You can have all the firewalls and Internet security software in the world, but sometimes there’s just no accounting for human curiosity and stupidity.

Bloomberg reports that The US Department of Homeland recently ran a test on government employees to see how easy it was for hackers to gain access to computer systems, without the need for direct network access.

Computer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers. And if the drive or CD had an official logo on it, 90% were installed.

The full report on the Homeland Security study is due to be published later this year.

You may remember the Stuxnet Microsoft Windows worm last year, which targeted industrial software and equipment. Basically, computers with no external network connections were infected with the worm through what was thought to have been contaminated hardware, such as USB drives.

We’ve written a lot about IT security of late, much of which was related to the LulzSec hackers. Whilst systems that are pretty robust and ‘secure’ are still susceptible to hacks from those hellbent on causing havoc, it seems that the inherent curiosity and carelessness of humans is still at the root of many problems.

All this points to the much-used ‘user error’ acronym, PICNIC: problem in chair, not in computer.

Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp., told Bloomberg:

“There’s no device known to mankind that will prevent people from being idiots.”

Read next: Artsy Editor turns Wordpress into a minimalist distraction-free writing web app