This was written for the Australian market but applies everywhere. Targeted training, regularly repeated, is much more effective than a ‘security awareness month’…:
[…] When it comes to cyber security awareness, what we know works best over the long term is frequent and consistent reinforcement, across a variety of settings. It’s the reason people no longer leave their log-in details on a sticky note, taped to their computer monitor. And why they don’t blithely plug a stray flash drive into the corporate network, or race to respond when a Nigerian prince emails them with an offer that’s too good to be true.
Delivering micro-lessons in the moment, and providing employees with the opportunity to learn from their mistakes in a safe setting, ensures cyber security knowledge is absorbed and retained, in a way ‘classroom’ teachings just can’t.