ALIGNED WITH NIST SP 800-50 · SP 800-53 · CSF · UPDATED FOR 2026

The 2026 NIST Security Awareness Calendar

Your entire year of security training, planned. 12 months. 12 real-world attack stories. Actionable tips your team will actually remember.

Used by 5,000+ companies and 100+ MSP partners

January

NIST PR.AC-1, IA-2

“The Keys to the Kingdom”

Password Hygiene & MFA

War Story

The Keys to the Kingdom

In September 2023, the MGM Resorts empire was paralyzed: slot machines went dark, hotel keys failed, and systems were encrypted. The hackers didn’t crack a code; they used LinkedIn to find an employee’s details. They called the IT Help Desk, impersonated the employee, and convinced a technician to reset the employee’s MFA to a device the hackers controlled..

See more →

Actionable Tip

Your password is the first line of defense; if it is weak, the door is already unlocked..

See more →

Deploy with Symbol

Identity and Access Management Principles

Video

MFA Setup Guide

Guide

Password Manager Rollout

Tool

Access control acts as the digital security guard of the company, ensuring only authorized individuals have the 'keys' to specific resources. Security is only as strong as these keys—our passwords and Multi-Factor Authentication (MFA) tokens.

February

“Recognizing & Defeating Email Threats”

Phishing Awareness

War Story

The CEO Fraud That Cost Millions

In 2016, a major tech company lost $47 million to a sophisticated Business Email Compromise (BEC) attack. Attackers impersonated the company’s CEO and sent urgent emails to the finance department requesting wire transfers for a supposed acquisition. The emails were so convincing—matching the CEO’s writing style and sent during his known business trip—that three separate transfers were approved before anyone verified the requests directly..

See more →

Actionable Tip

Verify Sender Identity: Check email addresses carefully. Attackers use spoofed addresses that look similar to legitimate ones. Look for subtle misspellings, extra characters, or different domains..

See more →

Deploy with Symbol

Phishing Recognition Training

Video

Email Security Policy Template

Template

Phish Alert Button Deployment

Tool

February focuses on Phishing Awareness—teaching employees to recognize and defeat email-based cyber attacks that account for over 90% of data breaches.

March

“Securing Sensitive Information”

Data Protection

War Story

The Misplaced Hard Drive

A healthcare provider discovered that an unencrypted external hard drive containing 650,000 patient records was missing from a locked storage room. The device had been used for backup purposes and contained names, Social Security numbers, medical diagnoses, and insurance information. Despite extensive searches, the drive was never recovered, resulting in a $3 million HIPAA settlement and mandatory corrective action plans..

See more →

Actionable Tip

Classify Your Data: Identify what data is public, internal, confidential, or restricted. Not all data requires the same level of protection..

See more →

Deploy with Symbol

Data Classification Framework

Guide

PII Handling Training

Video

Encryption Best Practices

Guide

March focuses on Data Protection—understanding how to classify, handle, and secure sensitive information across your organization.

April

Coming Soon

“Protecting Every Device”

Endpoint Security

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

April focuses on Endpoint Security—securing laptops, mobile devices, and other endpoints that connect to your corporate network.

May

Coming Soon

“Building Secure Network Architecture”

Network Security

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

May focuses on Network Security—designing and maintaining secure network architectures that protect data in transit and limit attack spread.

June

Coming Soon

“Building Secure Software”

Application Security

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

June focuses on Application Security—integrating security into the software development lifecycle and protecting applications from common vulnerabilities.

You're halfway through. Want the complete calendar as a printable PDF?

Get the Full Calendar + Monthly Training Kits

We'll send you a printable PDF calendar and monthly training tips you can forward to your entire team.

Printable 12-month wall calendar (PDF)
Monthly war story + tip summaries
NIST control references per month
Admin checklist for each topic

Join 5,000+ companies. One email with your calendar. Unsubscribe anytime.

July

Coming Soon

“Preparing for the Inevitable”

Incident Response

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

July focuses on Incident Response—preparing your organization to detect, respond to, and recover from security incidents effectively.

August

Coming Soon

“Building a Human Firewall”

Security Culture

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

August focuses on Security Awareness Training—building a security-conscious culture where employees are your strongest defense against cyber threats.

September

Coming Soon

“Securing Your Extended Ecosystem”

Third-Party Risk

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

September focuses on Third-Party Risk Management—evaluating and mitigating security risks introduced by vendors, suppliers, and business partners.

October

Coming Soon

“Protecting the Physical World”

Physical Security

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

October focuses on Physical Security—protecting facilities, preventing tailgating, and defending against in-person social engineering attacks.

November

Coming Soon

“Securing the Cloud Environment”

Cloud Security

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

November focuses on Cloud Security—properly configuring cloud services, managing access, and preventing data exposure in cloud environments.

December

Coming Soon

“Meeting Regulatory Requirements”

Compliance & Governance

War Story

Actionable Tip

Deploy with Symbol

Coming Soon

Locked

Coming Soon

Locked

Coming Soon

Locked

December focuses on Compliance and Governance—understanding regulatory requirements, maintaining documentation, and preparing for audits.

Implement the Full Calendar

Deploy this year-long security awareness program with Symbol Security's automated training platform. Schedule simulations, track progress, and measure security culture improvement.

Get Started