Consider adding banners to the top of your company’s intranet pages. You see this done by advertisers all the time on the internet. You can use the same tactic internally to build your security brand and message.
Systems such as Microsoft Word and Unix offer administrators the opportunity to set up messages upon system login. Messages can be customized to remind users of their security duties, share security tips of the month or transfer any message that would reinforce security policy or procedures.
You need to vary them and keep them brief. If they are complex or they become a mechanical exercise, then they will lose awareness impact (and, as it happens, legal defensibility in some jurisdictions).
Most companies restrict user access to a variety of websites or categories of websites, including social media sites, search sites (Google and Yahoo), or sites that have content that may be considered risky. Don’t just use the default “blocked site” page from your web proxy vendor.
Instead, create custom messages on pages for blocked websites to inform users why they have been blocked. This is also a good chance to offer additional (quick) content for them to read or view, as well as contact information regarding who to contact with further access questions or concerns.