Even when organisations establish a large number of organisational and technical security procedures, they are often circumvented by carelessness on the part of employees. A typical example of this is the proverbial sticker on an employee's monitor that contains a list of all their passwords. In the same way, hard disk encryption on a laptop does not stop a person sitting next to it on a train from reading confidential information off its screen. Even the best technological security solutions are no use if sheets of confidential information are left lying on a printer or end up in freely accessible waste paper bins.
If employees handle information carelessly, the defined information security processes become ineffective. Unauthorised persons can take advantage of negligence in handling information in order to carry out targeted industrial espionage (for example).