FEATURED WEBINAR
8 Tips for a Successful Cyber Awareness Month: Campaign Crowd-Pleasers
July 23, 2025
Multiple sessions
Let Maxime Cartier help guide your Cybersecurity Awareness Month campaigns with ideas that really work
.avif)
Eliot Baker
Director of Content Marketing at Hoxhunt
Maxime Cartier
Head of Human Risk at Hoxhunt
Watch the video
Whether you're part of a security awareness team or flying solo, this webinar is your guide to a successful and engaging Cyber Awareness Month campaign. Join Maxime Cartier, Head of Human Risk at Hoxhunt, and Eliot Baker, Director of Content Marketing, as they share real-world-tested strategies, tools, and creative ideas that have won engagement and influenced behaviors across industries—from unicorn pugs to QR code pranks and phishing tournaments.
You’ll learn how to design a campaign that not only grabs attention but also makes a measurable impact on your organization's security culture.
🔥 What You’ll Learn:
- How to define goals that actually reduce risk
(Hint: Don’t start with posters. Start with behaviors.) - Why attitude > awareness > behavior
Learn the three pillars of security culture and how campaigns affect each. - 8 crowd-pleasing campaign ideas
Including escape rooms, “fish a friend,” QR code traps, storytelling, and tournaments. - Why less is more
Maxime reveals when you should not run a month-long campaign (and what to do instead). - How to brand your campaign like a pro
Tips on partnering with comms, using omnichannel branding, and breaking the “hall monitor” stereotype. - Launching new tools during CAM
How to make Cyber Awareness Month a launchpad for lasting change. - How to measure what matters
Turn your campaign into proof of impact with real metrics (like how Maxime reduced shadow IT risk by 75%).
✅ Bonus for Hoxhunt Customers:
- Exclusive “Phish-a-Friend” campaign tools
- New achievements and swag ideas
- A complete toolkit with ready-made templates, videos, posters, comms, and more
🧠 Who Should Watch:
- Cybersecurity awareness leaders
- Security team members planning October campaigns
- HR and internal comms professionals
- Anyone who wants to create a more secure, more human organization
Cyber Awareness Month gives a year-long cultural afterglow
Here's a great clip from about 29 minutes in:
"And when we checked the (shadow IT awareness campaign) numbers again a few weeks later, 48 people out of the 50 shadow IT users, 48 people had completely stopped using Dropbox. And this meant that I could then communicate to management and say to the person who came to me first, but also to my management, 'Hey, in a few weeks we reduced the risk by 70% or 75%, and again, that's great because if you do a great cybersecurity response campaign that is fun, engaging and people react positively about it, you're going to get great feedback, right? But if you share that I've reduced this specific risk by 75%, you're gonna get even better feedback, and this is gonna help you for all your other activities during the year." -- Maxime Cartier, Head of Human Risk
"So if you want to have a cybersecurity response that is impactful, not only in terms of engagement, but something that you can also share to your top management and show that it had an impact on the culture of the company, getting measurable outcomes speaks the loudest.
So for example, before joining Hoxhunt while I was at H&M, one day a colleague came to me and he said, 'We've got a problem with Shadow IT. People are using Dropbox. It's not good. We don't use Dropbox in the company. Can you run an awareness campaign about it?'
I was like, 'Sure.' Even though I didn't think that it was an issue. At least we hadn't seen it in our risk analysis initially.
But, you know, this was someone I couldn't really say no to. So I said, 'I'm gonna look at it, and we're gonna do something about it.' But when my team looked at the the data in the CASB, the cloud access security broker, we realized that out of all of the global workforce of the company, in tens of thousands of people, there were just 50 people that were responsible for 80% of the Shadow IT Dropbox traffic. 50 people.
So 0.01% or whatever it is, were responsible for 80% of the traffic to this shadow IT solution. I could have done during cybersecurity awareness month a poster about, 'Oh, don't use Dropbox! Use OneDrive. It is fantastic, and you don't need to use Dropbox. And here are all the risks about Dropbox.' But it's not very helpful to try to reach everyone when there's only 50 people who are the main offenders.
So instead of doing this, we just reached out directly to these 50 people and in a way that was quite, at least I hope, with a lot of empathy, trying to understand where they came from, right? 'Hey, we noticed this. How come you're doing it this way? What's your use case? Can you tell us more about it?' And then in a call, in a teams conversation, you know, we just guided them towards the approved solution.
And when we checked the numbers again, a few weeks later 48 people out of the 50 had completely stopped using Dropbox. And this meant that I could then communicate to management and say to them as well as the person who came to me first, 'Hey, in a few weeks we reduced the risk of shadow IT by 70% or 75%. And again, that's great because if you do a great cybersecurity response campaign that is fun, engaging and people react positively about it, you're going to get great feedback, right? But if you share that I've reduced this specific risk by 75%, you're gonna get even better feedback, and this is gonna help you for all your other activities during the year." -- Maxime Cartier
Speakers
Eliot Baker
Director of Content Marketing at Hoxhunt
Maxime Cartier
Head of Human Risk at Hoxhunt
Subscribe to All Things Human Risk
Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and the ever-changing landscape of phishing threats.
FEATURED WEBINAR
8 Tips for a Successful Cyber Awareness Month: Campaign Crowd-Pleasers
Let Maxime Cartier help guide your Cybersecurity Awareness Month campaigns with ideas that really work
Whether you're part of a security awareness team or flying solo, this webinar is your guide to a successful and engaging Cyber Awareness Month campaign. Join Maxime Cartier, Head of Human Risk at Hoxhunt, and Eliot Baker, Director of Content Marketing, as they share real-world-tested strategies, tools, and creative ideas that have won engagement and influenced behaviors across industries—from unicorn pugs to QR code pranks and phishing tournaments.
You’ll learn how to design a campaign that not only grabs attention but also makes a measurable impact on your organization's security culture.
🔥 What You’ll Learn:
- How to define goals that actually reduce risk
(Hint: Don’t start with posters. Start with behaviors.) - Why attitude > awareness > behavior
Learn the three pillars of security culture and how campaigns affect each. - 8 crowd-pleasing campaign ideas
Including escape rooms, “fish a friend,” QR code traps, storytelling, and tournaments. - Why less is more
Maxime reveals when you should not run a month-long campaign (and what to do instead). - How to brand your campaign like a pro
Tips on partnering with comms, using omnichannel branding, and breaking the “hall monitor” stereotype. - Launching new tools during CAM
How to make Cyber Awareness Month a launchpad for lasting change. - How to measure what matters
Turn your campaign into proof of impact with real metrics (like how Maxime reduced shadow IT risk by 75%).
✅ Bonus for Hoxhunt Customers:
- Exclusive “Phish-a-Friend” campaign tools
- New achievements and swag ideas
- A complete toolkit with ready-made templates, videos, posters, comms, and more
🧠 Who Should Watch:
- Cybersecurity awareness leaders
- Security team members planning October campaigns
- HR and internal comms professionals
- Anyone who wants to create a more secure, more human organization
Cyber Awareness Month gives a year-long cultural afterglow
Here's a great clip from about 29 minutes in:
"And when we checked the (shadow IT awareness campaign) numbers again a few weeks later, 48 people out of the 50 shadow IT users, 48 people had completely stopped using Dropbox. And this meant that I could then communicate to management and say to the person who came to me first, but also to my management, 'Hey, in a few weeks we reduced the risk by 70% or 75%, and again, that's great because if you do a great cybersecurity response campaign that is fun, engaging and people react positively about it, you're going to get great feedback, right? But if you share that I've reduced this specific risk by 75%, you're gonna get even better feedback, and this is gonna help you for all your other activities during the year." -- Maxime Cartier, Head of Human Risk
"So if you want to have a cybersecurity response that is impactful, not only in terms of engagement, but something that you can also share to your top management and show that it had an impact on the culture of the company, getting measurable outcomes speaks the loudest.
So for example, before joining Hoxhunt while I was at H&M, one day a colleague came to me and he said, 'We've got a problem with Shadow IT. People are using Dropbox. It's not good. We don't use Dropbox in the company. Can you run an awareness campaign about it?'
I was like, 'Sure.' Even though I didn't think that it was an issue. At least we hadn't seen it in our risk analysis initially.
But, you know, this was someone I couldn't really say no to. So I said, 'I'm gonna look at it, and we're gonna do something about it.' But when my team looked at the the data in the CASB, the cloud access security broker, we realized that out of all of the global workforce of the company, in tens of thousands of people, there were just 50 people that were responsible for 80% of the Shadow IT Dropbox traffic. 50 people.
So 0.01% or whatever it is, were responsible for 80% of the traffic to this shadow IT solution. I could have done during cybersecurity awareness month a poster about, 'Oh, don't use Dropbox! Use OneDrive. It is fantastic, and you don't need to use Dropbox. And here are all the risks about Dropbox.' But it's not very helpful to try to reach everyone when there's only 50 people who are the main offenders.
So instead of doing this, we just reached out directly to these 50 people and in a way that was quite, at least I hope, with a lot of empathy, trying to understand where they came from, right? 'Hey, we noticed this. How come you're doing it this way? What's your use case? Can you tell us more about it?' And then in a call, in a teams conversation, you know, we just guided them towards the approved solution.
And when we checked the numbers again, a few weeks later 48 people out of the 50 had completely stopped using Dropbox. And this meant that I could then communicate to management and say to them as well as the person who came to me first, 'Hey, in a few weeks we reduced the risk of shadow IT by 70% or 75%. And again, that's great because if you do a great cybersecurity response campaign that is fun, engaging and people react positively about it, you're going to get great feedback, right? But if you share that I've reduced this specific risk by 75%, you're gonna get even better feedback, and this is gonna help you for all your other activities during the year." -- Maxime Cartier
Speakers
Eliot Baker
Director of Content Marketing at Hoxhunt
Maxime Cartier
Head of Human Risk at Hoxhunt
