Information security is at the forefront of timely IT topics, due to the spectacular and well-publicized breaches of personal information stored by companies. To create a secure IT environment, many steps must be taken, but not all steps are created equal. There are technological measures that increase security, and some that do not do as well, but overall, the best defense is to create a culture of security in the organization. Such a culture makes each member ask themselves what security implications an action will have. The culture extends from someone at reception deciding to whether to admit a visitor to upper management determining whether a strategic alliance with another firm which links their corporate information systems. The same principles that guide IT security in the enterprise guide smaller organizations and individuals. The individual techniques and tools may vary by size, but everyone with a computer needs to turn on a firewall, and have antivirus software. Personal information should be safeguarded by individuals, and by the firms entrusted with it. As organizations and people develop security plans, and put the technical pieces in place, a system can emerge that is greater than the sum of its parts. Improving computing security really means education, whether of oneself, one's employees, or one's family. Thinking "security first" may seem paranoid, but in today's world, experience shows that it reflects reality.