The more trained up you and your colleagues are on security, the better. It's impossible to have good security practices at your company if employees and users haven't received good trainings and resources. This will boost a healthy company culture and overall attitude toward security. A working environment that encourages people to speak up when they feel something isn't right is critical, it encourages them to do the right thing. To help create this context, it's important for employees to have a way that they can ask questions when they come up. This could be a mailing list where users can ask questions about security concerns or to report things they suspect are security risks. Having the designated communication channel where people can feel comfortable asking questions and getting clear answers back is super important. Helping others keep security in mind will help decrease the security burdens you'll have as an I.T. Support Specialist. It will also make the overall security of the organization better. Creating a culture that makes security a priority isn't easy. You have to reinforce and reward behaviors that boost the security of your organization. Think of the small things we do every day when we use our computers. Just entering your password to login or locking your screen when you walk away from your computer is helpful. Hopefully, you're careful about entering your password on websites and check the address of the site you're authenticating against. If you aren't, try it out to avoid entering your password into a fake website. When you're working on your laptop in a public space, like a library or coffee shop, do you lock your screen when you leave to use the restroom or get another caffeine fix? If not, you absolutely should be. Hopefully, you weren't leaving your computer unattended in public, in the first place. That's a really bad idea. These are the types of small things that security training should address. You also need to justify why these are good behaviors to adopt. In some cases, the company culture can turn screen locking into a sort of game. When colleagues forget to lock their screen, other team members can play harmless pranks on them. The last time I forget to lock my computer, my colleague change the default language to Turkish. It reminded me to always lock my screen, because anyone with access to the machine can impersonate you and get access to any resources you're logged into. But building a culture that embraces security principles isn't always enough. There are some things that all employees should know. This is when an occasional, mandatory, or security training course can help. This could be a short video or informational presentation followed by a quiz to see if your employees understood the key concepts covered in the training. The quiz can also increase the chances of information being retained. Making employees retake the training every once a year or so, ensures that everyone's up-to-date on their training. You can also cover new concepts or updated policies when needed. This type of training should cover the most common attack types and how to avoid falling victim to them. This includes things like phishing emails and best practices around password use. These trainings often include scenarios that can help test the user's understanding of a particular topic. Training courses like these are the last in the line of defenses that you and your company need to have in place to make sure that you're as safe as possible, for as long as possible.