunity to build user engagement and promote good security hygiene.
Read full article →Haekka is a security engagement platform. Technology companies hire Haekka 1) to check the box on security awareness training and 2) to engage employees in security and privacy, building it into their cultures. This post describes the two types of training content on Haekka
Read full article →We get asked about HIPAA training all the time. While most companies know that HIPAA requires some form of training, the details about what is required are often unknown or unclear. This post clarifies what HIPAA requires for training your employees.
Read full article →Employees cannot be expected to stay up to date on cybersecurity best practices and privacy regulations on their own. This is why security awareness training is more important than ever. Find out what topics to include in your security awareness training.
Read full article →Phishing is a massively common form of attack and, due to the scale of it, accounts for 80% or more of all security incidents. Software packages, sold and distributed on the dark web, are used by malicious groups to automate and scale these attacks. So what messages trick us into clicking?
Read full article →At Haekka, we’ve debated the terms “security awareness training”, “privacy training” and “compliance training”. We ultimately decided to use the term “security awareness training” for what we do. We felt it was worth clarifying the terms and how we use them in regards to training.
Read full article →Micro-training, as we define it at Haekka, is comprised of lessons that can be consumed in under 5 minutes. By focusing on content that provides high value for the work people are doing at technology companies, we see drastic improvement across six core components of learning.
Read full article →Protecting the data and privacy of your users has never been more critical. The burden of cybersecurity not only weighs heavy for companies in highly regulated industries but for businesses of any size. Growing companies can address this challenge with effective security awareness training.
Read full article →The advent of the LMS coincided with the emergence of digital learning. As work has moved from disconnected systems and silos to integrated workflows anchored on open, continuous communication (think Slack and Teams), training has not kept pace. Slack-native micro-training solves these problems.
Read full article →ComplianceOps is the union of people, process, products, and data to maximize continuous adherence to policies and procedures. Compliance and Operations have long operated in silos and the problems associated with this disjointed approach have become untenable for modern technology companies.
Read full article →Today, the business world operates at the speed of trust. Now, as never before, trust is a differentiator. If your company offers products and services to other businesses, it is essential that you build and maintain trust.
Read full article →With the growing focus on privacy and personal data, it has become table stakes for every B2B, and many B2C, companies to attest, or comply, with an established framework or regulation. Whether mandatory (HIPAA, GDPR, CCPA, FERPA, IRAP, PCI, etc) or by choice (SOC 2, HITRUST, etc), every company...
Read full article →In times of crisis, there’s a trade-off between personal rights and government powers. COVID-19 is opening up some very worthwhile debates about personal privacy, surveillance, and the public good. With so much uncertainty surrounding COVID, both from the start of it up until today, there are a...
Read full article →With COVID, it feels like just about everything has been flipped on its head. What was not possible just a few months ago is now suddenly the new normal. Healthcare, for one, has been at the front lines of these changes. While frontline healthcare workers in places like New York and Louisiana...
Read full article →At Haekka, we want to solve the pain of bad security awareness training for growing companies. Our vision is for customers to hire Haekka to solve security awareness in totality without leaving modern tools like Slack. In the process, we build good security hygiene practices into day-to-daywork.
Read full article →