Why IT Leaders Choose Curricula for Employee Security Awareness Training
Cohere Health is a fast-growing SaaS company on a mission to transform healthcare management. With more than $56M in funding (the latest being a Series B round of $36M) the information security team at Cohere knew they had to do employee security awareness training to be in compliance with HIPAA plus ensure employees were properly trained.
In this case study, learn more about:
- Why security was a top priority even before the company raised its funding
- How cyber security awareness training is part of new employee onboarding
- What their team is doing to meet compliance standards while also having fun
Most of the training in HIPAA is very dry with a ‘check the box’ kind of mentality… I was looking for something different and was introduced to Curricula. I loved this new idea with how to present this information.
Why a 2x customer continues to choose Curricula
Jared first started using Curricula at his previous company when he was looking to do something different for security awareness training. With his extensive background working with IT compliance requirements for information security, he understood that having engaging content would be a differentiator for his fellow employees.
After he joined the scaling team at Cohere, Jared knew he wanted to implement Curricula again. He explained how the management team recognized the importance of launching employee security training even though the company was still in its pre-seed stage.
“When I joined at Cohere, this was one of the first platforms I set up,” Jared said, knowing he would need security training for HIPAA standards.
Cohere started with a security training program early, when the company was less than 30 employees, recognizing the importance of how establishing a security program can help with meeting or exceeding compliance rules.
Now with nearly 200 employees, and projecting to double their headcount again this year, building a culture around security is even more important not only for compliance but also for the overall health and success of the organization.
New hire onboarding includes cyber security training
With the increasing number of cyber attacks around the world, security awareness training should be part of new employee onboarding training from Day 1. New hire training is even easier with Curricula, and Jared shared how Curricula’s assignments feature allows for admins to create a group for new hire onboarding with assigned training.
“We have an assignment with three courses to get acquainted with our cyber security culture,” Jared explained, “and then we migrate their group to active employees so they’re included with our normal cadence of ongoing security awareness training.”
For new employees, those first three episodes include:
- Intro to Cybersecurity
Like many high-growth organizations, employee onboarding classes are scheduled for every two weeks. With these new groups of people coming in, it helps to have a programmatic approach in developing a culture of security along with organizational culture, especially when compliance is at stake.
In addition to the security awareness episodes, Jared shared how they also leverage the phishing simulator to “phish” employees at Cohere; however, the phishing tool wasn’t a determining factor in choosing a security training platform.
“The phishing simulator is a great feature that we decided to use, and it was definitely insightful,” Jared said. “We caught some employees, and we’re in the phase now where the users who got caught from the initial test are getting re-tested a month later.”
He explained that if an employee repeatedly failed a phishing test, then they would schedule a 1-1 to talk through best practices for not clicking on a phish-y email.
“Nothing compared to the inventiveness that Curricula offered…”
The star of our animated security awareness training episodes is our villain, DeeDee. Although she’s a fictional hacker, she represents very real threats such as phishing and social engineering. Over the years, she’s also evolved to become the AI behind Curricula’s phishing simulator.
At Cohere, employees have become a fan of DeeDee and her ridiculous schemes. “I get feedback monthly from our employees that ‘this is so great,’ and ‘we want to see what happens with DeeDee next’,” Jared shared. ”It’s definitely engaging.”
Having fun with security awareness training is a great way to keep people engaged, and this even can be omnichannel. Some Curricula users will dress up as DeeDee and bring her to life. At Cohere, they have dedicated internal communications for security.
“We have a security HIPAA channel on Slack, after an episode has been open for a bit, I’ll post in there something you can only know from watching the content,” Jared said. “Everyone is doing the training and partaking, from leadership on down.”
It’s important to recognize how security training can affect your company culture. Security is a topic that changes every day and needs to be top of mind every time an employee interacts with technology, especially for meeting compliance standards such as HIPAA.
With the ever-increasing threat of cyber attacks, it’s not just IT who is responsible for cyber security but the entire organization. Rallying your team around security, and having fun while doing it, will help to set everyone up for success.