People may pose more cybersecurity risk than software vulnerabilities, as evidenced by the large number of attacks that attempt to exploit the human factor, such as phishing attacks. Training is a crucial preventative measure, but can be challenging to implement effectively. This first part in our three-part training series discusses the importance of training as a cybersecurity defense, guidelines for establishing a training program and who should be trained. Part two will cover training the board, program components and how and when to implement training. Part three will address assessing results and how to conduct ongoing training. See also “Designing, Implementing and Assessing an Effective Employee Cybersecurity Training Program (Part One of Three)” (Feb. 17, 2016); Part Two (Mar. 2, 2016); and Part Three (Mar. 16, 2016).