Lessons learned from puppies apply equally to privacy and cyber security training for people. Experts agree: it is impossible to spend enough money to safeguard a computer system from the human element. Policies, procedures, and consistent training are required.
Training once or even once a year is not enough. Since the threats are constantly changing, training must be ongoing. [A month ago, who had heard of Wanna Cry?] Someone in each organization must monitor threats and, as they emerge, share information with the group. Since executives and new hires are likely the most vulnerable to certain types of attacks, everyone should participate in this ongoing training.
Social media and company websites provide a wealth of information from which an attacker can construct a credible phishing e-mail. It happens every day, and each member of the organization should be made aware.
Organizations should periodically test compliance with policies and procedures. Try to view the inevitable lapses as training opportunities; punishment only discourages reporting of problems.
If you would like to speak to Debbie Fulton about this or any other matter, she may be reached at (865) 546-9321.