The vast majority of ransomware comes via phishing attacks and the training needs to cover the threat, identification of phishing emails, the hard lesson of what happens when you click on one of these emails. A simple phone call to IT can verify if the email is legitimate and we need instruct team members how to verify the source before continuing. It is not hard to do—just like looking both ways before crossing the street—but we need teach all users about safe computing practices.