What is security awareness training and how often should it be conducted?

Security awareness training educates employees about security threats, policies, and best practices to reduce human-caused security incidents. It should cover phishing recognition, password hygiene, social engineering tactics, physical security, data handling, mobile device security, incident reporting procedures, and the organization's specific security policies. Training should occur at onboarding for new employees, annually for all staff, and supplementally through ongoing campaigns like simulated phishing tests, security newsletters, and brief monthly modules.