Security, Risk Management, and Disaster Recovery is one area where I am an expert ( worked for SunGard, years ago.). Since we are scientists, techologists, and overall rational people on this board I will post some insights into this, and hopefully you can apply this where you work and live. Technology has gotten to the point where bandwidth is cheap and there is instantaneous communication from the desktop to the portable phone across a global enterprise. The mantra is that 'we do because we can', and that is the largest threat to organizational security. You hear people say that an older network was more secure, and it was, because primitave technology in itself is was poor in features and thus did not present the opportunity for security breaches. We let marketing departments of product vendors convince us to compromise common sense for the sake of convince and gadetry. Networking hardware vendors want everyone in your organization downloading porn at blazing speeds. Back when network bandwidth was expensive ( both from the standpoint of hardware and connection bandwidth) decisions concerning email and the internet were taken seriously. The receptionist did not have internet access, and email was limited. Introducing wireless routers into your organization creates a massive security hole. As does handing everyone a smart phone with apps that tie back into your organization. Every time someone leaves the building with a laptop, that is a security risk. It has gotten to the point where decision makers find the exception, and convince themselves that it is a justification to introduce fundamentally flawed ideas into the organization's workflow and technology.