This chapter is divided to two parts. Part one identifies common security and privacy weaknesses that exist in e-mail and WWW browsers and highlights some of the major implications for organisational security that result from employees’ online behaviours. This section aims to raise awareness of these weaknesses amongst users and to encourage administrators to mitigate their consequences through enhanced security and privacy-focused user education and training. Part two makes recommendations for improved user education as a component of information systems security management practices. These recommendations have been generated from a forensic computing perspective that aims to balance the complex set of issues involved in developing effective IS security management policies and practices. From this perspective these policies and practices should improve security of organisation and the privacy of employees without compromising the potential need for future forensic investigation of inappropriate, criminal, or other illegal online behaviours.