Infosecurity Magazine Explains:

Human error and lack of internal security awareness are the biggest sources for data breaches and risk to organizations. Yet 78% of SMBs conduct security training just once a year (or less).

According to Shred-it’s 2016 Security Tracker survey (conducted by Ipsos), US companies are failing to prioritize employee training to mitigate fraud and breaches. It’s not just a small business problem either: Half (51%) C-suite respondents report they only conduct employee training for information security practices once a year or less as well.

More than a quarter (28%) report they have never trained employees on legal compliance requirements or company information security procedures. And 22% only conduct training on an ad-hoc basis.

Given that experts suggest employees can forget 90% of training information within a week, training once a year is a wildly insufficient practice for effective security awareness.

Read more at Infosecurity Magazine.