Today, employees are the low hanging fruit for cybercrime. Organizations counter this with what is called 'Security Awareness Training' (SAT), but modern SAT is far removed from how it was done a few years ago. It used to be enough to have all employees together, provide donuts and coffee, and expose them to 'death by Powerpoint' for 20 minutes. Those days are over.
Now, to keep your networks secure, you need regular simulated phishing attacks that arrive in their inbox, just like real phishing attacks by the bad guys. What you really manage is behavior change of your employees. They are exposed to either sophisticated attacks from either Eastern European Cyber Mafias that are after your operating account, or Advanced Persistent Threat (APT) campaigns (usually) coming from China that are after your organizations' intellectual property.
Employees need to understand why they simply cannot click on a link in an email about Angelina Jolie anymore. That is why KnowBe4 has dozens of templates that you can schedule to arrive in your employees inbox. We recommend at least a few a month or one a week. That is the only thing that keeps employees on their toes and creates a real change in their security behavior. Here is a 90-second video that explains the how and why.