Awareness Campaigns That Work – Learning with Fun and Story

Many know boring security training that you quickly forget. That it can be done differently is shown by an example: a medium-sized company starts an awareness campaign as a detective game. Mysterious clues about security gaps appear in emails and on bulletin boards, employees become "cyber detectives" in teams – in the end, they solve a fictional case together and learn a lot about IT security in the process.

That may sound unusual, but it's highly effective. In this article, you'll learn how to design creative awareness campaigns that stick in your mind and are even fun.

Why Campaigns?

An awareness campaign bundles several measures under a motto or in a time period to specifically increase attention. Unlike isolated training, a campaign creates an experiential character. People learn better when emotions and practical experiences are involved. A good campaign appeals to both heart and mind – perhaps with humor, perhaps with competition.

Ideas for Your Awareness Campaign

Security Quiz Competition

Host weekly 5-minute quizzes about IT security over a month. Teams can collect points, there's a prize at the end. The quiz questions should be practical, e.g., "Which email could be phishing?" with several examples. The format is entertaining and creates a playful learning experience without distracting from everyday work.

Strong Password Month

Dedicate a month to the topic of passwords. Every week there's a tip via email, posters humorously show insecure passwords, a tool for testing password strength is provided, at the end there's a "password check day" where everyone should review and improve their passwords. Make it interactive: let employees develop password categories ("movie title plus birthday = insecure") and design these as "warning posters."

The Phishing Detectives

Turn recognizing phishing into a team game. Distribute harmless but deceptively real phishing test emails over several weeks. Teams collect points for correctly identified phishing emails. At the end of a campaign, there's a brief training that highlights the typical characteristics of real and fake emails. This way, employees actively learn to recognize threats instead of passively following a presentation.

Security Escape Room

For a special conclusion to an awareness initiative: design a temporary "cyber security escape room" in the meeting room. Teams must solve IT security puzzles to "escape." This creates team spirit and remains in memory as a special experience.

Success Factors for Awareness Campaigns

The Right Tone

IT security doesn't have to be dry. A humorous but serious undertone can work wonders. Avoid technical jargon and speak the employees' language. For craftsmen, choose different images than for office workers. With the right tone, you reach more people and create acceptance.

Using Storytelling

People remember stories better than facts. Develop a campaign around a story: "The adventure of Max, the new employee who must safely survive his first year in the company." Or use examples from real life: "How Company X lost 50,000 euros through a simple mistake – and how we can prevent it." Such stories stick and are passed on.

Playing Multiple Channels

People absorb information differently. Therefore, combine emails, posters, intranet posts, short videos, and personal conversations. This way, you reach different learning types. A good mix of digital and analog formats is particularly effective.

Practice Tip

Create an annual plan with 3-4 awareness campaigns on different topics (e.g., phishing, passwords, clean desk policy, social media security). Between campaigns, there should be phases without special activities so the information can be processed. For each campaign, involve employees from different departments to create practical content. This way, the topic of cybersecurity remains present all year without being tiring.