A crucial part of an antivirus strategy is having a written policy that defines both the IT department's and end user's roles in protecting your network. The policy should also provide users with a basic understanding of how viruses spread and how they can help prevent virus attacks.
You can’t force people to read or heed a policy. One thing a policy can do, however, is put users on notice that they are also responsible for network security.
Granted, such a policy doesn’t absolve the IT department from its duty to protect the network. But the IT department doesn't deserve all the blame when the same user opens an I LOVE YOU message for the 10th time. Your procedures for dealing with virus attacks will depend greatly on the antivirus software you use and your organization's general philosophies on end-user responsibilities. Some support pros advise users to call them before doing anything to a suspicious e-mail, even deleting it. And to test whether users are following that antivirus procedure, they send random, anonymous e-mails to them as tests!Educate, illustrate, and enlist
One of the most effective ways to enlist end-user support is to give them appropriate information and show them what the IT department is doing to help reduce their risk.
Enlisting the user’s help has the advantage of involving the user in the organization’s security at a basic level. Some IT pros may even be able to show users that changing their e-mail behavior at work may carry over into their personal computer usage at home and save them some grief.
To get everyone on board:
- Educate users about how viruses work and spread.
- Show users what the organization is doing to prevent virus attacks.
- Tell users how to respond and report suspicious files and attachments.