Your end of year security awareness checklist

It’s that time of the year to take out your end-of-year security awareness checklist. Don’t have one prepared? We have your back.

1- Assess the success of your 2023 program 

Before diving into the future, take a moment to reflect on the past. The reactions and results of your 2023 program should greatly affect how you plan for 2024. So, before taking any steps further, make sure to assess the results of the past year’s security awareness initiatives. Start by asking these questions:

• What were your 2023 KPI/Objectives?
• What were the results of the KPIs? How many of them were met?
• What were the causes of these KPIs being missed or met?
• How many phishing reports were you getting at the beginning of the year? What about now?
• What was the general perception and culture around security awareness at your business in January? And now, in November?
• What should you take into next year?
• What should you leave behind?

After answering these questions, you should already have a clear idea of what 2023 taught your security team and what will be taken into 2024. 

2 – Interview your team 

Numbers won’t tell you everything you need to know about the success and failures of your program. The biggest reflection of your security awareness program will be found in the words of your team members. Speaking to your employees will give you a clear picture of the current security culture of your company. They’ll tell you what they believe went right, what they believe went wrong, and what needs to happen next. 

Before the end of the year, take time to book one-on-ones with team members. If you’re in a small team, you’ll luckily be able to talk to most people. If you are in a larger team, try booking with individuals from a wide range of functions and levels of seniority. 

In this meeting ask your employees:

• How did you feel about [insert training or initiative]?
• What parts of the security program did you enjoy?
• Which parts did you find challenging?
• What are your biggest security concerns for 2024?

Along with these questions also ask to see their timeline and plans for 2024. The projects of other teams will determine the new threats they’ll encounter and in turn, affect the topics of your security program. 

3 – Set objectives for 2024

After these findings, define clear objectives for the upcoming year. What are the main goals of your security awareness program for 2024? What is the main message you want to communicate to your team? Consistently refer back to these targets when planning out your year to ensure that every training or step you do reflects your main purpose. 

Another great approach for communication and engagement is establishing themes for each month or quarter, aligning your efforts with the evolving threat landscape. Themes provide a roadmap for your team and help maintain focus throughout the year. Plan these now so you can later take the next steps to plan training and communications that match each chosen theme. 

4 – Lock down your budget & approvals

Getting executive buy-in is fundamental to the success of your program. Not only do executives greatly influence the motivation of employees, but they also decide your annual spending. 

Secure the necessary budget for next year by presenting a compelling case to your executives before the end of the year. Mention in the meeting the results of your 2023 program, the outlined objectives for 2024, and the feedback from your peers. Knowing your budget ahead of time will allow for easier planning and create fewer edits to your program in the future. 

Alongside your executive team, connect with any other teams, such as Marketing or HR, that will need to provide help to your program next year. By giving them a fair warning of your asks and communicating the importance of security awareness, they’ll be more likely to be ready to help when the time comes. 

5 – Create an outline for 2024

As mentioned many times in this blog, getting ahead is crucial to success. Once your assessments are complete, your objectives are set, and your budget is approved, begin planning a rough outline of the year. The end of the year is likely a busy time in your company, so there is no need to plan every piece of content, but instead create a big picture of what 2024 will bring.

Try putting together an annual calendar. Following your set themes and objectives, what will happen each month? What needs to happen before that to make sure things go smoothly? Having a well-defined plan in place will allow your team to hit the ground running when they return to the office in the new year.

Ready to create engaging training in 2024? Book a call with Click Armor before the end of the year. 

6 – Leave room for change

While planning is essential, flexibility is equally critical in the ever-evolving landscape of security awareness. Avoid locking everything in stone and anticipate the need for adjustments. 

During your 2024 planning, schedule regular reassessment periods—monthly or quarterly—to stay on top of emerging threats. Have a day in your calendar each month or quarter for evaluating the effectiveness of ongoing initiatives and any new threats. Leave time for creating unplanned training modules or removing failing initiatives. 

Also, consider only getting into the detailed plans of your first quarter for now. Needs will likely change before you hit the halfway point of the year and planning too far in advance will only cost you unnecessary time. 

7 – Say thank you

Gratitude goes a long way. Take the time to express your appreciation to everyone who participated and helped with your program throughout the year. Sending a quick Slack message to all employees saying thanks for their participation would be more appreciated than you’d think. If your budget allows it, consider giving a small gift or gift card to employees who are always on top of training or are enthusiastic about your program. 

If your team also has identified security champions, consider getting them all together one last time before the year ends. Let them know that you are grateful for their efforts and offer a thank-you gift if your budget allows. This will let them know that their efforts don’t go unnoticed and they will be more likely to support you again come 2024. 

Lastly, thank your security awareness team (including yourself). It’s been an exciting and busy year for security awareness managers, so make sure to take time to give gratitude for all the efforts of your team and yourself. Raise morale by holding a team get-together or giving small gifts. You all deserve it! 

As the year comes to a close, security awareness managers have a unique opportunity to lay the groundwork for a successful 2024. By reflecting on the past, engaging with the team, setting clear objectives, securing resources, planning, embracing flexibility, and expressing gratitude, you can ensure that your security awareness program remains strong and adaptive in the face of evolving threats. Here’s to a secure and successful 2024!

Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.