Cyber security awareness for your staff

Help your staff stay aware of the cyber security risks your business faces, and how they can play a part in keeping your business information secure.

It’s important that your staff understand the kind of security risks your business faces online. If you’re working to improve your business’s online security, consider running an awareness campaign for your staff. It’ll let them know:

  • why cyber security is important
  • what you’re doing to keep the business secure online
  • what this means for them and what you need them to do.

Many types of cyber attack rely on people clicking on links or downloading something that gives the attacker access into a network or system. Attackers often target businesses through their staff — using phishing campaigns, for example. Training your staff to understand the kind of security risks your business faces will make them more likely to spot attacks and report them ahead of time.

Running a campaign

If you’re making changes to your business's security policies, keep your staff updated about what you’re doing. They’re your front line of defence against an attack, so they need to understand how any changes in policy or processes will affect them, or change how they do their job.

One way to do this is by running an awareness campaign. You could hold events or run activities to educate staff about your business’s security policies. For example, if you introduce a new bring-your-own-device policy, you could run a quiz for staff to make sure they understand the rules for using their phone at work.


The topics you cover in a campaign could be anything from how to create and manage account passwords, to how to identify a scam or phishing email (and what to do with it). Some other topics to consider include:

  • social engineering
  • safe online browsing
  • social networking
  • data protection
  • data destruction
  • managing mobile devices
  • what to do if your business experiences a cyber security incident.


There are all sorts of activities you can run as part of a campaign. You could:

  • get a cyber security specialist in to give a presentation to staff
  • put articles about cyber security on your intranet
  • run quizzes
  • add screensavers to staff computers
  • get some t-shirts printed to use as competition prizes
  • hand out desktop or table cards with cyber security tips on them
  • highlight cyber security on your internal social media channels.

These are all activities that we’ve seen work well — but you may have other ideas for activities better suited to your staff.

Regardless of what you decide, keeping your staff involved while you work through your security processes will benefit you both. Sharing information about cyber security won’t just help them understand how to keep the business information secure. It’ll help them protect their personal information online too, so it’s a win-win for everyone.

Create a cyber security policy for your business

CERT NZ’s awareness campaigns

We run a national awareness campaign every year, called Cyber Smart week. The theme for the campaign changes each time, but it’s always focused on good practices to help individuals become smarter about cyber security.

We create resources for each Cyber Smart campaign that businesses can download and use in their own campaigns, like:

  • images for use in social media
  • articles for newsletters or messages to staff
  • posters.

We also run smaller campaigns on targeted topics, based on the trends we see in our data and reporting. For example, one of our previous campaigns looked at how small business websites can be kept secure. Another campaign focused on the importance of creating strong passwords for online accounts. It targeted the over 65 age group — a group who have reported a high number of financial loss to us.

All our campaigns and the resources we produce are perfect for educating and raising awareness about cyber security. Subscribe to the Cyber Smart newsletter below to get notifications about upcoming campaigns.

Get our campaign resources

We create and share resources like videos, posters, factsheets and articles for each campaign. They cover things like:

  • our top tips for staying secure online
  • how to create a strong password
  • why you should use a password manager
  • how two-factor authentication (2FA) works
  • staying safe on social media.

They’re useful tools to have if you’re running your own awareness campaign. You can download them, and use them to support your events and activities. Pick and choose which of the resources are the best fit for your organisation — our previous resources are at the bottom of this page.


We’d love to see how your organisation uses the resources in your campaigns. Feel free to send us some feedback or share photos with us at


Subscribe to CERT NZ updates

Sign up to get an email update when we publish:

  • advisories on current threats to be aware of
  • cyber smart campaign updates
  • our quarterly e-news update.