by Paul T. Cottey

All the king’s horses

Feb 06, 2017
Email ClientsMalwareSecurity

IT team members can't fix everything their users can break

After being thankful and finding your inner kid, it is time to get back to the realities of running an IT organization. The reality is that your IT team cannot protect your organization from bad actors (not these bad actors, but people/organizations who want to do harm to you or your company). You need the help and active cooperation of your users to protect your company.

True confession time: IT team members can’t fix everything their users can break.

If all the king’s horses and all the king’s men couldn’t put Humpty-Dumpty back together again, there’s no way your IT team alone can protect your company. Most people in your company want to help you, provided that 1) they understand what they need to do, 2) it’s not too hard and 3) it is not too inconvenient. Let’s take those one at a time with a real-world example of managing unwanted email.

Easy to understand

We have been telling our users for the last few years NOT to open emails from people they don’t know, NOT to believe emails that offer something too good to be true, and NOT to click on links in those emails. So if you now want your users to forward spam emails for analysis or actively mark emails as spam or do something else, you will need to be clear on what you want them to do and when.

Easy to understand: If you receive an email from an email address or company you don’t recognize, either delete it without opening it or right-click it and forward it as an attachment to

Not easy to understand: If you receive an email from someone you don’t know, mark the email as junk or block the sender or delete the email or forward it to us for analysis or just ignore it.

Not too hard

All that said, what you ask of your users can’t be too difficult for them. Your role at work is IT-focused. If you do something with technology, you are doing your job. Your users’ roles, however, usually are NOT focused around IT. Most often, when they notice they are using technology, it is because the technology is not making it easy for them to do their jobs!

Not too hard: We are going to be pushing out an update to our spam filtering overnight. If your computer was on when the update occurred, no further action is needed. If your computer was not on, or if you were out of the office with your computer, you may see a screen flash up the first time you log in, and you could be asked to restart your email client.

Too hard: We are updating our email spam filtering tonight. When you come in tomorrow, you will need to go to X:ourcompanyIT_scriptsnewscriptsemail and run the update_my_spam_filtering_v2 — unless you are on a Macintosh, in which case you will need to go to //ourcompany/IT_scripts/new/scripts/email and run… well, you get the idea!

Not too inconvenient

What you ask of your users cannot be so inconvenient for them that it is easier for them to invest time to find a way to circumvent what you are asking them to do. Put positively, what you ask them to do should be the easiest path for them to take.

Convenient: We are changing our email spam filtering approach. The new approach will block emails that contain malware and will send you a daily digest of questionable email. You may release individual messages from quarantine, or you can ignore them. If you ignore them, they will be deleted after 30 days.

Too inconvenient: We are changing our email spam filtering approach. You will need to notify all the people who email you that they may get “bounce-backs” and that they may need to fill out “I’m human” challenges in order to email with you. This should settle down in 30 to 60 days after you have exchanged emails with your major customers and contacts.

If you explain what you are trying to accomplish and you make it easy and convenient for your users to work with you, you can avoid having to try to put Humpty-Dumpty back together.