Cyber threats, commonly attributed to outside malfeasance, often originate from within – employees’ negligence or lack of awareness can open the door for cyber criminals. Establishing an effective employee cybersecurity training program can go a long way in combating that threat. The process can be distilled into three phases: (1) designing the relevant policies and planning the best training approach, considering the type of company and universe of employees; (2) ensuring the necessary topics are covered effectively during the actual training sessions; and (3) following up after the training, including certification and evaluating the efficacy of the training. This three-part series will cover each of those phases, respectively. In this second part, outside counsel, consultants, and in-house experts provide insight on ten important topics to cover during training, as well as strategies for engaging employees and getting the message across. Part one provided advice for developing the proper program based on the company’s industry and types of employees. See also “Strategies for Preventing and Handling Cybersecurity Threats From Employees” (Apr. 8, 2015).