Employee training on how to detect and mitigate cybersecurity threats is critical to the on-going health of the enterprise.
Comprehensive security training and awareness should be undertaken in the enterprise on a reoccurring basis and should include such items like: social engineering testing; simulated phishing attacks; etc. Training should focus on implementing enterprise-wide behavioural change on the part of the employee and should be performed on an on-going, proactive basis.