The thing that is missing in the security training landscape is simple - it’s connecting security to employees. All too often security training is designed, at worst, to check boxes and, at best, it is done outside the context of work. The gaping hole in how people do security training today is connecting security - best practices, hygiene, empowerment - to actions employees take.

Despite being called security awareness, the typical vendor does not improve the security of the companies using it and the typical vendor does not make employees more security aware. Work today requires a different approach to security awareness based on connection at various, ideally all, points where there are security and risk implications.

Below is a sampling of workflows where a connection between employees and security is needed 👇👇

👋 Connecting to Security @ Onboarding

When new employees start work, the goal for security training should be two-fold:

1. Establish a baseline of knowledge; and
2. Educate employees about company-specific security policies and procedures.

The notion of onboarding should be extended beyond general employee onboarding to onboarding to new groups, offices, and tools.

🛠 Connecting to Security @ When Using SaaS

SaaS applications are how work gets today today. And, increasingly, there are 100s if not 1,000s of SaaS applications in use by each company. The nature of SaaS means these applications - what you can do, how they can be configured, their integration touch points, etc. - are constantly changing.

And, a lot of the actions employees take in SaaS applications, what we call the flow of work, have security implications. Security training needs to be integrated into SaaS and SaaS needs to be integrated into security training.

🦹 Connecting to Security @ as Scams Emerge

The approaches cyber attackers take are constantly evolving. Specifically, social engineering attacks such as phishing attacks use new themes, files, and techniques to scam users into giving up valuable information.

Security needs to connect with employees on an ongoing basis to 1) keep them informed of new scams and 2) keep social engineering top of mind as employees work.

🗃 Connecting to Security @ When Sharing Files

Sharing files has never been easier. With the click of a button, files can be shared not just within a company but externally. The same goes for cloud databases of data (see below 👇).

The tools employees use to share files have their own, specific sharing configurations. Security training should be integrated into these file sharing workflows. And non-integrated security training should contain specifics about the sharing tools in use by the employee.

☁️ Connecting to Security @ When Configuring Cloud Resources

Most product companies run cloud resources for all, or at least part, of their product production environments. One of the most powerful features of the cloud is that developers can manage it themselves. But, with that management comes risk from misconfiguration. There have been many data breaches that have resulted from cloud misconfigurations.

While there are tools that provide guardrails for cloud configurations, end users of the cloud still have varying degrees of autonomy. Connecting security to the configuration of the cloud is only going become more imperative.

💰 Connecting to Security @ Procurement

Procurement is the process of approving new tools. Many of those tools today are SaaS tools. For most companies, security is an essential part of the procurement process. But, the integration of security with procurement is often centered around security sign off of the tool and not educating admins and users about how to use the tool in a way that does not put data at risk. Security should be connected to the procurement process to ensure not just security signoff but secure use of new tools.

☑️ Connecting to Security @ Audit Time

Audits are still a primary use case for security training. This check-the-box approach is not about security. Why not check-the-box while going beyond this low bar to connect security to employees in all of the above situations?

Security Connection Platform

Haekka is a platform designed to bring security to employees whenever and wherever they work - SaaS, the cloud, remote, etc. Our goal is to connect security to employees and level the playing field so that employees are equipped and empowered to secure their own workflows.