Yeah, Let's Educate 'em
1.) Only run as Administrator when installing stuff
2.) Forget Virus Scanners. That's a scam to make money. Only slows down your machine. Does not help against the latest/greatest threat. Does not help against spearphishing.
3.) Install Software only from the original supplier's website
4.) Have everything patched as quickly as possible. Even if that includes logging in as Admin, doing the install and then switching to the "surf user" again. Firefox needs exactly that. Mozilla sits in the shithouse, still.
5.) Never install stuff send you by "someone" over Email
6.) Separate "surf user" from "small business accounting/netbanking user".
7.) Create periodic backups of all important files on CD/DVD.
8.) Write down passwords and lock that piece of paper in a safe place
9.) Never store passwords in the browser
10.) User passwords for everything
11.) Create un-guessable passwords. Don't use your birthday, pet name, gradma's name etc for passwords.
12.) purge cookies at least once a week.
13.) Never trust email source addresses. Verify by phone callback if important.
14.) Don't use the "surf user" to access critical stuff in your corporate intranet. (Well, that's something I also don't do. But I don't break security regulations of my employer. Everybody does it. Rogue JS could download all source of my employer and perform a ton of other reconnaissance.)
Now, please try that with the Computer Illiterate Next To You. As soon as he/she will start rolling their eyes or change the subject YOU will have learnt a lesson.
99% of laypersons will think you are "doing computer-geek-speak" and they should better think about the way they plan to convince the bank manager of handing the next credit to them tomorrow at a good rate. Not that many people have gone bankrupt yet from computer security issues.
Chinese Industry has not yet destroyed a sufficient number of non-Chinese companies by computer-based espionage to make the pointy-haired halfbrains take notice. I recently worked at a major institution making about 2000 million Euros revenue/year doing quite critical transactions and their PC security was horrible. Unpatched Firefox, unpatched Java, unpatched Flash. Certainly we browsed the net while being logged into the system having complete source of that entity.
If the local financial press found out I guess it could cost the job of the CEO, but I don't think it is worth the trouble to play the whistleblower and pay the cost for that.