How we make safety part of everyday work
As cyberattacks increase and cybercriminals increasingly target people, it is becoming clear that information security can no longer be an annual project – it has to be a natural part of our everyday work. That was the starting point for the Junglemap webinar “Information Security 2026 – a part of everyday work” where Per Lagerström spoke with Hanna Rönnqvist, Ingrid Ytre-Arne and Johan Lugnet from Luleå University of Technology.
News in the course Information Security for All Employees 2026
Hanna Rönnqvist, Learning Content Specialist at Junglemap, presented this year’s update of the popular course. The format remains the same – short, engaging NanoLearning lessons – but the content has been sharpened in several areas:
- Greater focus on social engineering – the largest attack surface today. Participants are encouraged to reflect on how manipulation, both digital and physical, can deceive even well-trained employees.
- New lessons on insider crime and physical security, with the link to human error at the centre.
- AI manipulation is highlighted as a growing threat, with particular emphasis on AI-enhanced phishing.
- New dilemmas and quizzes based on real events from 2025 – making the learning more relevant and engaging.
- A new design and improved interactivity, with the option to choose between a classic or a more playful interface.
The goal remains the same: to keep security topics alive throughout the year, rather than treating them as a one-off box-ticking exercise.
From “check the box” to a learning culture
Johan Lugnet, Associate Professor of Cybersecurity at Luleå University of Technology, reinforced the same message from a research perspective: organisations that want to succeed in their security efforts need to move from one-off initiatives to continuous learning.
He drew a comparison with the world of sport:
“Athletes train continuously, vary their training, and evaluate every effort. Organisations must do the same in information security.”
The key, he argued, is active learning and critical thinking – ensuring employees reflect, discuss, and translate knowledge into practical action.
Success should not be measured by how many people have “completed the course”, but by changes in behaviour – for example, increased reporting of phishing attempts, or managers starting to raise security in planning meetings.
Engagement – a perishable asset that needs follow-up
Ingrid Ytre-Arne, Customer Success Manager in Norway, stressed that engagement is essential – but also fleeting:
“It’s easy to create a strong start, but difficult to sustain it over time. Engagement has to be built into everyday work.”
She recommended using the reporting system in Junglemap’s platform to follow up on learning, involving managers in that follow-up, and making use of the feature as a complement to the manager training course.
Three principles that work
During the discussion, the panel repeatedly returned to the NanoLearning method, which is built on three core pillars:
- Repetition – regular short reminders throughout the year.
- Reflection – dilemmas and quizzes that encourage participants to think.
- Reinforcement – repetition and retrieval practice that help knowledge stick.
“We know that you can forget up to 80% of what you learn after just a week – that’s why the spacing effect is so important,” Hanna Rönnqvist explained.
Tips from the panel
The panel concluded by sharing a few keys to success:
- Don’t kick off too aggressively. Spread the lessons out and let learning take time.
- Use the reporting function. Follow up, engage people, and measure real impact.
- Adapt the language. The platform makes it easy to tailor text for different organisations – businesses, municipalities, or others.
- Let senior leadership take the course. Managers’ engagement is contagious and shows that security matters.
