Properly trained employees can mean the difference between a significant information security breach and a near miss. How so? Employees who understand risk areas and know your security program will avoid behaviors that have, in real world breach situations, lead other organizations to experience costly security incidents. A few examples from actual breach events: 

• Saving significant amounts of information to unencrypted portable devices and then losing (or having stolen) those devices 
• Leaving paperwork in a car that is subsequently stolen 
• Inadvertently downloading malware that maliciously collects information from your system 
• Sending documentation including personal information to the wrong address 
• Downloading peer-to-peer file sharing software and mistakenly permitting others to view all files available on the computer, rather than only the select files they intended to share 
• Failing to conduct appropriate diligence on vendors who handle your information

These events, and others like them, have contributed to millions of reported security breaches in recent years. When organizations experience an incident like this, they often are obligated to notify individuals affected by the breach, whether those individuals are customers, employees, job applicants or business prospects. With 46 states, the District of Columbia, Puerto Rico, the Virgin Islands and several international jurisdictions now requiring such notifications, avoiding an event is the best way to protect your organization from having to give this type of notice. One way to mitigate the risk of a breach is to implement a comprehensive information security program that includes employee training and awareness. (That same type of program is now required of any organization handling personal information about Massachusetts residents, and has frequently been required by regulators enforcing against organizations that experience a breach.) The full article linked here discusses some of the employee behaviors you should consider in developing a training program.