Employee training
Security policies are only as effective as user awareness and compliance. Security awareness training should include:
Building security including authorization for visitors and ID badges.
Password policies, regarding complexity, regular changes, non-reuse and not sharing passwords.
Social engineering and phishing attacks, to help users recognize when a person, malicious web site or email tries to trick them into disclosing access or other information.
The consequences of a security breach, including consequences to users who may have supported the breach through action or inaction.
Effective security practices relating to mobile devices, such as laptops, smart phones and tablets.
Not leaving endpoints signed on, unlocked and unattended.