As in past years, the final quarter of the year often begins with the so-called Cybersecurity Month. In this blog, we share six practical ideas you can apply to shape yours effectively. Ideas can be less formal, as long as it stays relevant to your audience. Use a bit of humour, keep things light, and involve as many people as possible in your interventions.
Our consultants below suggest ideas that have proven successful with our clients. We know better than anyone how crucial good marketing and communication around campaigns are, so be sure to give these the attention they need and leverage all the publicity cybersecurity month already receives.
Marketing makes planned cybersecurity campaigns accessible to different groups within an organisation. That’s vital, because cybersecurity is sometimes seen by employees as dry or boring, or as an issue relevant only to the IT or Security department. In reality, everyone’s behaviour contributes to whether a cyber attack succeeds.
Employees can be grouped in different categories. To engage these groups in cybersecurity, you’ll need to address their needs; your audience has to recognise and feel involved in the campaign. Someone with little cybersecurity knowledge will require more approachable content to begin learning, whereas someone more experienced might find that same content dull and uninteresting. By talking with your audience, you can adopt audience‑thinking, and then strategically map out which cybersecurity training to offer, where and in what format.
You might consider personalised emails, short informative videos, one‑pagers targeted at specific departments, or gamification. With gamification, you use point systems, badges and leaderboards tied to everyday activities to encourage behavioural change.
Even the best training programs will be ignored without a targeted marketing approach. Always ensure that the right employees receive the right message and that they understand it. You achieve this by using security awareness personas.
Organize an interactive bingo where each participant gets a bingo card listing various phishing tactics like suspicious links, unusual senders or requests for personal info. Whenever someone receives a phishing email matching one of those tactics, they can cross off a square. To increase involvement, you might offer a prize at the end of the month for the first person to complete their card. Regular updates and tips help keep up the motivation and learning to prevent phishing attacks.
Every Friday during cybersecurity month, host a short informal session (about 15‑20 minutes) maybe over lunch or some drinks. Pick a cybersecurity theme, like phishing, strong passwords, MFA, social engineering or the risks of social media. Bring in experts or awareness ambassadors, include some fun (maybe a mini raffle with a small gadget or gift voucher), and wrap up with a takeaway people can act on.
A fun way to raise awareness is a quiz (tools like Kahoot work well). Combine it with something informal like a Friday afternoon event. This makes it easier and more fun for employees to attend to your awareness event. Split participants into teams (departments vs departments can be fun), mix techy and general questions about cybersecurity, strong passwords, AI, data protection, and make sure to add some interesting trivia in between.
The most important thing is to pick security topics that are both relevant and interesting for your employees. A prize for the winning team always adds that extra incentive and makes use of that competitive element people are sensitive to. With a quiz like this , you can make sure that everyone is motivated to participate and people will gain some extra knowledge about cybersecurity in a fun and informal way!
The power of short-form video - also known as ‘shorts’ - is immense. Most people understand intuitively that when a CEO publicly supports internal initiatives, it can significantly boost their success. Yet the CEO may not feel equally accessible to everyone (or at least, that’s the perception that often exists).
But here’s the truth: the CEO shares the same goal as you do: creating an optimal work environment where both people and the organisation can thrive.
One of the most effective ways to make this connection visible is by preparing a thoughtful interview with your CEO on the topic of information security. Subjects like competitive advantage, IT dependency, and the urgency of handling data responsibly work particularly well in this setting - especially when linked to the company’s long-term resilience. Wrap it up with a clear message on why it’s important for employees to actively participate in security awareness initiatives. Make sure to prepare your questions, choose a strong internal filming location, and hit that record button!
Although the initial hype around escape rooms may have cooled slightly, their impact hasn’t. They remain incredibly popular and highly effective. If you're looking for a standout activity during cybersecurity month, an escape room experience can be a great way to bring security awareness to life. You don’t need to build an elaborate setup. A converted meeting room, company restaurant or external event space will do just fine. The idea is to create a compelling, time‑bound experience in which employees, working in teams, are challenged to defend against simulated cyber threats.
We’ve developed an escape experience where four teams compete against V-hab: a hacker that tries to breach your organization through various attack methods. Each round, four teams face off in a 40-minute challenge. With smart scheduling, you can have 25 to 35 teams participate over the course of a day. Each team receives a case with multiple compartments. In every layer, they must solve a puzzle, gradually building a deeper understanding of different types of cyberattacks and how these are typically sequenced and prepared. By solving puzzles as a team, they deflect attacks and eliminate suspicious scenarios.
We’ll provide a floating trophy, which you can proudly take back to your department at the end of the day until the next cybersecurity month comes around.
Sometimes security awareness training can feel boring. Switching it up with humour can break through. Let your internal influencers share funny security‑related memes, GIFs or videos on platforms such as Slack, Teams or Yammer.
Humour is a highly effective way to teach people something new. Funny security memes, videos or GIFs grab far more attention than traditional training and significantly boost employee engagement with your program. Why? Because laughter creates emotional connection. This makes it easier for people to remember key messages.
By involving influential people within your organization as internal influencers, your message not only gets noticed, but also gets through. Employees are far more receptive to content shared by peers. They're more likely to consume it, respond to it, and even share it with others. This peer-to-peer effect helps your message spread organically (like wildfire) through the organisation. It’s authentic, it breaks through the daily communication noise, and it works. That’s a big difference from emails sent by Security, IT or HR. Let’s be honest: some employees don’t even open those. But with the influencer route, you can reach even the hardest-to-reach audiences, turning cybersecurity into something people actually enjoy instead of something they feel they have to do.
So, put humour and internal influencers to work this cybersecurity month. Turn it into an experience employees genuinely enjoy while the most important security messages stick with them without them even realising it.
(And to help you get started, we’ve included some examples below!)
Cybersecurity month is the perfect opportunity to present your ideas around the human side of information security in a fresh and engaging way. Ride the wave of attention surrounding the theme, and combine it with humour, lightness and a touch of self‑awareness and this month will be a success.