“One of the major differences between school and real life is that school first teaches you a lesson then gives you a test; life gives you a test that teaches you a lesson.”

—Chris Hadnagy

Now that you have been thoroughly schooled by our resident shrink and phishing nerd (yes, I am talking about Michele), it is time to start applying all the knowledge you've acquired. I have talked to dozens of companies who spent hours and hours scouring the Internet for ­suggestions on how to educate their staffs and themselves in the art of protection. On the basis of those conversations and their frustrations, I have compiled this chapter.

What I want to do with this chapter is to break down some of the ­lessons that we have learned in working with some of the world's ­largest organizations and help you learn how to apply them. One of the things I have found is that there is a major difference between “civilian” ­protection tips and “pro” protection tips.

By civilian I mean the average, everyday person. The person who's at home without a full IT staff to call on. The one who doesn't have a resident computer nerd in the next cube who can tell you what to do as he sighs loudly at your inherent lack of technical prowess. Even a ­small- to medium-sized (or in some cases large) business that does not have a full-time security guru at its fingertips could fall in this category. If one of these descriptions sounds like you, pay attention to the civilian tips. The ...