It is, when you do have one or more of the following-- IT policies and procedures doesn't reflect real processes, efforts are workarounds and communications ill-defined or strict without the best of reasons. No access verification and monitoring. Shares and lends credentials, computers and gadgets to each other. Browsing unconsciously, and wandering in, the Web. Opened emails that came from unknown individuals or sender very often without questions. Too much of a trusting person online. Uses the same flashdrive, borrowed or owned, for home computer and office computer. Update platforms and software irregularly. Very proud or dislike to cooperate with colleagues and friends or confident lone wolf. IT people enjoys computer games, doesn’t talk to business people. Risk not attended by IT and/or security people themselves. Mad and disruptive personalities and no respect for rules and regulations. Dismissive of, or no regard to, security protocols. Inattentive to security events. Expens...