FUDBusters: Lazy Employees, Security Violations?

FUDBust: It's appalling that so many managers blame employees, when it's management that makes or breaks security. Management has failed miserably in enforcing security policies. When blissfully ignorant users continually spread viruses by opening foreign attachments, it's a failure of corporate policies, not users.

Management must create enforceable security policies and take security out of employees' hands. It must prevent them from installing games, peer-to-peer trading software, video files and instant-messaging systems with impunity. Without effective policies for controlling user behavior and ensuring antivirus software updates, users will continue to make the same mistakes. Blaming the employee will never fix a poorly managed corporate culture.