It is a task for management to ensure that information security training is carried out in the respective units on a regular basis. Here you can find campaign material from AU's The Information Security Unit about phishing. The material can be used to help to establish a dialogue about information security in your unit.
