While cyber threats are frequently attributed to outsiders, many breaches are caused, often inadvertently, by company employees. The effective training of employees to keep data secure and respond properly to breaches is a hallmark of any cybersecurity program. The development and implementation of a good training program can be broken down into three phases: (1) designing the training policies and planning the best training approach, considering the type of company and types of employees; (2) conducting the actual training sessions and ensuring the necessary topics are covered effectively; and (3) following up after the training, including certification and evaluating the efficacy of the training. This three-part series will cover each of those phases, respectively, with insight from outside counsel, consultants, and in-house experts. See also “Strategies for Preventing and Handling Cybersecurity Threats From Employees” (Apr. 8, 2015).