Despite the recent outbreak of data breaches and theft, few organizations are heavily investing in IT security training. According to a recent study by Shred-It and Ipsos, 78 percent of small business owners in the United States. report they only conduct employee security training once per year, if that. What’s more, 28 percent of respondents said they have never trained their employees on how to comply with legal requirements or the company’s security protocols, and 22 percent said their training was conducted on an ad-hoc basis. “With employees returning to work in the fall, business leaders have a prime opportunity to engage their teams and raise awareness of information security risks. They can consider taking advantage of this time to launch a comprehensive training program that makes information security best practices a part of all employees' daily routine and responsibilities," says Andrew Lenardon, global director at Shred-it. "Successful programs focus on building organizational knowledge and capacity on the right way to manage, store, and destroy physical and digital data. Without good training repeated throughout the year, employees can unintentionally expose their organizations to serious risks including reputational damage, theft, fraud, and data loss."