Properly trained employees can mean the difference between a significant information security breach and a near miss. How so? Employees who understand risk areas and know your security program will avoid behaviors that have, in real world breach situations, lead other organizations to experience costly security incidents. A few examples from actual breach events:
Saving significant amounts of information to unencrypted portable devices and then losing (or having stolen) those devices; Leaving paperwork in a car that is subsequently stolen; Inadvertently downloading malware that maliciously collects information from your system; Sending documentation including personal information to the wrong address; Downloading peer-to-peer file sharing software and mistakenly permitting others to view all files available on the computer, rather than only the select files they intended to share; and, Failing to conduct appropriate diligence on vendors who handle your information.
Please see full publication below for more information.