September 13, 2019

If you are reading this, you probably already know that The Defence Works provides security awareness training with a twist. So it should come as no surprise that we are going to celebrate CyberSecurity Awareness Month (ESCM) looking at the more fun side of security awareness.

Is there really a fun and effective way to become cyber-savvy, I hear you ask. I am here to show you that yes there is, and it can be both fun and effective.


What is Cybersecurity Awareness Training Month 2019?

ESCM or Europe’s Cybersecurity Awareness Month is held in October of each year. The UK is involved in this year’s ESCM. The U.S. has its own flavour of security awareness month too. In fact, Cybersecurity awareness month has countries and companies from right across the world taking part in various events focused on security awareness.

But how does a company take a dry subject like cybersecurity and make it engaging and interesting for staff?


8-Ways to Make Cybersecurity Awareness Training Fun and Effective

Here are our 8-ways that we believe cybersecurity awareness can be made fun, engaging, and effective for all of your staff.

1. Ditch the Workshop

Employees often have to sit through, frankly, boring company training workshops on everything from health and safety to “personal development” sessions. Just mentioning the ‘workshop’ word will elicit audible sighs across the workforce.

Cybersecurity awareness is a practical thing. It is about an event, a happening, something that affects us as individuals and as a company. Some cybersecurity incidents end up costing big time. But cybersecurity attacks cost more than money, they can damage your company’s reputation, see you lose customers, and cause employees stress and loss of motivation. This needs more than a workshop mentality to make good.

Make sure that cybersecurity awareness month moves out of the classroom and into the real world. Engage your staff with scenario-based security awareness training or “In-the-Moment” training.

2. Make it Stick

Keeping it real makes the information you relay, stick. Use a security awareness event, like some of our suggestions in this article, to engage your staff. Get employees involved in training by making it interactive. Using games is a great way to make learning about cybersecurity effective too. Gamification of security awareness has been demonstrated to have more positive results.

Reinforce your message throughout the month by printing out posters on cybersecurity topics, such as those available from The Defence Works. Place the posters in places where most people see them, the work cafe, the communal kitchen area, even the back of the toilet door.

3. Make it Real

People remember events when they are meaningful and relevant. Have a phishing simulation week as part of your company’s commitment to Cybersecurity Awareness Training month. Phishing simulations help to teach people how to spot the tell-tale signs of a phishing email or text. With research showing that human error and lack of staff knowledge cause many cybersecurity incidents, it is worth adding this to your cybersecurity awareness calendar.

You can also weave phishing simulations into our next suggestion – Points Make Prizes.

4. Points Make Prizes

Take the idea of gamification of security awareness to the ultimate level by creating games with prizes. Everyone likes to win something, even if it’s just a small prize. Create simple quizzes, give a prize for the person who spotted the most phishing emails, or make up ‘Cluedo-Esque’ games like “hunt the cybercrime”, e.g.

Woman, in the hoodie stole the admin credentials with a spoof Apple phishing email

Man on the phone tricked employee into sending a £100K payment wired out of the company bank account using Business Email Compromise tricks

And so on…

Cybersecurity awareness should be fun, engaging, and overall useful. People understand that they are at risk of scams and security incidents. They know that cybercrime is on the rise. Take this knowledge and build on it, making the learning experience fun.

5. Make it Eventful

Cybersecurity events can be held throughout the month. Each could take on a theme around some subject area, many could be made into games. Events that focus on specific areas of cybersecurity could be:

  • Jargon killer – a general day where you break down the jargon of security and in the process teach people about the various aspects of staying cyber-safe.
  • Clunk Click Never Click the Link– phishing scams and how to spot the tell-tale signs.
  • Don’t pass on the password– all about password-hygiene and how dangerous sharing passwords can be.
  • The safety net– all about life on the internet and being safe online.
  • Looking at data’s private parts– all about data privacy, what it is, why you have to do it, and why it hurts if you don’t respect privacy.
  • When good emails go bad– all about email-hygiene and security good practise.
  • Hands Up!– how ransomware and other malware infects computers.
  • Home and safe– a more personal look at security at home, including identity theft, scams, and fraud.

6. Have a Laugh – oo, er, missus

Check out The Defence Works security sketches written by BBC comedy writers, oo, er, missus. Having a laugh while learning is the essence of what Cybersecurity Awareness Month is about.

7. Sing it Back

Wherever possible, give feedback on the various games and events you’ve held over the month of cybersecurity awareness. Feedback should be constructive but encouraging. Remember back to when you were at school and how important it was to get recognition of anything you’d done well; adults still need affirmative feedback.

8. Getting quizzy with it

Ok, so we all know quizzes are going to solve your problem – but they’re a great way to gauge how your users think and feel towards data and cyber-security.  Why not have a go at our quick quiz on the basics of cyber and data, here.

9. Do it Again

You don’t have to wait for another year to roll around to make sure your staff are security aware. The tricks and scams used by cybercriminals are always changing. Security awareness is an ongoing need and the October Cybersecurity Awareness month is a good way to see what works and what is less effective. To be truly successful in using security awareness training you have to do it as a regular event. Once you get into the swing of it and know what type of training you need, it becomes a much more integral part of your working day.


Stay Cyber-Aware, Stay Happy

Cybersecurity awareness is recognised as one of the best ways to prevent a cybersecurity attack. Juniper Research recently said that:

“the use of human-centric security tactics needs to take hold in enterprise security.”

Use Cybersecurity Awareness Month this coming October as a way to learn yourself what is best for your company and your staff.


Here’s some useful (free!) stuff:

To help you get your company and employees ready up for cybersecurity awareness month The Defence Works has created a host of helpful content:

Print out our security posters for around the office:


Come and join our upcoming webinar for your employees:


And use our free phishing training video to get your staff in the frame for cybersecurity awareness:


Share this: