Heinola Strengthens Its Security Culture with Nimblr

Industry

Technology

Challenge

The municipality had been discussing ways to improve internal security awareness. While considering whether to build a program in-house, Nimblr reached out with a timely solution that aligned with Heinola’s needs.

Results

Today, they follow trends like phishing simulation click rates and review visual dashboards that make the data actionable.

www.heinola.fi

Nimblr highlights these differences and enables more precise messaging to the right groups. Security is no longer treated as a one-off issue or something that lives solely in the IT department, it’s part of the everyday workflow

Jari Kinnunen

Chief Information Officer

About Heinola

Heinola is a small, scenic municipality in southern Finland with around 17,000 residents. Located by the water, it comes to life in the summer, drawing attention to its natural beauty and peaceful surroundings.

The Challenge

“The platform offered a ready-to-use service that was easy to understand, simple to roll out, and equipped with the reporting tools the organization found essential.” said Jari Kinnunen, Chief Information Officer.

The Solution

With Nimblr, Heinola has shifted the way it approaches communication around IT security. Targeted campaigns have helped raise awareness more effectively, while the platform’s insights identify where additional support is needed.

Heinola started with a trial, presented the results internally, and gradually expanded the rollout, from a small group of employees to eventually including the entire organization and even the city council.

“Because the organization includes a wide range of roles and knowledge levels, not everyone starts from the same baseline. Nimblr highlights these differences and enables more precise messaging to the right groups. Security is no longer treated as a one-off issue or something that lives solely in the IT department, it’s part of the everyday workflow” Jari Kinnunen continued.

"Nimblr highlights these differences and enables more precise messaging to the right groups."

The Results

The ability to track and analyze progress has had the greatest impact. Previously, Heinola lacked clear visibility into how security awareness was developing. Today, they follow trends like phishing simulation click rates and review visual dashboards that make the data actionable.

“The awareness level metric has been particularly valuable. It provides a concrete indicator of progress and confirms that their approach is working. Having data is helpful, but being able to act on it is what truly makes a difference,” added IT Designer Timo Kujala.

Advice for Getting Started

For other organizations beginning their security awareness journey, Heinola offers three key recommendations:

Build understanding at every level: Connect security to individual roles. Avoid staying too high-level; real progress starts when people relate awareness to their everyday responsibilities.
Make it continuous: Security awareness isn’t a one-time campaign. It must be ongoing and part of the organization’s culture to be truly effective.
Communicate clearly and involve everyone: A successful rollout depends on thoughtful communication. Share updates regularly, gather feedback, and be ready to adjust based on engagement.