"Unusable on the black market” - that's what the Identity and Passport Service said when it had to admit that 3,000 blank passports and the van carrying them had been stolen in Oldham last week. The online information security discussion groups burst into laughter at yet another minister making statements of certainty about the impossibility of cracking a government system.

The security of the new e-passport, sold as foolproof against identity theft, was this week shown by a Times investigation to be easily breached. A computer researcher cloned the microchips on two British e-passports and - to drill the point home about the weakness of the system - then implanted digital images of Osama bin Laden and a suicide bomber. It's not the first time that the security of e-passports has been compromised. Almost two years ago a German security expert attacked the “secure chip” by injecting a malicious code into it so that when the passport was scanned it crashed the scanning device

In the corporate world, too, there are just as many serious lapses of security. A number of months ago, the US retailers such as T. J. Maxx were targeted by the biggest single hacking operation in history, which resulted in 40 million credit and debit card numbers being compromised. This was made possible by a complete failure on the part of the retailers to protect the wireless networks that transmit their customers payment data. They might as well have written their customers' card numbers and PIN on a postcard and sent it to Visa in the mail.

We should not only be angry with government departments or businesses that fail to protect our data from fraudsters and criminals, but also at ourselves for the blind confidence we have put in technology's ability to provide that mythical thing called “total security”. It is a cliché to say that we as a society have sleepwalked into something, but when it comes to the security of our data we have not just walked, we've rushed headlong into an online world where we instinctively trust everything.

We have also given our trust far too readily because computers have been made “easy” for us. For instance, we trust those little icons that show a padlock while we browse the web. Or put too much confidence in the “firewall” that tells us how many hackers it has stopped.

But we never learn. The Government has been examining the possibility of introducing a quality mark for software designed to filter internet sites to protect children while they are online. But it would be only a matter of time before the first newspaper story about a child being groomed by a paedophile appears, complete with quotes from a distraught parent saying: “We bought a government-approved product and it didn't work.”

Instead of parents taking an active interest in protecting the online lives of their children, many will opt for the false security of a little logo. We have become infantilised by technology. Instead of trying to get to grips with information technology, we simply defer to the experts, and then we wonder why we are annoyed when things fail.

The truth is that there is no system that cannot be hacked. If a human being can create a security system, then another human being will be ingenious enough to find a way in, or around it. That's why Jeff Richards, the security expert, made his two laws of data security so simple: (1) Don't buy a computer; (2) If you do buy a computer, don't turn it on.

This is not meant to frighten people away from using computers: it is meant to inject a modicum of common sense into our approach to the security of our information and what we should expect of each other in relation to all of our data.

In the personal arena we need to be more aware of whom we give our data to, why we give them that data and what we should do if we think our data has been compromised. When, for example, your computer begins to act strangely as if it has a mind of its own, then assume the worst and change the password for those online shopping websites you use - this is something that should be done regularly anyway. It may sound bleak, but we must start to trust others less and ourselves more when it comes to our data. We must start to remember that it is ours and we have as much responsibility over it as those guardians we give permission to store it.

Our attitude towards security is stuck in the 20th century of the “eyes only” paper documents: the greater use of technology should run side by side with an ever greater awareness of security.

Government ministers, civil servants, corporate bodies and individuals too should have the words of Eugene H. Spafford, a professor of computer science and leading security expert, drilled into them. “The only system that is truly secure is one that is switched off and unplugged, locked in a titanium safe, buried in a concrete vault on the bottom of the sea and surrounded by very highly paid armed guards. Even then I wouldn't bet on it.”

Phil Hendren is a Unix systems administrator. He blogs at dizzythinks.net

Times Recommends

• Ethiopia - another avoidable disaster
• Arts and heritage pay the price for gold
• Identikit parade of young pretenders