Why not turn a routine, boring activity into a celebration?  It’s an excellent way to enlighten users about cyber awareness topics such as the need to update their passwords.  If you can’t get support to create an event specifically for it, tack on a little learning to another pre-planned event or host a “lunch and learn.”

Most of us have workplaces that repeatedly enforce password changes, and frankly, this is pretty annoying to users.  What users may not know is that the reason for this security control is risk mitigation.  If someone’s password has been compromised (say, through phishing attacks or other data breaches), the frequent change will prevent future access thanks to the new set of credentials.

Every data breach where passwords are stolen is potentially another source of intel for bad actors.  Being human, we’re prone to password reuse thanks to the sheer number of services we sign up for.  Stolen credentials from site A could mean a compromise of accounts on site B. “It’s all good,” you may be thinking.  Sites who have data breaches warn their users to update passwords.  Well, there’s usually a timing issue.  Sites may not discover they’ve been hacked for 146 days according to the 2016 Mandiant® M-Trends report.  That’s a long window for someone to use your credentials without your knowledge.

These facts alone show just how important password security is. When teaching users about this issue, do a training segment on how to create a strong password.  Have posters or a whiteboard full of bad passwords (those that made it onto a list of “worst passwords” for the year).  Make it fun, make it engaging.  Provide real help to those who need it.

You can even conduct a demonstration with howsecureismypassword.net or passfault.com, allowing people to input sample passwords to see how long it would take to crack them.  Just be sure to warn them not to input any real passwords!

Finally, send users back to their workspaces with a helpful handout or link to a resource reminding them of some strong password-creation strategies.

Use these ideas to provide educational activities and help to those who struggle with adhering to security policies.  This is about making learning fun.  Engaging activities are more likely to be memorable for users.  The promise of food and social time draws people out of their offices.  The help you provide during the event will create more security-engaged and aware users.