If you're an IT pro or a serious PC hobbyist, computers are as logical as Mr. Spock. If you're a human being without a technical background, the average Windows error message might as well be written in Klingon.
For that latter audience, computer security often devolves into magical thinking. That's unfortunate because the reality is that most of the things you can do to protect yourself online are about simple psychology and basic human behavior.
When a business network is compromised with ransomware, the culprit is rarely an evil genius hacker. The source of the problem is usually far more mundane: Someone was fooled by a clever bit of social engineering.
For anyone who's responsible for training others to avoid being online victims, the secret is not to explain how buffer overflows and code injection work.
Instead, help those people focus on how to approach PCs with a healthy dose of skepticism and build up some basic situational awareness. I've reduced the lesson plan to six simple rules, all written in plain language.
