I didn’t want to keep this from you: a short but familiar description of the problems someone encounters when trying to secure his family’s network. The gist of the article is:
In each of these cases, the problem seems to be one of communication.
We cannot make a person do something which they don’t want to do, nor should we. In this case we can only fall back to the first solution, and not much else beyond that. In the end it seems that it will always be difficult to make important technology decisions when the person “in charge” doesn’t grasp the issues at hand.
Which, to me, sums up the problem most security professionals and systems administrators face: that whole “network security” thing sounds fine on paper, but please don’t inconvenience any users. And, indeed, good communication about the risks you’re trying to defend against will sometimes help, as does giving users input in the measures you’re suggesting. You might not get any suggestions that you hadn’t already thought of, but just the act of interacting with them will help them understand the kinds of problems you’re trying to face.