Convince clients to take PC security seriously

Here are three simple steps that you can take to help IT consulting clients adopt, implement, and enforce a proactive security policy that will protect the systems you support.

 A quick and uncontrolled survey of several colleagues had shocking results: Over half of calls to surveyed IT consultants and help desk professionals are about viruses and spyware.

Protecting your clients from these threats is becoming a full-time job for some of you because the perpetrators are getting smarter, and users are still uneducated. That's where you come in — it's your job to help clients adopt, implement, and enforce a proactive policy that will protect the systems that you support.

Step 1: Do the research and then make recommendations.

Most likely, you'll find that you recommend the same software protection to most clients. There's plenty to choose from and many are free, which will help many of your smaller clients. You've probably already taken this step. (I'm including this step only to be truly inclusive. The truth is if you haven't already taken this step, you're only playing at being a consultant.)

Step 2: Convince clients to purchase and install virus and spyware protection from day one.

Clients must adopt a policy that's clear and definitive — absolutely no computer gets plugged in to the system without appropriate protection. That includes the head honcho's laptop — which is taken home frequently. This step, unfortunately, is impossible to enforce unless the client uses you to purchase and install new equipment and software. If you're not that involved, charging a higher rate for chasing down and eliminating nasties might convince them, but only after the fact.

Step 3: Implement a policy.

Once you've helped the client establish and implement a policy that they can live with and that you can reasonably support, it's time to inform the users. Now, the client's probably not going to pay you to pass from one client to another to give a little speech. The truth is it won't do much good anyway — that's where the policy helps.

Employees who violate policy pay the price, which could be as severe as dismissal. It's a high price to pay for what seems a minor offense, but it's happening more and more. Offer a customized handout for the client to give to all employees and, of course, suggest training for a fee, by all means (just don't expect it). In addition, suggest that your client include the handout in their new employee package. (They do have one of those, right?) Requiring all employees to sign a copy isn't a bad idea, but realistically, that won't stop anyone from violating the policy.

The handout should include the policy and repercussions for breaking that policy. Include the following short list of user limitations:

  • Don't forget to keep your virus and spyware up-to-date. Updating daily isn't too often if you're online every day.
  • Don't open e-mail from an unknown source.
  • Don't open attachments from an unknown source.
  • Don't open attachments with weird extensions or multiple extensions.
  • Don't change your Internet security settings.
  • Don't download anything from the Web.
  • Don't visit any unauthorized Web sites.
  • Don't use your PC for personal use.

Customize this list to fit your client's needs

The list probably seems too basic to you, but it's your business to know these things. You mustn't overestimate users, and I'm not insulting them. They have their work; you have yours.

The list is generic and will require a bit of easy customization. For instance, lots of businesses receive e-mail from the general public, and many users need to download information from the Web. Work those needs into your list.

Some of you will complain that the list is too short and not specific enough, but I've omitted specifics on purpose because I want comprehensive and exclusive statements: "Don't visit any authorized site" means just that. Specifics generate excuses: "But you let..."; "I didn't think you meant...."

By all means, if you don't like the "don't" attitude, rewrite it into a list of "do's" — whatever works for you and your client. They're sure to appreciate the list's (and your) value. After all, one infected PC can bring down an entire system.


Get weekly consulting tips in your inbox TechRepublic's IT Consultant newsletter, delivered each Monday, offers tips on how to attract customers, build your business, and increase your technical skills in order to get the job done. Automatically sign up today!


Susan Sales Harkins is an IT consultant, specializing in desktop solutions. Previously, she was editor in chief for The Cobb Group, the world's largest publisher of technical journals.

Editor's Picks