I keep a mental file called the “You’d Think File.”
It’s filled with Darwin Awards-type things people do. For example, you’re waiting in line at airport security and the person in front of you has set off the metal detector for the third time. The first time was change in the pocket. Second, the watch. Third, keys in the other pocket. “You’d think he’d have the common sense to place all the metal in the tray provided.” Common sense, it would seem, isn’t so common.
The last person I have to tell this to is an IT manager.
Once again people (and I use that term grudgingly) worldwide have bestowed God-like status to some malware-writing geek with too much time on his or her hands. The worm-du-jour, Goner, ran buck-wild across the planet thanks to dimwits unable to follow simple orders: don’t open non-work related attachments.
In some cases it’s easy to pardon users, but this isn’t one of them. This wasn’t one of those crafty worms that was set off simply by viewing the e-mail in the preview pane. This was a case of curiosity infecting the cat as users had to double-click on the attachment for the fireworks to begin.
Lots of people (mostly those who helped spread the virus) are going to step up and spin the blame wheel. Some will try and pin it on the anti-virus vendors, while others will try and turn Microsoft into the scapegoat. Neither is to blame. Anti-virus vendors are always going to be one step behind and they do a good job of alerting users to threats and releasing updated virus patterns. Many worms use Microsoft Outlook and its address book to propagate, but Microsoft’s only crime (this time) is being the market leader. If you can name me an application that’s without holes I’m all ears.
So what do we do about the problem? I suggest a revamping of everything from hiring to firing. The first step comes at the interview phase. When a potential employee comes to the interview leave the candidate alone in an empty room save for a chair and a table with a loaded mousetrap on it. If after a few minutes you don’t hear a scream, move onto the interview.
Companies cannot afford to have their networks clogged and Internet access shut off, yet the message doesn’t seem to get through. Gus Malezis, the Canadian country manager at Network Associates, suggested to me better education is needed, but what kind of turnip doesn’t understand office PCs are company property and must be treated as such? Remember, this worm was disguised as a screen saver. The Anna Kournikova Virus was masquerading as a picture. These are not projects being shared amongst peers or budgets that need urgent approval.
It’s high time companies implemented punishments to fit the crime. I recommend a combination of shame and discomfort. Any employee found guilty of sabotaging the company’s IT infrastructure should have to apologize in person to everyone in the company affected and send a hand-written note to everyone who subsequently received the worm by e-mail. Internet privileges should be revoked until the guilty party has passed a test on the company’s PC usage policy. A week using a typewriter also sounds like a good idea.
I used to think the speech IT managers gave to new employees was a condescending power play, but that is no longer the case. Time and again curiosity seems to get the better of the cat, so maybe it’s time to neuter the cat.