Security awareness and training policy
This policy is designed to help your IT staff guide employees toward understanding and adhering to best security practices that are relevant to their job responsibilities.
From the policy:
A security policy is only as valuable as the knowledge and efforts of those who adhere to it, whether IT staff or regular users. Understanding the importance of computer and network security, and building accountability for these concepts, is critical to achieving organizational goals.
With this in mind, establishing principles for security awareness and conducting subjective security training are integral endeavors for any business, regardless of size. Security awareness ensures that users are familiar with potential threat mechanisms, while training teaches them the strategies they must employ to prevent or respond to these threats.
Appropriate security/IT staff should be identified and tasked with developing, maintaining and updating security programs for users. Management must enforce the required behaviors mandated by these programs.