The best firewalls on the market can't protect against such scenarios.

"Why even lock your doors if employees happily hold them open for a stranger following behind them?" asks Alex Ryan, security officer at VeriCenter Inc., an IT infrastructure and managed services provider in Houston.

The risk that employees pose is significant. They can fall prey to social engineering, a fancy term for being conned. They can ignore company policy by failing to encrypt sensitive data. Or they might install unauthorized software that can corrupt the system.

Think you're well protected? Recent findings from the Computing Technology Industry Association might convince you otherwise. In this year's CompTIA information security study, 59 percent of the organizations surveyed indicated that their latest security breaches were the result of human error alone. That's up from 47 percent last year.

Despite such statistics, many companies fail to do enough to educate their workers. That's what the Internal Revenue Service discovered, according to a March 2005 federal government report.