Joint security awareness program with Kuopio Energy’s long-term and diverse activities

This project was delivered by Nixu, a DNV company. DNV, Nixu and Applied Risk joined forces to form DNV Cyber in 2024, creating one of Europe’s fastest growing cyber security services businesses.

Kuopio Energy, founded in 1906 and with some 140 employees today, provides energy solutions for individuals, businesses and communities alike. The company has a strong focus on sustainability and energy efficiency. 

Shared vision since 2019 

Kuopio Energy and DNV Cyber began collaborating on the information security awareness program in 2019. In information security, the knowledge and attitudes of employees and the prevailing corporate culture make a big difference. “Strengthening security awareness takes time and effort. For us, this means that the information security training has been naturally incorporated into our daily activities and is not pushed into people’s lap all at once,” says Jami Miettinen, Digital Director of Kuopio Energy. 

DNV Cyber’s and Kuopio Energy’s views on security awareness goals and ways of doing things were well aligned from the start. It was – and still is – not only about perseverance, but also about the learnings regarding secure operating practices finding their way into employees’ private lives and close circles. 

 

Strengthening security awareness takes time and effort. For us, this means that the information security training has been naturally incorporated into our daily activities and is not pushed into people’s lap all at once.

  • Jami Miettinen
  • Digital Director
  • Kuopio Energy

From trials and ingenious insights into routines 

At the heart of the Kuopio Energy and DNV Cyber information security awareness program is diversity, which keeps the theme fresh and trainings engaging. Teaching methods, channels and equipment vary, various ideas have been courageously tried out, and there has always been something new and interesting. 

“Laws, regulations, frameworks, and standards all derive from the fact that security controls alone are insufficient. Effective information security must be routine in a good way and part of people’s normal activities,” says Miettinen. 

Miettinen considers harnessing managers to participate in the program especially ingenious. One of Kuopio Energy’s performance targets is that all employees participate in four information security trainings annually, one of which is led by their direct manager. The idea is that engaging managers in the training process will make the training more personal, as they are the best people to combine the learnings with the team’s responsibilities. This makes it easier for the manager-led information security lessons to be applied to the employees’ tasks when the conversation is brought close to the team and its daily activities. “I claim that the effect is ten times stronger than that of a person looking at our operations from the outside,” says Miettinen.    

Miettinen also emphasizes that people learn best from their own mistakes. When it comes to information security, it is extremely important to allow people to make mistakes in safe conditions and situations. Here, the different simulations work well. 

Working with DNV Cyber has always been good, fruitful and easy.

  • Jami Miettinen
  • Digital Director
  • Kuopio Energy

Positive feedback and fruitful collaboration 

“Surprisingly positive,” says Miettinen when asked what kind of feedback employees have given. “Working with DNV Cyber has always been good, fruitful and easy. I believe that the positive feedback is largely thanks to the professional, meaningful and well-planned activities,” Miettinen continues. 

“Originally, the information security awareness program was maybe more based on individual topics, but now it has been refined into a comprehensive set of training tools,” says Tiina Kärkäinen, Senior Cyber Security Awareness Consultant at DNV Cyber. 

A big part of the program’s success is also the willingness of Kuopio Energy employees, including top management, to throw themselves into the action. For DNV Cyber, listening to customers and considering their needs is essential before initiating activities. 

“It’s been a pleasure to collaborate long-term on developing Kuopio Energy’s security awareness – and most importantly, it’s rewarding to see how a strong and healthy information security culture is built through a long-standing program that puts people at the heart of it,” says Hanna Raitanen, Cyber Security Awareness Team Leader at DNV Cyber. 

Kuopio Energy plans to continue and possibly also expand the collaboration with DNV Cyber in the future. Good partners are something worth holding on to,” Miettinen concludes.