At Haekka, we’ve debated the terms “security awareness training”, “privacy training” and “compliance training”. We ultimately decided to use the term “security awareness training” for what we do. There’s nuance in the terms “security”, “privacy”, and “compliance”, especially when you consider each as functional groups and roles within an organization. We have spent a ton of time in this area. We felt it was worth clarifying the terms and how we use them in regards to training. Haekka offers training across each of these categories.
Security Awareness Training
Security awareness training falls into two buckets. The first is technical security training. This type of training is designed for a technical audience, such as engineers. It covers topics like the NIST Top 20 or OWASP Top 10 vulnerabilities. One example we offer at Haekka is a course that covers HIPAA on AWS. This training is designed for employees that setup and/or manage AWS cloud environments. This training is not designed for all employees.
The second bucket is what most people think of when they think of security awareness training. This type of training is designed for all employees. It covers topics around proper password usage, multi-factor authentication, and phishing. These are all areas where employees need to follow best practices to reduce the chance of a security incident or data breach. Ideally, security awareness training promotes good security hygiene. This is the most common form of training that is required by data regulations.
Privacy training is associated with data regulations and company policies and procedures. In the case of HIPAA, privacy training is required to train employees on HIPAA rules and company privacy policies and procedures. Privacy training is designed for all employees to help them understand the types of sensitive data as well as when and where that data can be shared.
One training area now required under GDPR and CCPA is data subject rights. Companies need to train their employees on the relevant data subject rights. We offer lessons on data subject rights in our GDPR and CCPA training but are also creating short courses focused solely on data subject rights for different audiences — customer support, account management, and technical support.
We also plan to launch privacy training specifically for sales and marketing teams so they can better understand privacy and use it in their materials during conversations with potential customers.
But what about compliance training?
Compliance training is the culmination of several different types of training that your organization needs to complete as part of the regime or framework you’re certifying against.
Each regulation, regime, and reporting standard is slightly different in terms of what they require for training. We’ve created mappings that outline what is required for each framework (we will be adding to this list over time). Some regulations, like HIPAA, require both privacy and security awareness training. Others, like SOC 2, require only security awareness training. Some companies, especially technology companies that cross borders and industries, need to meet multiple regulations.
Our mission at Haekka is to enable technology companies to provide relevant, effective training to all employees. This includes privacy and security awareness training. Using Haekka checks the box on compliance training as well, regardless of data regulation or regime, while building a culture of continuous improvement. We are 100% focused on being your trusted training partner.