The most vulnerable assets of any organization are users, therefore it is important to check the level of awareness in all aspects. Perform phishing tests, sending malicious emails in order to obtain confidential information by deceiving the user and even downloading malicious software by clicking on a link.