Thought Theives - how to raise the profile of security in your organisation

Microsoft are running a competition whereby entrants record a short film to highlight the growing problem of Intellectual Property(IP) theft and raise awareness at a consumer level. Details of the competition can be found here. I'm not expecting many of you to be budding film authors though if you are it's worth entering the competition. The reason I've mentioned it is that I see security awareness or rather lack of it as being a fundamental security problem which we need to find a way to address.

Just think about how easy it is to get most users to part with personally identifiable information and how keen most helpdesks are to make life easier for users when perhaps they should question people's motives more often.

As infrastructure security becomes ever more sophisticated and more resilient to attack the attraction of hacking people (otherwise known as social engineering!) becomes ever more appealing. None technical means of attack have been used since computers were first worth attacking(since they held valuable information) but while system security is generally getting better, the security awareness of most people is some way behind.

How do you encourage your users to lock their machine? Stop sharing it with other people(including friends and family if a laptop)? Appreciate that they shouldn't run applications from unknown authors. Question anything that's "free".

Let me know what you think - any practical suggestions would be great to share.