Humans are information-sharing animals - someone comes to you for help and you try to oblige. And, most of the time you are not really paying attention, which is what salesmen and con artists rely on. The most obvious example of this is charity collections. A recent field test showed collections for a bogus charity called "lags anonymous" succeeded in collecting money on the street in spite of stating clearly that its aim was to fund the escape of criminals.
Most business IT users have no idea that they are responsible for critical business assets (data), and have no understanding of the systems they use or the associated hazards.
An associate recently commented that Unix must be more robust than Windows because in 30 years he had seen fewer viruses damaging Unix systems. This ignored the fact that, until about five years ago you could not really use Unix unless you were fairly technical, whereas the whole drive of Windows development has been to make it easier for ordinary people to use.
The greatest contributor to the apparent insecurity of Windows is the ignorance of users. So, train your users in the basics of responsible, security-conscious computing, and get them to be street-wise about parting with information. Or suffer the consequences.
Mike Barwise is a consultant at www.computersecurityawareness.com/
This was first published in September 2002