It is vastly important for all businesses to understand that technical controls, alone, are not enough to secure your digital environment. The primary sector hackers focus on when trying to gain access or steal data from your network is through public facing devices or websites. The next largest sector attacked are people through social engineering and phishing emails. The third biggest threat, and for some corporations the biggest threat, is from employees or insider threats. Insider threats could be employees intentionally seeking to release confidential information or could be accidental. Most of the time data loss is due an accident, a bad system configuration due to the lack of knowledge, sending files unencrypted, connecting remotely without a VPN connection, and so much more. Educating your users is critical to successful operation and management (O&M) of your network, let alone security. A trained user can find vulnerabilities before they become an issue or are exploited. User training is the best option to defend against phishing attacks and preventing the growing threat of ransomware/ransomworm. Furthermore, once your administrative controls are in place, all users will need training on the policies so they are aware and fully understand what your business is trying to accomplish.