This article contributes to the theory of the human factor in the information security by explaining how bias and errors in thinking influence the perceptions and decisions in the community. Besides providing examples from practice, the author suggests recommendations for mitigating the negative effects of the cognitive biases through relevant education.