You've summed it all up with your "stupid users" comment. In my opinion most security lapses occur through ignorance. Wether it be a lack of trainning or understanding. Companies spend alot of money (check out the thread on the front page about security being a billion dallor a year industry!) to protect them from the outside world when the majority of attacks come from the inside. You can have the best firewall in the world but if an employee double clicks some dodgy email...adios amigo!

Basic rule of thumb- use a firewall (I recommend Tiny) and keep your antivirus software up to date, and obviously , dont open suspect emails...It's that simple really.............