Related Resources • Virus Encyclopedia • Glossary of terms

Elsewhere on the Web • SecurityWatch.com

Education & Communication
What education programs do you have in place? Do you train new hires on safe computing practices? Do you have continuation and up-training programs in place to refresh and reinforce learning and daily practices of existing employees? Do you have an Emergency Response Team and methodology in place for communicating to employees a virus warning or outbreak? Do you provide support beyond a simple help desk? Do you maintain a web site or weekly email digest to train users on hoaxes, malware, and safe computing practices? Do you promote safe computing and antivirus solutions for home PCs?

Policy, Procedure and Motivation
Do you have policy and procedure (P&P) in place to hold users accountable? Do you inform, education and motivate employees regarding such P&P? Do you seek to motivate your employees or simply shake a stick at them when something goes wrong…this really gets at the heart of the Blame Game.

The next time you find out that someone has violated a policy or made a mistake, like Jane who open a virus attachment, don’t play the Blame Game. Instead, look for solutions. After all, you’ve invested a lot of time and energy into every single employee. You don’t want to exasperate or de-motivate them. Make sure you’re doing everything you can to lower the risk of malware infections.

Finally, we must all realize that their are employees that are irresponsible and need to be held accountable. Notice that I didn’t say shake a stick at them and play the blame game, but hold them accountable. Everyone needs to know that there are consequences for irresponsible behavior, but they shouldn’t fear management. If you want your employees to trust and feel secure in a working environment, management must strive to lift up, support, and truly care about each employee – even when that employee makes a mistake. -- By Ken Dunham, Researcher & Curriculum Analyst, http://www.securitywatch.com/