Ten tips
for better awareness

It can be a big mouthful to put together an awareness campaign about information security in the workplace. We have therefore gathered ten good tips that will make it easier for you to get started.


1: Responsibility

The many rules, laws and policies from the different parts of the company, such as HR, legal department and IT, can be written in an agreed language. It is therefore a good idea to appoint one awareness manager who stays up to date and can gather the threads.


2: Management support

Support from the company's management is essential. In addition to setting aside resources for an awareness manager, managers at all levels must advocate for and help employees understand the importance of information security.

3: How much must it 'fill'?

It is a long and tough move to change bad habits for good. In addition, new employees will be added. It is therefore a good idea to set a framework for how much time the individual employee must spend on training in information security.

4: Define the objective

To be successful, you must define a clear goal. This can be, for example, raising the level of knowledge in specific areas or avoiding incidents. Once you have set a clear goal, it is easier to find the means.


5: Define the means

It is important that the material is adapted to your employees. However, the right awareness campaign can quickly take a long time to develop. Consider whether you have the resources to develop printed matter, e-learning, videos, quizzes, etc. from scratch.

6: Take into account other activities

Your employees receive a lot of information during a year. It is therefore important that you coordinate your awareness campaigns with other activities. Otherwise, your employees drown in tasks and information.


7: Campaigns or 'ongoing'

Some areas of awareness are suitable for short campaigns. These can be short tips on cybersecurity, for example. Other areas, such as IT security when working from home, require ongoing focus, especially if there is a large turnover of employees.

8: Expectations for employees

In order for your employees to understand the importance of information security, it is necessary that you clarify the dangers. Including what is expected of the employee and what happens if he or she does not follow the training.

9: Put it all in order

The more automated your awareness can be made, the easier. If you use e-learning, you must ensure that it is possible to segment and send the employees the relevant courses on predefined dates.


10: Inform before you start

When you have goals, means and expectations in place, the employees must be informed - preferably from the management. It creates peace in the individual employee to know what to do in the future and what is expected. And that raises fewer questions afterwards.

We hope you enjoy the advice

Of course, there are many more elements to an effective awareness campaign on information security. Not least when content is to be developed that possesses high professional quality, is exciting and relevant for the individual employee.

If you want to know more, feel free to contact us or book a presentation of our solution in the field of information security and GDPR.