One of my colleagues, Steven Smith from ASPAlliance, pointed out an article to me involving an "unpreventable" security exploit. In short, a group of consultants were hired to assess security at a credit union. They planted some USB pen drives with a white trojan providing information to the network. Employees then found the drives, picked them up, and plugged them into their PCs [FULL ARTICLE]. Not good. This is one type of an "unpreventable" security exploit. I say its unpreventable because IT cannot prevent this. Rather, its the employees responsibility to learn what is acceptable and what is not. This is just one of the hardships that many IT professionals run into. It's not always a hole in the operating system or a virus in an email.