You’ve probably heard about the controversy surrounding beer sales at Wrigley Field in Chicago. A few weeks ago, the hometown Cubs were playing the Los Angeles Dodgers and a bunch of goofballs had too many beers and got rowdy. It got so bad that a few of the Dodgers went into the stands to beat up the goofballs.
What was the response to this incident? Rational folks may say that security should be beefed up, fans should be reminded about appropriate public behavior and players should let security professionals handle the goofballs. But no, the response was to prohibit vendors from selling beer after the sixth inning.
As a result, fans started drinking earlier and stocking up just before the cutoff, while the beer vendors tried to maximize their revenue by pouring beer at a record pace. The attempt at behavior control failed, and the goofballs continued their rowdy ways.
Back in the IT world, we have a similar problem in response to viruses. How did your organization respond to the ILoveYou worm or any of its mutations? Most of the rational institutions blocked the virus as far upstream as they could, informed their users about the attack and what the appropriate response should be, and made sure everyone’s client virus detection software was up-to-date. Some of the more reactionary responses were to disconnect from the Net or ban the use of Outlook.
But how many companies focused on educating the user? In addition to knowing how to use computing tools, users should be able to recognize odd behavior and know what to do when they witness such behavior. Most of all, users need to be a little more paranoid.
Maybe I’m getting cranky in my old age, but I’ve become extremely skeptical of e-mail. If anyone knows of a universal mechanism that guarantees the sender is whom he claims to be and the note was sent for its stated purpose, I’m all for it. Until then, my rules are:
Delete all junk e-mail.
Delete any message from someone I don’t know that instructs me to do anything but read text.
If a message is from someone I know and has instructions, I contact the sender to make sure it is legitimate.
Remember, don’t throw away the tools. These are as much an intimate part of your business as beer is part of a ball game. Instead, get your users to use the tools wisely.
If you have any thoughts on this issue, I’d love to hear them. Just don’t send them as an attachment.