For example, there are plans to improve tracking, and make the process easier to manage. Currently, the tracking process is manual, so the goal is to have it completely automated. There are also plans to increase the program to include mobile devices directly, as many of the providers within the organization rely on tablets in their day-to-day routine.
Awareness is only part of the battle:
Security awareness programs are only one piece of a larger security puzzle. By the time a Phishing email reaches a user, parts of the security chain have failed (anti-Spam) and the weakest-link in the chain now has an active role in defense.
If the users are trained, or to use a stronger term, conditioned to spot random abnormalities, there is a greater chance that a passive Phishing attack will fail. But no one is perfect, and targeted Phishing attacks will succeed eventually.
This is why users should be encouraged to report not only the attempt, but any failures as well – without the fear of punishment. This engagement will help lower the time it takes to address the incident, and in some cases, it could actually prevent an incident from exploding into a monumental disaster.
Users are often snickered at for trading their passwords for candy during social engineering experiments. However, this willingness to do a task that takes little effort in exchange for something of value works both ways.
The user who will trade access for sugar is also someone that can be trained to spot attacks for gift cards, and financially, that's affordable when compared to the cost of mitigating a data breach.