Users JOIN THE BATTLETo gain control of the biggest nuisances, IT departments need to stop viewing workers as the enemy?and start recruiting them to be part of the solution.

CIOs who send out e-mail warnings or updates to workers are fooling themselves because employees "will think it’s some techy thing that they don’t have to worry about," says Chris Belthoff, a senior security analyst at Sophos, a corporate provider of antispam and antivirus solutions.

Belthoff advises that companies create a hands-on training program with employees to educate them about the dangers of spam and viruses. He says it’s critical to show workers what spam e-mail subject lines look like so that they recognize them in their inboxes. Programs to train IT workers to be end user teachers are available from Symantec, among others. (For more tips, see "Spam Battle Gear," Page 64.)

Training users in good e-mail hygiene has been part of the thinking at Winstead Sechrest & Minick, a law firm with approximately 720 employees. Director Mark Garrett says the firm trains all new employees on e-mail and Internet use policies and is now looking to add training and usage policies for instant messaging users. The law firm banned IM but is considering letting Internet-reliant lawyers use a chat application to communicate with clients.

There’s no way to get rid of every single nuisance. There will always be one employee who can’t resist clicking on an infected attachment. Still, prevention stops the nuisance from becoming a nightmare. "It’s about the little proactive things," says the California Independent System Operator Corp.’s CIO Yee. "You don’t retrofit as an afterthought."