Nukissiorfiit Strengthens Cybersecurity training with Greenlandic Courses

Nukissiorfiit is Greenlands biggest utility company. They produce and supply electricity, water, and heating to the majority of consumers in Greenland. Their public service obligation covers 17 towns and 54 settlements. 

On a daily basis, he serves as IT Manager in the IT department, where he is responsible for employee training in IT security, among many other things.

For two decades, he has worked for the company, closely following its development and gaining deep insight into both the culture and the day-to-day operations within the organization.

Before partnering with Cyberpilot, their awareness-training was primarily focused on ticking the compliance box for audits every two years and sharing internal updates on an ad hoc basis during active phishing attacks. However, there was a lack of a structured and continuous approach to awareness.

With employees spread from Thule to the east coast and a large part of the workforce without a specialized IT background, it was crucial that training was accessible and meaningful to everyone.

Additionally, Greenlandic culture is characterized by trust, a strong value in everyday life, but potentially a vulnerability when it comes to phishing.

Most employees are primarily focused on day-to-day operations.

“For them, it’s simply their job,” says Alu.

But when you work with electricity, water, and heating, the consequences of clicking the wrong link are critical to understand. That’s why it is essential that all employees learn how to identify and report phishing attacks — and question everything that lands in their inbox.

Three years ago, Nukissiorfiit implemented CyberPilot's awareness training og phishing simulations for more than 400 employees. 

A recommendation from another self-governing public company, combined with the availability of courses in Greenlandic, led to the choice of CyberPilot.

“The fact that employees can take the courses in their native language makes a big difference. It gives them a completely different level of understanding.”

The courses are distributed every other month and have become a natural part of everyday work. In addition, they receive two phishing campaigns per year. In some locations, there is even a small competition to be the first to complete a course.

At the same time, the IT team has continued its own practice of sharing internal alerts and knowledge whenever relevant threats are circulating.

And today, when an employee encounters a suspicious email, they respond with healthy skepticism and reach out to IT, saying:

“Alu, is this you sending another phishing test?”

Today, awareness is no longer something “pushed down” from IT, but rather a shared practice that naturally integrates into everyday work. Employees are far more attentive to suspicious emails and now actively forward them to IT, creating a much more open and informal dialogue across the entire organization about security and responsibility.

Understanding of risks has grown significantly, not just among those with IT experience. 

This has fostered a more mature and confident security culture, that's been developed collectively. This progress comes not only from the ongoing training but equally from the sustained efforts of Nukissiorfiit’s own IT department, which continues to keep employees informed about threats, relevant incidents, and small alerts when something is circulating.

And although real phishing attacks rarely appear in Greenlandic, course materials in the employees’ native language provide an essential foundation of understanding, equipping them to handle attacks more effectively.