Give me a patch and you protect me for a day - Teach me security ....
The Security Awareness Blogspot provides an excellent resource that can help teach users best practices and the principles of safe computing.
To me, security awareness training is just as important as automated protection safeguards in an organization's security program. As an example, how will users react to a new virus attack where the AV vendors don't have signatures out, yet they have infected email attachments to process in their in-boxes?
If you make security awareness informative, fun, and provide value to the user that helps protect them at home, they will adopt best practices in the workplace. The Intranet is a great resource for publishing security policies, best practices, and educating users in security awareness. I've seen night and day differences at our company as users have learned to question suspicious email and follow best practices.
To borrow from CARE's great theme, you can sum up security awareness in this manner. "Give me a patch and you protect me for a day -- but teach me security and you help protect me for a lifetime".
Best Practices in Security Protection