Fast Company: How to avoid being the next ransomware headline

Most ransomware attacks start by exploiting human mistakes. They may start with a social engineering attack or a spear-phishing email that somebody clicks. Human error remains the Achilles heel for many companies. Consider that 85% of data breaches involve employee actions, yet some 55% of companies don’t offer mandatory security awareness training. And the organizations that do provide employee training tend to do so sparingly.

A recent Mimecast study found that just 6% of companies offer monthly security training sessions while only 4% do so on a quarterly basis. This is an area that’s fixable but one that requires company-wide buy-in (starting in the executive suite).