Re: Don't open unexpected attachments
@Yet Another Anonymous coward: "Seriously - why should it ever be a user's job to protect the company from this?"
Wow. Dumbest comment evar.
Why? The end user is the biggest security hole in any organisation.
Using weak passwords. Or if forced to use complex passwords, leaving the password on a post-it.
Holding doors open for strangers
Leaving computers unlocked in publicly accessible areas
Giving out too much information - over the phone, Facebook, Linkedin, etc
Bringing in devices from home
No social engineering awareness
And most importantly for some, clicking on random attachments.
User education is key to eliminating a lot of this kind of stuff, rather than an attitude of "Security is someone else's job"...