IT pros tend to focus solely on technology to solve endpoint security problems. After all, if malicious software is the poison, it's logical to look to signatures, heuristics, and cutting-edge detection for the antidote. But that's a mistake. Human vulnerabilities--ignorance, inattention, gullibility--are just as exploitable as software vulnerabilities, if not more so.
That means everybody has to be part of the security program. And the message that security is important has to come from the top and reach all levels of the organization.
Of course, it's easy to say, "Get everyone on board with security." It's hard to make it happen. You can dramatically increase the priority placed on information security through good processes and, dare we say, propaganda campaigns. A blend of policy, human resources management, and good old-fashioned self-interest can get employees to take your security program seriously.