The increasing informatization of enterprises and the volume of information exchange in computer' networks spurred competition among organizations. This scenario promoted change in the information security threats, where social engineering and phishing became an increasingly promising method for attacks and information theft. This paper presents a study in companies of Grande Recife, state of Pernambuco, Brazil, with the objective of measuring the efficiency achieved through the continuous process of awareness building and training of employees of private organizations from areas external to IT about information security incident prevention and data security. The paper presents a strategy that does not rely on expensive tools acquisition costs by means of which the users, often considered the weak link in the security chain, can be transformed into another efficient layer of corporate protection.

segurança da informação; engenharia social; phishing; análise comportamental