I understand the importance of cybersecurity training. I really do.

But when the height of a 15-minute training (that is more or less the SAME TRAINING VIDEO from the year before) is just Don't Click Suspicious Links and Look for Spelling/Grammar Errors and Never Give Away Bank Details and Use a VPN on Public WiFi.

My dude. I could cry at this waste of 15 minutes of my life. This is the most reiterated knowledge, some of which is regularly repeated through YouTube VPN sponsorship ads!

Yes, companies need to cover their bases and whatnot but come ON I thought we collectively learned about phishing and scam emails back in the 2000s days of the whole Nigerian prince needs preloaded credit cards scam. Why are we all still being badgered with the same schtick and not on things like, 3rd party tracking data sold to the highest bidder and usage of professional social media that, with everything else, is BEING SCRAPED FOR GENAI HELLO. How is THAT not a "risk to company information"?

Phishing is a problem yeah but for the love of all goodness if we've completed ~training~ on it already, maybe JUST MAYBE. Consider. We don't need to sit through another mind-numbingly generic-ass animated PowerPoint on stuff we already know.

And MAYBE add a slide on your PowerPoint about bigger concerns to protect against.