Data theft, hacking, malware and a host of other threats are enough to keep any IT users up at night. Everyone need to understand the basic principles of Information Security:
Confidentiality: This means that information is only being seen or used by people who are authorized to access it.
Integrity: This means that any changes to the information by an unauthorized user are impossible (or at least detected), and changes by authorized users are tracked.
Availability: This means that the information is accessible when authorized users need it.
So, armed with these higher-level principles, anyone can come up with best practices to help ensure that their information stays safe.