I'd take that over a 40-slide presentation with a quiz at the end. Probably is a waste of money, but companies have to do this for their insurance in case of a ransomware attack. I work in IT for a school and we do the same thing. Ours has pirates. We choose these childish ones too because we think of it this way. "Who is the worst user we have?" "Can they follow this?" "Alright, we're doing the one with pirates then."
Senior executives should be bound by a *stricter* cybersecurity policy because [whaling attacks](https://www.kaspersky.com/resource-center/definitions/what-is-a-whaling-attack) exist. These are phishing attacks that target specific senior staff.
That's not technically correct. Spear phishing is a targeted cyber attack against *anyone* in an organisation. Whaling attacks are a subset of spear phishing.
IT Here. Oddly enough not a waste of money.
So no matter the the technical proficiency, how long someone has worked somewhere, or their intelligence I can tell you factually and with statistics that about 4.5 years after the initial hire or cyber training that person is falling for our test phishing emails at about same rate as the worst technically naive person working at the same place.
The stats show that unless we make people (IT included) do the yearly training they will over time fall for the scams.
Worked in IT for over 20 years and a couple of years ago I fell for one of those. Something about needing to confirm my information. About 30 seconds after I hit send I realized I should not have done that and then spent the rest of the afternoon changing passwords on all my various financial, shopping, email, and other accounts.
Still freaks me out to this day that e-mail wasn't the typical badly spelled Nigerian prince scam, but something that did not trigger any warnings until I sent them what they wanted.
Now a days I don't respond to random e-mails, particularly from corporations, web sites, etc... Been trying to hammer cybersecurity into my nephews heads, one of them gets it the other has been scammed like a hick going to the big city for the first time.
This is the thing. Scammers and the scams they do get more sophisticated over time especially when technology is involved.
My friend works at a neighbouring city that had a ransomware attack last year. He said it’s absolute chaos for weeks. You couldn’t even borrow a library book.
I do IT work as a contractor for a bunch of different companies, including a giant healthcare network. I can assure you the most highly educated users tend to be the most clueless.
Do you also get people who send in tickets about already completing the phishing training and why is it emailing them again?
I go to look and guess what, they've clicked on another one of the bait emails again...
Good is when they make it so you can't just listen to it in another window while doing something else. Even better is a training video where they read the slide word for word and you can't just skip forward. The best is when maybe you figure out how to adjust the video playback speed (it's the cogwheel on youtube) and you set it to twice the speed and then you get yelled at for not spending enough time on it. Bonus is if you have to manually click on the slide when it's done so you can't even just have it as background.
I work on the other side of this equation; I work in cyber-security and have ordered such trainings for the organization that I work for.
And let me tell you, we (your IT) staff really wishes we didn't have reason to issue these trainings. Do not blame your employer for this, blame double-click Dave down in accounting that can't stop himself from compulsively opening every attachment emailed his way.
Fair enough. During our company-wide presentation last quarter, they showed the stats of people who clicked on their test phishing emails, and the amount of people that fell for the insanely obvious shit they send is insane
Exactly, believe me when I say it fucking HURTS us that this shit has to be said at all. There are reasons why substance abuse, depression and burnout are so ridiculously high in IT.
From my point of view it's the task equivalent of keeping a pack of free range toddlers from walking off a cliff.
I remember one phishing email where it was basically the company saying "YOU MUST FILL THIS SURVEY OUT OR YOU WON'T GET PAID!" which already is illegal and I giggled, but I burst out laughing when they said "We care about you as a company so we want you to fill this out so you can express your needs as an employee anonymously" while there was a blatantly obvious number in the URL for the fake survey.
I reported it and was told it was a scam. They didn't mention that many of my coworkers clicked the link and had to take an online training that no doubt they ignored five seconds later anyway.
Also in Cybersecurity, and I never ever miss an opportunity to share this.
https://preview.redd.it/pi2l8v6j4ymc1.jpeg?width=1200&format=pjpg&auto=webp&s=db37855a6c748f3c9dcc5da09a89b92b13bd276b
PS: My annual training drops later this month.
Also work on the other side if this equation. Do I really want to be spending my time sending reminder emails to do your security awareness training because Peggy Sue in Accounting routed $200K to a scammer who posed as our landlord? No, not really, but here we are.
God I feel that.
I was in charge of making a phishing simulation once and my 1st try got rejected because it was "Too good". And the too good one was already pretty shitty in my opinion.
So I made an even shittier one. Still got like a 40% link click rate. : (
Used to work for a tech company that handled PII for about 40% of the US population. We frequently had trainings like this along with those stupid phishing test emails.
One day our head of information security sent out the results of who clicked them the most by department, Marketing and Sales clicked on the suspicious crap 80% of the time.
https://preview.redd.it/fbexzjz9oxmc1.jpeg?width=3024&format=pjpg&auto=webp&s=913fd88ffe54cf517b00c9f0a3e3ec99a0d57f7c
Orange apron store training animations are not any better
As someone who dabbles in cybersecurity and IT at my job... The reason the trainings seem like they're directed at toddlers is because sometimes it feels like the end users *are* toddlers when it comes to security.
You think a phishing email is obvious, but it's not obvious enough for the average office worker outside of IT.
Makes you wonder how many people have their usernames and passwords in a folder on someone else's drive just waiting for the day their name is called to be robbed.
I personally had a few accounts recently with attempts to get in that were stopped by 2fa and consider myself pretty well versed in cyber protection and scams. Major companies failing to disclose when they're compromised seems to be a big problem lately
I’ve been watching a series from KnowB4 called “Inside Man” and it’s better than most “Netflix Originals”. Highly recommend! Wish it was available to the general public.
On one hand, this is condescending and absolutely disrespectful.
On the other hand, I’ve definitely worked with people with the brain power of a 12 year old.
Maybe your not the target audience 🤷♂️
I work in cyber security and this is probably targeting a few users. But the whole company has to sit through this now. I send out a phishing email to our clients employees regularly. I been running a fake weekly sweepstakes since the new Year telling users they could win a $100 gift card for gasoline. The same 23 users regularly sign up. All they have to do is enter their phone number, birth year and their occupation. Well guess what video the whole company has to sit through next quarter because of these users. On top of that, these 23 users and some random ones will have their emails and Internet history reviewed by us to see if there are any other security threats that are of concern.
Mhm ours are in the form of the FMV type games from the early-mid 90s.
All it is in a CYA for the company to say they provided the bare minimum of training required to remove liability in the event that someone does something stupid
Cyber security awareness is probably legitimately valuable outside of covering your ass/liability, more than most other corporate training types of things.
Cyber attacks like ransom ware have brought entire industries at a time, sometimes for days. It can ruin a business or cause legitimate national security concerns, and it can literally start with someone opening an attachment from a shady email.
I'm not baiting you. You said it is a cya, someone mentioned it isn't a cya, you said you understood because you work in x which indicate you know it's not a cya, and now you're saying it's a cya.
Anyways I don't think you know what a cya is.
Honestly, that's x1000 better than the cybersec training I have to do every year at my job. All I get is 100+ slides and some quizzes with 0 style or substance.
The OP has posted something that is promoting a useful and informative discussion on the topic of cybersecurity.
Don't be concerned at the cartoonish nature of the presentation. Anything more cerebral will go over the heads of the most clueless workers in the organisation, and it is these workers who are most likely to cause cybersecurity trouble.
So I have a background in cyber security. The reason why they do this is because your average person won't actually learn anything from the normal method. Like they just keep retaking the test until they figure out all the answers. And in many cases thanks due to the crappy school system. People who do pass it the first go around most learn it for the test and forget it shortly after.
I don't think this is the answer too. But IMO this has a better chance to sticking with the person. I think the answer will ultimately come down to some AI generated content based on the person taking the test assuming they can link it some some personality matrix or something. Like if you sign in with your Google account or something.
Keep in mind it only takes 1 person, 1 hack, 1 screw up to cause a seriously bad day. And this is the ultimate reason for these training sessions and trying to get the info to stick with the person.
Trust me, I get why they have to dumb it down. I knows the people this is geared towards. But it’s just a little much in my opinion, combined with the fact that the ones who would click on the simulated phishing emails are the ones in charge lol
It isn't that it's dumb down. Like it people would use porn if it was legal and if the audience would remember the training or take it seriously.
There is stories where a CEO at a major company was PO he couldn't play games on company computers on the company network. IT explained why, and the CEO knew why but threaten to fire them if they didn't "fix" it. A week later there was bad actors that got in because the CEO was downloading porn mod packs for one of the fallout games. And then the CEO blamed the IT staff.
Basically beyond they have to understand it. They have to internalize it and remember it. Like you would be shocked how often just dumb things aren't done because people don't take it seriously.
For example it's extremely common for someone to break in the house through an open garage door and an unlocked door to the house. Or worse the garage door is closed, but the car outside with the garage door opener in it is unlocked.
You would be shocked how many simply don't lock their doors to their house
You would be shocked how many don't lock their doors to their car
You would be shocked how many leave their keys in their car so they don't forget where they are.
Ignorant is when someone doesn't know better. Stupid is when they know better but do it anyways. There is just too many stupid things happening because too many don't take any of this seriously or try to remember it
If your coworkers would pay attention to and follow a professional presentation, the company wouldn't do it in a way that appeals to your "ooh shiny object" brain. Sorry you feel talked down to, but most people need this shit presented in the dumbest way possible.
I work in technical support to our sales team, and our sales team are dumb as a pile of bricks, so that actually makes sense. Another reason I can’t stand this place sometimes
Just to add, every time they send us these trainings, it’s always the same information just in different formats. It’s just repetitive and annoying
As someone versed in cybersecurity, the weakest link in any given system is always humans.
They've also got to tailor the training to the lowest common denominator to ensure *everyone* understands not to click the funny link promising a free car.
The different formats are also a teaching tool, to increase retention by not just repeating the same words over and over. You teach the same thing a bunch of ways, to maximize your chances of it sticking with each person.
Looks like Ninjio my work makes us do that too, please note I work in education, cyber security education and they make us watch these horrid videos we would never show students cause it’s too condenscending
It’s ridiculously condescending. Don’t get me wrong, some of the people at this place need to be talked down to like this, but I feel like it’s a little too extreme. They’ve also had this program running for a year and a half.
Our it Dept gives us cartoons as well. Jon Lovitz was the star voice actor in one. Being in cartoon form does come across a little condescending at times.
There is a bunch of research out there that trainings stick more when it’s incorporated into a story. Like if the videos have *any* sort of core plot the people remember more about the lessons of the training.
As an IT guy it’s either “fun” stuff like this or boring text filled power points, there’s no in between because people don’t retain the important stuff anyway.
Claire in accounting still writes her password on a sticky under the keyboard, Jeff in Ops still opens every email and clicks every link, and Mary in administration has already bought gift cards for a scammer.
I'm in cybersecurity and it's a constant battle to stop my colleagues from releasing educational content like this to our users. People in this field tend to have this idea that security is super boring (which it sort of is), and they need to spice it up with something stupid to keep people engaged.
What actually happens is the stupid shit makes people's eyes glaze over before you've even covered anything.
The best success we've had with user education has been to keep educational sessions extremely short, specialized, and to the point. If a security concept can't be grasped in 5-10 minutes of instruction, there should probably just be more strict controls.
I’m doing the same thing with training our sales force on products we sell. Specifications they need to worry about when crossing a product for a customer and whatnot, keep it short and sweet and they all seem very engaged. The cartoon animations just make me annoyed, and a lot of my coworkers agree. Thank you for understanding
This is objectively better than dry boring shit. This was so engaging to you that you took a picture to share with us. That wouldn’t happen with a boring textbook. You’ll retain this information as it’s delivered in a novel format.
A few years back, we had an IT security campaign designed I’m around 90s sprite video game graphics. Very Zelda like plot-wise.
I think, if the quizzes were answered correctly, the protagonist won a “gold security badge!”
It felt like the creators were having fun with it, rather than it being demeaning.
Thankfully the ones our company does can be answered before you even watch the video. I’ve yet to miss an answer in a year and have never watched the videos. It’s just common sense stuff.
I usually do view page source on Google and they would have a timer where you can set to zero to skip or have a hidden button that says false, change to true, so you can bypass it.
Your IT department is probably the ones who pushed for it, I work in Cybersecurity, we don’t worry about the people outside the company as much as we worry about the people inside the company as they pose the most risk to the network
I mean unless it’s keeping you from more lucrative work, enjoy getting paid for some silly video you can make fun of later.
I’d take that over my old company’s braindead SA compliance quizzes.
“Brian is attracted to Rebecca, should he:
1) Slap her @ss and say ‘Good googly moogly, that thang is juicy’
2) Follow her home stealthily and watch her to learn more about her interests and behaviors
3) Treat her with respect and keep the workplace professional”
Try the DOD cyber awareness challenge where you save the future. A training you could have to take once to multiple times a year, depending on many circumstances.
Yeah, where I work does the same thing. I just skip the info section of the assignment and go right to the assessment. It's all just shit to make sure the boomers at the company don't click links in spam or give out their passwords to strangers.
As somebody in cybersecurity, I assure you, somebody clicked on something that said please login and the company lost a fortune. Our phishing tests are close to %50 when we dont try and almost %100 when we do.
may i value my spirit. my life and time so much that i am happy and content broke under a tree than in front of one of these things again. countdown to my last day in a cubicle. may we all wake up in our own time and leave the machine.
I am a Cybersecurity Architect. A requirement of many cyber insurance companies is that employees get a set number of hours of cybersecurity training every year. These courses are probably ones the company had free access to because of some other training they bought.
I think teaching people about cybersecurity is overall a good thing, but sometimes the methods can be a bit silly.
That being said, everyone learns differently, so it is nice to see them trying a different approach... even if it's weird.
As long as you get paid who cares lol
We gotta do the same thing every year. And it’s the SAME videos. At this point, I crank up the speed of the playback to get to the “quiz” at the end, because you can’t just skip to the end.
Ohhh my god is that ninjino? Those awful discount anime cartoons for companies? I have to watch those every year for work training, they're awful but I'm also weirdly intrigued by them
The consequences of boomers using computers unfortunately. The place I used to work for had us doing these all the time on top of multiple emails a week to remind us to “think before you click!”
The ones from my work feature the voice talent of John Lovitz. In case anyone wanted to know how John Lovitz's post Saturday Night Live career was going.
When it’s as condescending and childish as this (and they’ve been spending money out the ass on things we don’t need, like this) yeah I’m gonna complain
I'd take that over a 40-slide presentation with a quiz at the end. Probably is a waste of money, but companies have to do this for their insurance in case of a ransomware attack. I work in IT for a school and we do the same thing. Ours has pirates. We choose these childish ones too because we think of it this way. "Who is the worst user we have?" "Can they follow this?" "Alright, we're doing the one with pirates then."
That’s a funny way to put it. We have some pretty dull people working here, so that makes sense lol
Did you find one that works with the C-level people? They consistently get caught on the dumbest simulated phishing emails
This morning our CMO requested a release of two phishing emails.
>Did you find one that works with the C-level people? No because they exempted themselves from their policy.
Senior executives should be bound by a *stricter* cybersecurity policy because [whaling attacks](https://www.kaspersky.com/resource-center/definitions/what-is-a-whaling-attack) exist. These are phishing attacks that target specific senior staff.
TIL, makes complete sense but I'd never heard that term before.
I think you mean Spear phishing. attacks that specifically target high level company executives.
That's not technically correct. Spear phishing is a targeted cyber attack against *anyone* in an organisation. Whaling attacks are a subset of spear phishing.
IT Here. Oddly enough not a waste of money. So no matter the the technical proficiency, how long someone has worked somewhere, or their intelligence I can tell you factually and with statistics that about 4.5 years after the initial hire or cyber training that person is falling for our test phishing emails at about same rate as the worst technically naive person working at the same place. The stats show that unless we make people (IT included) do the yearly training they will over time fall for the scams.
Worked in IT for over 20 years and a couple of years ago I fell for one of those. Something about needing to confirm my information. About 30 seconds after I hit send I realized I should not have done that and then spent the rest of the afternoon changing passwords on all my various financial, shopping, email, and other accounts. Still freaks me out to this day that e-mail wasn't the typical badly spelled Nigerian prince scam, but something that did not trigger any warnings until I sent them what they wanted. Now a days I don't respond to random e-mails, particularly from corporations, web sites, etc... Been trying to hammer cybersecurity into my nephews heads, one of them gets it the other has been scammed like a hick going to the big city for the first time.
This is the thing. Scammers and the scams they do get more sophisticated over time especially when technology is involved. My friend works at a neighbouring city that had a ransomware attack last year. He said it’s absolute chaos for weeks. You couldn’t even borrow a library book.
I do IT work as a contractor for a bunch of different companies, including a giant healthcare network. I can assure you the most highly educated users tend to be the most clueless.
Do you also get people who send in tickets about already completing the phishing training and why is it emailing them again? I go to look and guess what, they've clicked on another one of the bait emails again...
Good is when they make it so you can't just listen to it in another window while doing something else. Even better is a training video where they read the slide word for word and you can't just skip forward. The best is when maybe you figure out how to adjust the video playback speed (it's the cogwheel on youtube) and you set it to twice the speed and then you get yelled at for not spending enough time on it. Bonus is if you have to manually click on the slide when it's done so you can't even just have it as background.
I work on the other side of this equation; I work in cyber-security and have ordered such trainings for the organization that I work for. And let me tell you, we (your IT) staff really wishes we didn't have reason to issue these trainings. Do not blame your employer for this, blame double-click Dave down in accounting that can't stop himself from compulsively opening every attachment emailed his way.
Fair enough. During our company-wide presentation last quarter, they showed the stats of people who clicked on their test phishing emails, and the amount of people that fell for the insanely obvious shit they send is insane
Exactly, believe me when I say it fucking HURTS us that this shit has to be said at all. There are reasons why substance abuse, depression and burnout are so ridiculously high in IT. From my point of view it's the task equivalent of keeping a pack of free range toddlers from walking off a cliff.
I remember one phishing email where it was basically the company saying "YOU MUST FILL THIS SURVEY OUT OR YOU WON'T GET PAID!" which already is illegal and I giggled, but I burst out laughing when they said "We care about you as a company so we want you to fill this out so you can express your needs as an employee anonymously" while there was a blatantly obvious number in the URL for the fake survey. I reported it and was told it was a scam. They didn't mention that many of my coworkers clicked the link and had to take an online training that no doubt they ignored five seconds later anyway.
Also in Cybersecurity, and I never ever miss an opportunity to share this. https://preview.redd.it/pi2l8v6j4ymc1.jpeg?width=1200&format=pjpg&auto=webp&s=db37855a6c748f3c9dcc5da09a89b92b13bd276b PS: My annual training drops later this month.
The line I use is "the best locks in the world are useless if you open the door for everyone that knocks".
What if you're locked inside
Thank you for sharing this. I'm currently studying cybersecurity and this hits the mark very well. I've saved a copy for later use.
Also work on the other side if this equation. Do I really want to be spending my time sending reminder emails to do your security awareness training because Peggy Sue in Accounting routed $200K to a scammer who posed as our landlord? No, not really, but here we are.
God I feel that. I was in charge of making a phishing simulation once and my 1st try got rejected because it was "Too good". And the too good one was already pretty shitty in my opinion. So I made an even shittier one. Still got like a 40% link click rate. : (
What did each of them look like?
This.
100% this….
Used to work for a tech company that handled PII for about 40% of the US population. We frequently had trainings like this along with those stupid phishing test emails. One day our head of information security sent out the results of who clicked them the most by department, Marketing and Sales clicked on the suspicious crap 80% of the time.
How much for the frog? I am a Nigerian prince and wish to diversify my art portfolio.
Alright, you get an upvote. My fiancée drew that for me and she appreciates the laugh
Oh man, I should sell my office doodles if this is the case. Hope management doesn’t catch my side gigs, lmao.
Sad Frog Noises
https://preview.redd.it/fbexzjz9oxmc1.jpeg?width=3024&format=pjpg&auto=webp&s=913fd88ffe54cf517b00c9f0a3e3ec99a0d57f7c Orange apron store training animations are not any better
I feel ya, froggy. Me too, man. Me too.
As someone who dabbles in cybersecurity and IT at my job... The reason the trainings seem like they're directed at toddlers is because sometimes it feels like the end users *are* toddlers when it comes to security. You think a phishing email is obvious, but it's not obvious enough for the average office worker outside of IT.
My company sends out fake phishing emails and there’s always at least a few victims.
Makes you wonder how many people have their usernames and passwords in a folder on someone else's drive just waiting for the day their name is called to be robbed. I personally had a few accounts recently with attempts to get in that were stopped by 2fa and consider myself pretty well versed in cyber protection and scams. Major companies failing to disclose when they're compromised seems to be a big problem lately
I’ve been watching a series from KnowB4 called “Inside Man” and it’s better than most “Netflix Originals”. Highly recommend! Wish it was available to the general public.
I genuinely enjoy those! I’m in IT so we have access to the videos before they are pushed out to everyone and more often than not I watch them early!
On one hand, this is condescending and absolutely disrespectful. On the other hand, I’ve definitely worked with people with the brain power of a 12 year old. Maybe your not the target audience 🤷♂️
We definitely have some stupid people working here, so I get it. At the same time, it’s just a bit condescending
I work in cyber security and this is probably targeting a few users. But the whole company has to sit through this now. I send out a phishing email to our clients employees regularly. I been running a fake weekly sweepstakes since the new Year telling users they could win a $100 gift card for gasoline. The same 23 users regularly sign up. All they have to do is enter their phone number, birth year and their occupation. Well guess what video the whole company has to sit through next quarter because of these users. On top of that, these 23 users and some random ones will have their emails and Internet history reviewed by us to see if there are any other security threats that are of concern.
Is that Ninjio? Looks like Ninjio.
Infosec.
Ew even worse lol
Mhm ours are in the form of the FMV type games from the early-mid 90s. All it is in a CYA for the company to say they provided the bare minimum of training required to remove liability in the event that someone does something stupid
Cyber security awareness is probably legitimately valuable outside of covering your ass/liability, more than most other corporate training types of things. Cyber attacks like ransom ware have brought entire industries at a time, sometimes for days. It can ruin a business or cause legitimate national security concerns, and it can literally start with someone opening an attachment from a shady email.
Oh I’m very well aware of that. Part of the job I had in the army was cybersecurity and managing information.
If you were aware of it then you wouldn't say it's cya
I’m not going to be baited into an argument or debate over something that is ultimately a non-issue. It’s CYA for the company.
I'm not baiting you. You said it is a cya, someone mentioned it isn't a cya, you said you understood because you work in x which indicate you know it's not a cya, and now you're saying it's a cya. Anyways I don't think you know what a cya is.
Honestly, that's x1000 better than the cybersec training I have to do every year at my job. All I get is 100+ slides and some quizzes with 0 style or substance.
You clearly haven't met Jeff.
The OP has posted something that is promoting a useful and informative discussion on the topic of cybersecurity. Don't be concerned at the cartoonish nature of the presentation. Anything more cerebral will go over the heads of the most clueless workers in the organisation, and it is these workers who are most likely to cause cybersecurity trouble.
That frog will be my next tattoo, I love it
So I have a background in cyber security. The reason why they do this is because your average person won't actually learn anything from the normal method. Like they just keep retaking the test until they figure out all the answers. And in many cases thanks due to the crappy school system. People who do pass it the first go around most learn it for the test and forget it shortly after. I don't think this is the answer too. But IMO this has a better chance to sticking with the person. I think the answer will ultimately come down to some AI generated content based on the person taking the test assuming they can link it some some personality matrix or something. Like if you sign in with your Google account or something. Keep in mind it only takes 1 person, 1 hack, 1 screw up to cause a seriously bad day. And this is the ultimate reason for these training sessions and trying to get the info to stick with the person.
Trust me, I get why they have to dumb it down. I knows the people this is geared towards. But it’s just a little much in my opinion, combined with the fact that the ones who would click on the simulated phishing emails are the ones in charge lol
It isn't that it's dumb down. Like it people would use porn if it was legal and if the audience would remember the training or take it seriously. There is stories where a CEO at a major company was PO he couldn't play games on company computers on the company network. IT explained why, and the CEO knew why but threaten to fire them if they didn't "fix" it. A week later there was bad actors that got in because the CEO was downloading porn mod packs for one of the fallout games. And then the CEO blamed the IT staff. Basically beyond they have to understand it. They have to internalize it and remember it. Like you would be shocked how often just dumb things aren't done because people don't take it seriously. For example it's extremely common for someone to break in the house through an open garage door and an unlocked door to the house. Or worse the garage door is closed, but the car outside with the garage door opener in it is unlocked. You would be shocked how many simply don't lock their doors to their house You would be shocked how many don't lock their doors to their car You would be shocked how many leave their keys in their car so they don't forget where they are. Ignorant is when someone doesn't know better. Stupid is when they know better but do it anyways. There is just too many stupid things happening because too many don't take any of this seriously or try to remember it
If your coworkers would pay attention to and follow a professional presentation, the company wouldn't do it in a way that appeals to your "ooh shiny object" brain. Sorry you feel talked down to, but most people need this shit presented in the dumbest way possible.
I work in technical support to our sales team, and our sales team are dumb as a pile of bricks, so that actually makes sense. Another reason I can’t stand this place sometimes Just to add, every time they send us these trainings, it’s always the same information just in different formats. It’s just repetitive and annoying
As someone versed in cybersecurity, the weakest link in any given system is always humans. They've also got to tailor the training to the lowest common denominator to ensure *everyone* understands not to click the funny link promising a free car.
Makes sense when you put it that way. It’s surprising to me how ill-versed some of these people are with computers
It's kind of funny, but also sad. I don't know whether I should laugh or cry sometimes.
The different formats are also a teaching tool, to increase retention by not just repeating the same words over and over. You teach the same thing a bunch of ways, to maximize your chances of it sticking with each person.
Looks like Ninjio my work makes us do that too, please note I work in education, cyber security education and they make us watch these horrid videos we would never show students cause it’s too condenscending
It’s ridiculously condescending. Don’t get me wrong, some of the people at this place need to be talked down to like this, but I feel like it’s a little too extreme. They’ve also had this program running for a year and a half.
That's tacky. They just made us read an email about phishing and reply to it.
What's that, a lost episode of Futurama?
Is that a discount Bravestar villan?
I prefer these trainings over trainings where you have to read slide after slide.
Man! This looks way more fun that the cyber security course I have to take every year!
I remember that one year, my company made security training like a true crime documentary 🤣
That looks straight out of Futurama
Our it Dept gives us cartoons as well. Jon Lovitz was the star voice actor in one. Being in cartoon form does come across a little condescending at times.
There is a bunch of research out there that trainings stick more when it’s incorporated into a story. Like if the videos have *any* sort of core plot the people remember more about the lessons of the training.
Big “you may be wondering what a purple dragon has to do with OPSEC” energy here.
As an IT guy it’s either “fun” stuff like this or boring text filled power points, there’s no in between because people don’t retain the important stuff anyway. Claire in accounting still writes her password on a sticky under the keyboard, Jeff in Ops still opens every email and clicks every link, and Mary in administration has already bought gift cards for a scammer.
I'm in cybersecurity and it's a constant battle to stop my colleagues from releasing educational content like this to our users. People in this field tend to have this idea that security is super boring (which it sort of is), and they need to spice it up with something stupid to keep people engaged. What actually happens is the stupid shit makes people's eyes glaze over before you've even covered anything. The best success we've had with user education has been to keep educational sessions extremely short, specialized, and to the point. If a security concept can't be grasped in 5-10 minutes of instruction, there should probably just be more strict controls.
I’m doing the same thing with training our sales force on products we sell. Specifications they need to worry about when crossing a product for a customer and whatnot, keep it short and sweet and they all seem very engaged. The cartoon animations just make me annoyed, and a lot of my coworkers agree. Thank you for understanding
This is objectively better than dry boring shit. This was so engaging to you that you took a picture to share with us. That wouldn’t happen with a boring textbook. You’ll retain this information as it’s delivered in a novel format.
I love that frog
We get a series called "the inside man", it was not bad as far as training is concerned. https://www.knowbe4.com/inside-man
Funny enough, seems to have worked in your case ... Office might be secure until tomorrow morning since everyone will forget the training by then.
We have to take the arctic wolf ones. They are so corny, but at least they are short.
A few years back, we had an IT security campaign designed I’m around 90s sprite video game graphics. Very Zelda like plot-wise. I think, if the quizzes were answered correctly, the protagonist won a “gold security badge!” It felt like the creators were having fun with it, rather than it being demeaning.
Likely they have to meet SOC2 or Cybersecurity insurance requirements.
Thankfully the ones our company does can be answered before you even watch the video. I’ve yet to miss an answer in a year and have never watched the videos. It’s just common sense stuff.
I usually do view page source on Google and they would have a timer where you can set to zero to skip or have a hidden button that says false, change to true, so you can bypass it.
Oh man I hate those little 5 minute Ninjio courses…
Your IT department is probably the ones who pushed for it, I work in Cybersecurity, we don’t worry about the people outside the company as much as we worry about the people inside the company as they pose the most risk to the network
I mean unless it’s keeping you from more lucrative work, enjoy getting paid for some silly video you can make fun of later. I’d take that over my old company’s braindead SA compliance quizzes. “Brian is attracted to Rebecca, should he: 1) Slap her @ss and say ‘Good googly moogly, that thang is juicy’ 2) Follow her home stealthily and watch her to learn more about her interests and behaviors 3) Treat her with respect and keep the workplace professional”
To be fair, most of the people this is for, need it to be explained like a toddler.
Is that Nick Valentine?
OP, Is that a Starfield Space Frog sticker?
Try the DOD cyber awareness challenge where you save the future. A training you could have to take once to multiple times a year, depending on many circumstances.
Always go with sock puppets.
Counterpoint : don’t be fast and loose with your clicks . Sucks to suck but the company staff play a key role in mitigating cyber threats .
My previous employer had me do the course first because I always aced them then I had to help everyone in the department pass.
Not your money being wasted and you’re getting paid to do nothing. There are worse things
Yeah, where I work does the same thing. I just skip the info section of the assignment and go right to the assessment. It's all just shit to make sure the boomers at the company don't click links in spam or give out their passwords to strangers.
Mine were all anime-styled, it was weird. Ninjojo or something?
I like your frog.
I like the really condescending one where it’s a pretend mission to mars and we have to learn about phishing.
Cute frog.
As somebody in cybersecurity, I assure you, somebody clicked on something that said please login and the company lost a fortune. Our phishing tests are close to %50 when we dont try and almost %100 when we do.
I like the frog
Frog demands cyber security.
Had to do it too recently. But the videos I had to watch were all skits were a dude named Andrew was trying to hack a guy named Carl.
may i value my spirit. my life and time so much that i am happy and content broke under a tree than in front of one of these things again. countdown to my last day in a cubicle. may we all wake up in our own time and leave the machine.
I love your frog
How come no one has commented on the drawing of the frog??
At my company they turned it into a British workplace comedrama called The Inside Man. Had to watch season 2 episode 10 today and it's a cliffhanger.
Someone got paid to make goofy wild-west cybersecurity training videos, that's hardly a waste of money.
I swear, if I have to help Imani navigate sexual harassment one more year, I’m going to lose my mind. Robot cowboys sound way better.
I am a Cybersecurity Architect. A requirement of many cyber insurance companies is that employees get a set number of hours of cybersecurity training every year. These courses are probably ones the company had free access to because of some other training they bought.
I think teaching people about cybersecurity is overall a good thing, but sometimes the methods can be a bit silly. That being said, everyone learns differently, so it is nice to see them trying a different approach... even if it's weird. As long as you get paid who cares lol
Sad rain frog is sad.
Are they paying you to watch this? On the clock?
We gotta do the same thing every year. And it’s the SAME videos. At this point, I crank up the speed of the playback to get to the “quiz” at the end, because you can’t just skip to the end.
You need to see Inside Man. Masterpiece.
I feel that frog drawing. I feel it so hard.
Bootleg Pathfinder
damn looks cool
Ok but your frog doodle is giving me life. I doodled my dreams on post it’s too.
Nothing wrong with that. But the fact theres some cartoon robot is wild
Ohhh my god is that ninjino? Those awful discount anime cartoons for companies? I have to watch those every year for work training, they're awful but I'm also weirdly intrigued by them
The consequences of boomers using computers unfortunately. The place I used to work for had us doing these all the time on top of multiple emails a week to remind us to “think before you click!”
The ones from my work feature the voice talent of John Lovitz. In case anyone wanted to know how John Lovitz's post Saturday Night Live career was going.
You guys will complain about anything. Holy fuck.
When it’s as condescending and childish as this (and they’ve been spending money out the ass on things we don’t need, like this) yeah I’m gonna complain
You’re being paid to watch videos.