Security awareness programs are becoming a well-established practice in many organizations, but people still remain a key vulnerability. Security awareness is just one of many corporate communication campaigns. The awareness messages often get lost between the many other communications. Security resources are not necessarily good communicators. We rely too much on people being able to do the right thing, it is hard for end-users to keep track of what secure behavior means in an ever-changing environment. We cannot expect them to become experts. We must consider that computer security is often as the weakest link.”]