July 18, 2005, 9:36 AM — A new study reports that many users have changed their behavior because of spyware. About time. The fact that you have circulated spyware education around the company, and lectured users when you clean up their systems, should have also helped trained them, but no doubt the pain of spyware did more to change their online activities than your lectures.
Not every user can claim new-found intelligence and tactics in the fight against spyware, unfortunately. The ones who still get infected will cause you some extra grief over the rest of the year, but you have some new leverage against them.
Since many users now know how to cut down on spyware, the ones who don't need special attention. While I'm not a big fan of Big Brother monitoring of user's online activity, it's perfectly legal for companies to monitor employee actions on the network. It might be informative to pull the browsing log files of your repeat spyware customers and see where they're going to get all their spyware.
With log file in hand, you have both a stick and a hammer to influence your recalcitrant users. The stick? Ignoring rules against downloads. The hammer? Wasting company time and resources going to sites full of spyware downloads, such as those focused on file sharing, fantasy sports leagues, gambling, and the old favorite, "adult" sites with multiple images. People can be, and are, fired regularly for wasting time like this during work hours using company equipment.
It would be nice if you could convince management to fire all the stupid users still causing spyware problems, but at least you might be able to fire one or two. While a help desk trouble ticket will never have "Fire the idiot user" as an option for follow-up action, it's nice to dream. Repeat spyware offenders, when examined closely, are almost always breaking other rules that can result in disciplinary action.
The good news (or bad, depending on your viewpoint) is that firing one usually gets the point across to the others. Privacy laws and common decency should keep you from broadcasting why an idiot user was sacked, but word spreads. Word spreads even faster if you release a new "inappropriate surfing" reminder the day after the person disappears.