Security is one of the most important things to consider when installing and running a computer system (or indeed any business function), yet due to a mixture of fear and ignorance, most people choose to completely ignore the subject. If you are wondering why you should bother, then consider what could happen to your business if confidential customer data found its way to one of your competitors, or to your reputation if you became involved in a high-profile court-case.

Threats come from both obvious and unexpected sources, but the consequence of a security breach is almost always the same: A loss of data, computer service, or both, and worse still, damage to the reputation of the business or individual.

You may be thinking: "Why should I bother? After-all nobody wants my data". Consider commercial airlines. Every time they fly, they do the same preflight checks and safety briefing, even though accidents and problems are extremely rare, and the actual risk is also statistically; very low.

Conversely, if you compare air travel to road travel. We all (at some time) drive: too-fast, after alcohol, and without seatbelts. Even though the actual risk is much higher!

Unfortunately there is an inbuilt human trait known as "perceived risk". Humans find an element of risk to be exciting, and therefore, often completely subconsciously, behave recklessly for a "buzz". This is equally true in the computer world, though not as obvious. Developers and programmers routinely work without backups, and employees surf pornographic sites etc. even though they know they risk disciplinary action, or even dismissal.

The other unfortunate part about perceived risk is that it is just that!, perceived, and it doesn't necessarily have any relation to the actual level of risk. Humans tend to decide individually upon a comfortable/desired level of perceived risk, and adjust their actions to facilitate this. A good example is the introduction of the seatbelt laws. Instead of just accepting the new safety regulations, some drivers either chose to drive faster to compensate, or to see if they could get away with not wearing them at all. This kind of behaviour has also been witnessed following the introduction of other safety devices such as ABS breaking.

Understanding this mentality is important for security administrators because, without education, users will assume that all the safety precautions have been taken for them, and they don't have to worry anymore. For instance if you install a virus scanner some users will stop worrying about what they are downloading or viewing.