Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & Training

5 tips for an effective security awareness program

By Ellen M. Sturgeon
employee training
July 6, 2022

For those of us with the grueling task of designing a holistic security awareness program, building it is only one part of the equation.

The “check the box” mentality when it comes to remaining compliant with cybersecurity standards will no longer fly. Chief information security officers (CISOs) and executive leadership teams are demanding more creativity and ingenuity of the human element in that space. This means digging deeper to find the secrets of security awareness success and how to turn those lemons into lemonade.

Tip #1: Gauge the organization’s vision

Network across the multitude of business units in the organization. Interview and survey/initiate focus groups utilizing a variety of demographics to gain a sense of how they view security, their thoughts on the policies requiring company acknowledgement, and what they deem as important.

Find out what employees and leadership think about content and communications sent out. Do they want content that includes more visuals that can aide in the technical jargon? Are there employees whose first language is not English? Do you have a generation that grew up in the digital age and would love to engage more on your social media sites? What types of engagement do they want more of or less of? If your tone at the top is aligned and flexible then you are one step closer to a unified security culture.

Using these questions can help security leaders develop a process for creating a successful security awareness program based off of organizational priorities:

  • Let’s take a page out of business school and ensure your goals are specific. Will this security goal be achievable each month or quarter? Will your plan gradually modify behaviors and impact the overall culture gradually?
  • What good are goals if they’re not measurable? Ensure you have the necessary metrics to back up your ongoing campaign goals and the changes you are trying to achieve. Measure all program campaigns which could range from training completions, simulated phishing metrics, engagement events, marketing promotions and newsletters.
  • Translate your metrics into actionable goals. An example could be increasing event engagement by 5% per quarter or increasing the overall phish reporting rate by 2% each month by continuously branding the security message in communications using unique channels.
  • This space is about reducing risk, but be willing take a risk. So, what if you’re aggressive in setting goals? Perhaps you can recruit force multipliers across the organization to help deliver long-term plans. If the security team doesn’t have internal marketing talent, think about employing someone with a marketing/sales/communications/teaching background with soft skills, patience and high emotional IQ who may not be a seasoned cyber professional, but knows a thing or two about how to influence human behavior. The security team is a tiny blip compared to the rest of the organization. Use resources and influencers wisely.

Tip #2: Weave security culture into organizational culture

This is where the tone at the top can make or break a security awareness program. It’s vital for the survival of the program to partner with leadership to determine how you can influence the organizational culture.

Be willing to create unique cyber promotions, contests and escape rooms, and garner support by teaming with HR, marketing and/or the corporate social responsibility groups. Come up with a reward or point system to reinforce security best practices, create a baseline, and see where it leads. We could all use some healthy, spirited competition these days, and leaders will never turn down a competition!

Tip #3: Redefining cyber hygiene and cyber IQ

People are busy with their day jobs while simultaneously getting hit with huge doses of messaging from across and outside of the organization. How will security stand out and drive the message home in the most succinct and meaningful way? Send bite-size content along with a link to direct them to the remainder of the communications with exciting visuals to draw people in.

Tip #4: People come in all shapes and sizes

How well do you know the people who make up your organization — the regions, divisions and demographics? How you address everyone — from Baby Boomers to Generation Z, from traditional formats to more tech savvy on social media — will make all the difference in your choice of delivery to avoid communications going awry. Research!

Tip #5: Forward thinking

Know that a successful security awareness program is never one and done. It will consistently be reformed and evolve for the better. Test your program — you may fail at times, but the failures will transform into successes and be wins before long. Be realistic about awareness campaigns and be fully committed. Consistency is key. Patience is the other key.

Lastly, never make it the sole responsibility of the engagement & awareness person to carry out the entire program on their own shoulders without management support. It is a monumental task to continuously educate, inform and modify behaviors of the entire organization. Everyone must contribute to succeed. A great quote by Henry Ford sums it up best: "If everyone is moving forward together, then success takes care of itself."

KEYWORDS: benchmarking reports cyber security awareness employee security security awareness training security culture

Share This Story

Ellen m. sturgeon head shot1569363024691 (1)

Ellen M. Sturgeon has been an ardent Engagement & Awareness professional since 2015, integrating unique channels and methods into security awareness programs to educate and inspire associates with Fidelity Investments and Aventiv Technologies. Ellen kicked off her career in the marketing and media industry before transitioning into technology risk and cybersecurity.

Ellen earned her Master’s in Cybersecurity from the University of Dallas and a Digital Marketing & Communications professional certification from Southern Methodist University.

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing