Less than 1 percent of information security budgets are invested in people, yet 99% of attacks leverage human error to succeed. This means security awareness is more important than ever, but due to the immaturity of this niche, many programs are ineffective. This whitepaper discusses common pitfalls and concisely outlines a 7-step approach to a successful security awareness program.