The American Bar Association’s recent cybersecurity webinar reminded us all that the largest source of cyber loss is still people. And for businesses, it is their employees who continue to click on suspicious links and respond to phishing and other scams.

If you think this does not apply to you or your business, think back to the recent Federal District Court ruling in which the court found the defendant intentionally negligent due to a failure to train its employees regarding a known scam that sought to dupe key personnel into releasing employees’ W-2s.

While annual training is certainly a step in the right direction, the fact is that the “bad guys” do not wait 365 days to launch their next scam. As such, for businesses across the board, continuous cybersecurity training is critical and warrants more than a “one and done” approach. Between formal training programs, interim tips and reminders are crucial in keeping personnel vigilant.

As with any initiative, corporate commitment to cyber-mindfulness must begin at the top and if the C-suite is not engaged, management and staff will follow suit.