Just reading on the news that several UK and US government computers have been compromised by a botnet worm that can be used remotely to carry out various other IT attacks. However many of computers were actually compromised and how many were significant and not just some rubbish desktop in a constituency office I do not know but what I do know is that security can be achieved but people are simply either unable or willing to do so.
For instance, any things like flash drives etc can be used outside of work and can end up with viruses on them. Simple, do not permit any important PC in high risk situations to accept USB flash drives - period. If people need to work on stuff on another PC, they need to log in remotely or find some other way to avoid insecure transport.
Dodgy browser? Simple. Remote Internet Explorer and use something else. Setup the security settings and lock them down (although to be fair, sometimes new ways are found to circumvent what were previously acceptable measures). Better still, run an operating system like Linux, Unix or possibly Macs that have a decent security model. Not only will most viruses not even run on Linux but if they do, they cannot do anything to the system without 'root' access and likewise, they cannot spread across the network to other Linux machines for the same reason. The risk is massive and yet these bods are still using lorry loads of Windows Machines.
Dodgy web sites? Here is a simple solution, use a web site blocking tool like WebSense that will probably block 99% of all malware sites automatically so the chances of stumbling onto one are much reduced.
Better still, use a whole range of measures, everyone of them reducing the attack surface and putting these hacker people out of business.
There aren't many people with the power to carry out such security work so if you are one of them, please do it. I don't want to spend millions via the banks and insurance companies to finance some criminal somewhere in the world.