For these reasons, it is absolutely crucial that a company provide training to its employees to detect and avoid spear phishing attacks, and more broadly, avoid common lapses in judgment or awareness that can expose a company to a cyber-incident. For example, companies can easily offer training that improves password protection, helps avoid workplace theft, and better protects employee-owned devices without password protection such as smartphones, laptops, and tablets. Though no one particular training regimen can provide guaranteed protection from a cyber-attack, statistics support their inclusion as a critical part of a company’s overall security posture.
via Guest Post: Is Employee Awareness and Training the Holy Grail of Cybersecurity? | The D&O Diary