User engagement represents one of the biggest challenges a security awareness program (SAP) can face. With so many processes, procedures, policies, and content being pushed to employees on a nearly daily basis, it can be an overwhelming amount of information for any individual to retain (or even care about). Knowing this, what is the best way to increase engagement?

To increase the adoption rate of your program and your employees’ engagement in your monthly activities, the program needs to be personalized for your organization and its culture. People are more likely to be interested in your topics and activities if they can relate to them.

Below are examples of how to add a personal touch to your security awareness program.

Free Security Products


Provide your employees with some free security tools you obtain from vendors as part of your regular license agreements. More than likely, your company has an antivirus program installed on all your work machines. Some antivirus companies, and other security tool vendors, are willing to add free home-use copies of their tools with hopes of keeping your business.

When your contract is up for renewal, work with your security department to see if free copies can be provided with your license. Employees love free products. Having an antivirus tool or other security tool for their families increases the likelihood of them adopting good security behaviors both at home and at work.

Paid Security Products


Do you have a healthy budget for your security awareness program? Invest in password managers–software that creates, stores, and syncs login credentials across multiple devices. These tools reduce inferior password processes and improve overall security. Additionally, they come with sections for personal use that can allow users to store their personal account passwords.

Your employees will quickly adopt this tool due to the plethora of passwords they handle on a daily basis. Password managers help you gain better insight into your password landscape. They also reduce the risks associated with weak authentication practices.

Security Awareness Communications


Most security awareness programs feature awareness communications that go out periodically. When writing these communications, focus on the personal aspect of the topic you plan to discuss. Then within those articles, add company-specific examples or work-related tips.

To start, make sure the title of the article or communication draws them in. For example, if you are writing an article on password security, try using one of these titles:

  • “Facebook recently had one of the biggest password breaches”
  • “Facebook stores hundreds of millions of user passwords in plain text”
  • “How to avoid personal password theft”

Then, within the article, write about the personal side of password security. How can users can protect their passwords on a daily basis? Include examples that they can relate to such as Twitter, Facebook, bank accounts, utility accounts, YouTube, etc.

Once you have explained the personal side, add tidbits or a section specific to work. Employees will be more willing to help your organization out if they believe you’re putting their protection first.

Security Training Courses or Learning Management Games/Quizzes


Just like with crafting your written communications, when you are creating your annual security awareness course or creating additional course topics, be sure to include examples or scenarios that individuals can relate to.

For instance, if you have a section on phishing, and you are teaching your employees how to spot phishing emails, use examples that they would see at home, such as fake lottery winnings or overdue taxes. Additionally, include ways users can report phishing emails they may receive at home, (https://www.usa.gov/stop-scams-frauds) as they do with emails they receive at work.

Cyber Parents


If you have a dedicated SharePoint site or location where you publish all of your security awareness content or resources, try adding a page just for parents. On that page, include resources that parents can use to help educate their kids on good security practices. Be sure to advertise this page and its resources to your employees. Include it within your annual training course and your new hire process as a perk for being an employee.

Parents will likely be eager to participate in these types of programs, as kids are their number one priority. The two best parts about programs of this nature are (1) parents will quickly adopt the security practices they are teaching their kids, and (2) the majority of these programs are entirely free! You can easily create a site using information provided by dozens of security vendors that are trying to educate our next generation. Listed below are just a few of the no cost resources your company can use to develop a cyber parents page.

Giving your program a personal touch is an easy way to increase the adoption rate and engagement while increasing users’ appreciation for the security team. If your training materials are relatable, your employees will grasp the lessons quicker and recall them more efficiently when faced with security incidents.

The Security Awareness Company works with you 1-on-1 to implement cyber awareness & compliance programs. With a greater than 95% client retention rate, we’re experts at creating human firewalls out of end-users! Get started here.

Andrew Egan

Andrew has held various roles within cyber security for the past decade — including compliance analyst at a major West Coast organization — and has an extensive background in implementing security awareness and phishing programs. He is best known for increasing adoption rates by using creative tactics to personalize security for his target audience.