Kuma takes great pride in supporting organizations of all size and scale through a strong sense of partnership. As experts in privacy and security, Kuma helps partner organizations protect themselves by offering comprehensive solutions that are based in knowledge and education, not a “one and done” solution.
“In order to successfully stand up and maintain a privacy and security program, organizations must first establish a sound privacy and security culture,” says Ivy Orecchio, Kuma’s Director of Privacy.
Whereas most privacy and security agencies simply identify risks and offer services or recommendations to remedy those vulnerabilities, Kuma takes a different approach, favoring education as the best long-term solution. Kuma’s comprehensive new training series on privacy and security matters ensures that all employees are cognizant of best practices and — even more important — understand the “why” behind the lessons.
Ivy, who leads Kuma’s training programs along with the other privacy and security experts on the company’s team, joined the firm in 2019 with extensive experience and advanced degrees in digital privacy and security. Before Kuma, Ivy was part of the Cybersecurity and Infrastructure Security Agency’s Office of Privacy, an arm of the Department of Homeland Security. She has an MPA in Government and Cross-Sector Management from Brown University, an MBA in Cybersecurity Issues in Business from Salve Regina University, as well as a Certificate of Graduate Studies in Cybersecurity and Intelligence, and an E-Learning Instructional Design Certificate.
At Kuma, Ivy has lent her privacy prowess and security skills to build, develop, and lead a range of innovative training programs that are helping clients improve their privacy and security know-how and defenses. Ivy is leading the charge to develop Kuma’s new training offerings that are launching in 2022.
Just one part of Kuma’s potential customized training packages, web-based training is a comprehensive and interactive method to level up your cybersecurity knowledge and skills.
Employees must be empowered with knowledge
The coronavirus pandemic accelerated digital shifts for many businesses, which had to adapt to newly remote workers, videoconferencing, virtual events, and more. Some were more prepared than others, as reports of corporate “Zoom bombings” by hackers and other incidents emerged with greater frequency. For those outside of the privacy and security sector, it’s common to think that such breaches are entirely the work of far-off, malicious actors. But that is not always the case.
In reality, sophisticated hackers rely on untrained employees just as much as unprotected systems to gain access. At Magellan Health, for instance, all it took for hackers to gain access to 365,000 patients’ data was for a single employee to make one small, seemingly meaningless mistake. Other examples of privacy and security issues don’t involve hackers at all — consider organization’s using your personal information in ways that you wouldn’t expect like building marketing profiles, or the digital ads that seem to follow you across the web for products you’ve thought about but have never searched for online.
As we’ve seen, one small mistake (or misclick) can cause irreparable damage not only to an organization’s profit but also its reputation.
Kuma, Ivy explains, understands that the way to decrease human error in privacy and security is to increase knowledge. By offering new training that actually educates employees on the roots of many privacy and security issues, Kuma is empowering them to stop potential problems before they arise. Other offerings in the marketplace are sometimes outdated, inefficient, and ineffective. Kuma saw these vulnerabilities unfolding and sought to make a change in the services offered in the industry. We are proud to say that our training programs, for large or small companies, are built by experts who are passionate about what they do. Kuma didn’t just think bigger – we made it better.
For many organizations, privacy and cybersecurity training isn’t just a recommendation — it’s a requirement that carries penalties for noncompliance. Companies that handle personal information (health, financial, contact) may be strictly enforced with regard to regulations, many of which vary state to state. Those regulations include:
- Federal Trade Commission Act (FTC Act)
- Health Insurance Portability and Accountability Act (HIPAA)
- Fair Credit Reporting Act (FCRA)
- Family Educational Rights and Privacy Act (FERPA)
- Children’s Online Privacy Protection Rule (COPPA)
- Video Privacy Protection Act (VPPA)
- Gramm-Leach-Bliley Act (GLBA)
- Electronic Communications Privacy Act (ECPA)
Going beyond ‘checking a box’
Typical privacy and security compliance training can be as lax as having employees skim through a few slides and correctly answer a handful of multiple-choice questions. Kuma’s comprehensive training rejects the “checking-a-box” approach and goes far beyond that for authentic results.
Kuma developed its training curricula with its clients in mind, understanding what employees and employers need to support privacy and security in the modern work environment. Standard training includes interactive web-based content that is streamlined and cost-effective. Kuma also can create fully customized trainings, tailored specifically to an organization’s existing policies and procedures. Kuma also analyzed what was not working in previous trainings and made it better: changing the “boring” and “mindless” to-do list items into interactive, engaging, and extremely innovative steps in a bigger process.
Kuma’s trainings are time-efficient, conveying all the necessary information and best practices as required by law while also eliminating redundancy to introduce new topics and content. Kuma can also augment online courses with live online or in-person sessions to target specific areas. Current modules that Kuma offers include Intro to Privacy, Security Safeguards, Social Engineering, Social Media and Privacy, and HIPAA Basics. New modules planned for 2022: Working from Home, Vendor Management/Privacy and Contracts, Privacy Engineering/Privacy and Agile, and PTAs and PIAs.
In addition to the new web-based trainings being launched in 2022, Kuma is providing awareness materials to all employees of their customers, such as newsletter content and weekly Slack or Teams discussion topics that feature ongoing messaging on organization-specific policies and updates. Previously, no other privacy and security company has been able to offer such comprehensive collateral to ensure that training goes beyond just one day.
What sets Kuma’s training apart from others is the level of customization that goes into each program. Every organization is unique, which is why Kuma works closely with clients to understand their areas of desired improvement as well as their company’s culture and mission. Ivy or another subject matter expert at Kuma can help draw up and implement a unique training program to address a client’s specific needs while reflecting the company’s culture and voice.
Kuma employees are all experts with years of experience who are passionate about what they do. When it comes to working directly with clients, we use a person-centered approach to analyze your true needs and empower you with the skills and knowledge to address them directly. In the vast modern privacy and security landscape, we know exactly what challenges businesses face and what they need to be successful, which in return makes us successful.
This is only the tip of the iceberg when it comes to the importance of training employees in privacy and security. Visit Kuma’s website to learn more about Kuma’s training services and other offerings. For more on what Ivy has to say on privacy and security, connect with her on LinkedIn.
Additional sources: https://www.varonis.com/blog/data-breach-statistics/
https://cisomag.eccouncil.org/psychology-of-human-error-could-help-businesses-prevent-security-breaches/
https://www.usnews.com/news/best-states/articles/2019-10-23/states-with-the-strongest-online-privacy-laws