Ongoing awareness is critical. Most organizations benefit from monthly or quarterly phishing simulations combined with short training modules that reinforce secure behavior and build lasting awareness.