Prompt : Every day, millions of corporate workers download files and e-mail attachments, not knowing whether they could contain malware (such as viruses or Trojan horses). This happens in spite of appropriate use policies and warnings from administrators. How would you enforce such rules, without limiting the usability of workers’ systems?
Files and e-mail attachments may contain malware such as Trojan horses or viruses which may damage the computer system. Organizations have put several policies in place to warn employees against downloading such files. However, majority of corporate workers are still downloading these files thereby exposing computers to malware. The main problem is that, organizations have very effective rules that can prevent corporate workers from downloading harmful files, but they do very little to enforce these rules. The best way to control such behaviors is by enforcing such rules without limiting the usability of the workers’ systems (Rawson, 2014).
With a detailed computer policy in place, an organization should allow all employees to read and sign a copy of the policy. This copy should then be kept in the employee’s file. The organization should remember to update the policy at least once a year, keep employees informed of the updates, and allow them to sign an acknowledgement. According to Rawson (2014), the best way of enforcing a policy is not by making it look like a way of punishing individuals, but as a way of communicating with workers and recognizing that it will act as a tool of change. After allowing employees to acknowledge the changes, an organization should ensure that all employees have a copy of the policy in writing. Most importantly, the policy should be made part of the organization’s code of conduct. A policy cannot be effective without enforcement, and this must be done at all levels of the organization. Many companies may shy away from monitoring the effectiveness of their policies, but they need to know that it is only through monitoring that an organization can know whether its policies are implemented effectively (Rawson, 2014).