I read an article recently about a computer security company that did a security audit for a customer. One of the things they did was hand out Free! Take One! usb drives loaded with various forms of malware to employees as they walked in the door in the morning. By that afternoon they had passwords, banking info, payroll info, etc.