It only takes a single lapse to put your organisation's data and information resources at risk. Therefore, ideally, staff would develop their awareness of Information Security risks so that it almost becomes second nature.

• Sensitive data may be acquired unlawfully, damaged, or modified because staff have become complacent.

• Ensure that staff keep Information Security issues at the forefront of their mind.
• Ensure that staff undertake an appropriate 'change of function' Information Security training prior to commencing new duties.
• Ensure that it is mandatory for staff to sign for the receipt of Information Security education.

• Sensitive data may be compromised by staff assuming new duties without specific Information Security training.

• Ensure that staff undertake Information Security 'top up' training prior to commencing new duties.
• Target Information Security awareness training products and programmes to ensure that staff keep Information Security issues in mind.
• All personnel and contractors who will have access to sensitive company systems, information, or assets must be briefed specifically in Information Security.