Your company has experienced a security breach due to an employee falling victim to a social engineering attack. Following this incident, you are tasked with improving the staff's ability to recognize and appropriately respond to such threats in the future. Which of the following actions is MOST effective in addressing this issue?
Mandate all employees to use complex passwords, changing them every 30 days.
Revise the company's Acceptable Use Policy (AUP) to include new regulations on information security.
Conduct regular security awareness training sessions that include information on identifying and responding to social engineering attacks.
Implement multi-factor authentication for accessing company systems.