Human error accounts for most cyber breaches and incidents. In fact, 77 percent of successful social engineering attacks originate from a phishing email. Software and systems are coded to perform certain tasks and be aware of only those things they are programmed to notice. Humans, however, are curious, and trickable, as we see from the mounting success of social engineering attacks, such as phishing, pretexting, and baiting. In plainer terms, most breaches do not happen in isolation. They happen because someone made a choice. User decision-making is a threat to enterprise security. The question is, how do organizations inform or control what choice an employee will make in a social engineering situation? The answer might not surprise you. It’s education and reinforcement. Through education, humans gain mindfulness of their actions, which leads to healthy habits and safer decisions. When this education is reinforced, particularly from the management level, it’s even more effective.