The document outlines strategies for a successful Cybersecurity Awareness Month, detailing metrics for measuring success and suggested training topics. It emphasizes the importance of communication, recommending a structured training cadence and creative engagement methods to enhance participation. Additionally, it provides resources, tools, and tips for organizations to effectively promote cybersecurity best practices among employees.

1. Empowering
Your Workforce
Strategies for a
Successful Cybersecurity
Awareness Month

2. Meet your
speakers
Emma Waite
Product Marketing Manager – Infosec IQ
Camille Raymond
Customer Marketing Manager

3. OVERVIEW
➤ The metrics needed to show success
➤ Content and training cadence
➤ Communication plans
➤ Other creative ways to promote cybersecurity
awareness month
➤ How to continue the momentum/engagement
What will be covered?

4. What should you do
before October starts?

5. What metrics should be collected before?
Captured from inside your security awareness training platform
• Training completion rates
• Phish rate
• Email report rate
Collected from security/incident response team and tools
• Security events
• Infected devices
• Lost/stolen devices and security badges
• Requests blocked via a proxy server
• Security portal traffic
• Password strength data
Before kicking off Cybersecurity Awareness Month, it is important to look at employee-related risk data
to show success.

6. What training topics should be covered?
Other recommended topics:
• IoT Devices
• Using AI tools securely
Use the collected metrics:
• Example: Did you see more security
events for your remote workers?
Include a training module on working
remotely best practices.
The National Cybersecurity Alliance recommends
focusing on these four key behaviors:
Recognizing and
reporting phishing
Using strong passwords
and password manager
Enabling multi-factor
authentication
Updating
software
Download our free NCASM toolkit for a training plan, newsletters and more!

7. Determining the right cadence
Weekly
Training content (30 days to complete)
• Course that covers the 4 recommended topics
+ multiple choice quiz
Simulated phishing tests
• 2 to 3 simulated phishing tests sent at random
Supplemental resources:
• Weekly emails/newsletters that focus on each
training topic
Monthly
Training content (5 days to complete)
• Week 1: Recognizing and reporting phishing
• Week 2: Passwords and password managers
• Week 3: Enable MFA
• Week 4: Software Updates
Simulated phishing tests
• 1 test sent at random each week
Supplemental resources
• Weekly emails/newsletters that match the
weekly topic
This important step helps you communicate to stakeholders and to your organization what they should
expect – which leads to higher engagement rates.
Download our free NCASM toolkit for complete training plan

8. Communication is key to driving engagement
Gain buy-in for your program by
sharing:
 Employee risk-related metrics
 High-level training plan for the
month
 Providing them with resources they
can provide to their teams
Kick-off Cybersecurity Awareness
Month with an employee presentation
covering:
 Overview and best practices
around training topics
 What employees should expect
throughout the month
Download our free NCASM toolkit for a sample presentation!
Stakeholders Organization

9. During October
(and beyond)

10. Creative ways to drive engagement
• Internal competitions
– Department who reports the most phishing emails
– Team who completes the most optional training
• Cyber trivia
• Phishing tournament – DIY phishing emails
• Extra campaigns + fun content
• Unlocked computer spotters
• Physical security challenge
• Incentives
• Tabling

11. Assessing and communicating results
Stakeholders
 Use reporting tools to generate
graphs/dashboards
 Note: Infosec IQ customers can use My
Dashboards to automatically share these
results throughout the month
Organization
 Congratulate everyone!
 Communicate future training plans
Download our free NCASM toolkit for sample email communication
Compare employee-risk metrics from
the beginning of the month to the
end.

12. Continue the
momentum
Use the positive results and
participation as a springboard to
build out your security awareness
training program. These results will
help get stakeholder and
organizational buy-in
Low engagement rates?
• Send out a survey to the
organization to collect feedback
• See if there is a way to get
department leaders more
involved

13. Tips from Infosec Insiders
• "Be patient – this may be all new to your
learners"
• Experiment - figure out how people will actually
respond, what incentives tend to draw them in -
William G.
• Add weekly calendar reminders to ensure topics
and resources are sent out
• Enlist the help of other departments –
marketing, corporate comms, leadership and
others

14. We’re rolling out
the red carpet for
NCSAM 2023
1 training module
1 assessment
5 posters
4 newsletters
4 email templates
1 employee presentation
Download Now

15. About us
Infosec puts people at the center of
cybersecurity through role-guided training
that’s accessible and engaging. We help IT
and security professionals advance their
careers with skills development and
certifications while empowering all
employees with security awareness and
phishing training to stay cyber-safe at work
and home.
www.infosecinstitute.com