This is more of a social issue than a computer issue.
For starters there's something to be said from learning from experience - invariably the best way to get someone to take security seriously is for them to get burnt from it.
The best security is passive - you need to have security in place rather than thinking aout it
For personal systems httpseverywhere is a nice little firefox extention that ensures that https is used where possible.
Patches can be a pain when you need to keep an eye on a half dozen apps running secunia PSI to make sure that security related apps are kept up to date is a good idea. In any case, updates should be automatic where possible.
Finally, have a standing rule to report anything out of the ordinary - in my dad's SOHO environment that tends to be the biggest difference between a quick fix, and hours of hunting down issues.
1I think you meant "matters". – Keith – 2011-05-06T09:14:13.200
Might get better answers at security.SE
– None – 2011-05-06T09:15:36.690