Building an effective and compelling cyber security awareness training program can be difficult. You don’t always have the time or money to do what you want to do. You don’t always have the staff to help or the support from management. You don’t always have the kind of users that you want to educate. We know it’s a tough job, but it’s yours, and so we’re going to help you.

Creating a great security awareness program requires a LOT of moving parts, a lot of planning and the whole process can be very overwhelming. So let’s step back for a minute and look at six small things to keep in mind as you plan and create your own in-house awareness training program.

  1. Security Awareness is Advertising and Marketing. Your information security awareness messages need to be ingrained into your culture. Security should become second nature. It should be in the forefront of your staff’s minds on a regular, consistent basis: From the office, on the road and at home.
  2. Security Awareness is about People. Think differently. We instill the human factor into everything we do and create a paradigm shift in the way your employees behave with respect to security. We use interactivity and relate security to people’s everyday lives by making security relevant.
  3. Make Security Awareness Personal. You need to get their attention. They need to care. So, we make security awareness personal. About protecting kids, seniors, families and friends. In ways that are immediately useful.
  4. Security Awareness Should Be Fun & Compelling. We and our customers have fun. We make security awareness fun for everyone and get significant ‘buy-in’ from staff. Have you seen the video, “How To Make a Security Awareness Program Fail”?
  5. Security Awareness is Not Just Technical. We build Cyber Security, Physical Security and People Security into a coherent Whole. We emphasize and teach behavior and environmental awareness according to your company’s security goals and policies.
  6. Security Awareness Helps Compliance. Promote your information security policy and build security aware behavior across corporate ranks. We offer specific compliance materials for HIPAA, PCI, FISMA, FERC, FFIEC and more!


So step back and look at your current program or the plan you’re putting together for your awareness program. Have you already thought about these things? Where can you build in more personal and relatable content? Where can you use more marketing tactics and advertising techniques? Can you combine compliance and security training into one awesome program?


Ashley Schwartau

Director of Production & Creative Development at SAC
After more than 15 years of working in this industry, she’s finally accepted – and embraced! – the fact that she’s a security awareness expert. She is also a book-loving, travel-blogging, French-speaking Gryffindor who is unapologetically obsessed with her cats.