Employee training
Security policies are only as effective as user awareness and compliance. Security awareness training should cover the following areas:
Building security, including authorization for visitors and ID badges.
Password policies, including complexity requirements, regular changes, non-reuse, and not sharing passwords.
Social engineering and phishing attacks, to help users recognize when a person, malicious website, or email attempts to trick them into disclosing access or other information.
The consequences of a security breach, including consequences to users who may have contributed to the breach through action or inaction.
Effective security practices for mobile devices, such as laptops, smartphones, and tablets.
Not leaving endpoints signed in, unlocked, and unattended.