Whenever I’m forced to exercise my authority as an IT manager, whenever I am provoked to yell at some idiot user for doing some fool thing, I am also forced to explain to them just how stupid they are.
I’ve tried using clean analogies. “You wouldn’t drive without seatbelts, would you?” or “You make sure you check your oil and change it every 3500 miles, right?”
None of these seem to work. I don’t understand it. Maybe they don’t wear a seatbelt (click it or ticket, assholes), or they don’t change their oil.
In any case, the best analogy I have ever come up with is also the one that never fails to impress the importance of good computer security and practices. Unfortunately, it’s also the one I can’t usually tell people because they might get all ‘offended’ and cry to someone.
It goes this way. Imagine you are your computer. After watching all the Mac v. PC ads, that shouldn’t be too hard. Now, imagine the internet as a gritty, grimy city street system, with shit and piss and gods know what else floating past your ankles in the unwashed gutters. Along the various streets are banks, or stores, or newspaper stands. But there are also porn shops catering to every (and I do mean every whim and desire), mobsters and thieves lurking every few feet (some with obvious weapons, some not so obvious in their intent), deadly disease carriers (both unwitting and deliberate) coughing ebola and hanta and tuberculosis into the air you breath, and sharp rusty metal spikes and caltrops everywhere. It’s New York City in the 70’s.
Now, with that image firmly in mind, go back to imagining yourself as a computer. If you do not have adequate, reputable, anti-virus and anti-malware, and if you don’t use good surfing practices, and if don’t have good passwords…
You are walking in that city naked. How long you figure you have before you get anally raped by some guy who steals your credit card and lobotimizes you with a rusty spike?
Anthropomorphizing computers and the internet in such graphic terms seems to help get the point across. Get good virus protection, get good malware protection, lock down your machine, and don’t visit questionable sites.
Well, lets take a step back… You mention oil changes. Well, most people do not, in fact, handle most auto maintenance themselves. They have an expert who handles it for them. Someone who looks at the car, diagnoses problems, advises how to keep the car running smoothly, etc.
Isn’t the role of IT person to take care of these problems for end-users? They don’t know a serpentine belt from an antispyware application. As an IT manager, shouldn’t you be responsible for creating and enforcing policies that keep the network and its components safe so that the end-user can focus on doing their job and not on worrying whether or not they have adequate malware protection?
I am not so sure your analogy will actually help. It was funny on Dave Chapelle, but not really useful for an end-user.
If you’re naked, how does he get your credit card number? Are you holding your wallet? If you’re a woman, do you have your purse? If so, are you *really* naked? ‘Cause I’ve heard some women say they feel naked *without* their purse, so wouldn’t they technically not be naked *with* it? Or did he get it from one of those “credit card on your keychain” thingies they have now? Why were you carrying your keys if you’re naked? I mean, I suppose if you were running and fell down, they wouldn’t dig into your leg as they would if they were in your pocket, but I mean, if I was naked and had my keys, then damn man I’d be in my car hiding and not walking to a porn store in NYC.
I think Carl was just fishing for an excuse to say “anally raped” again.
I used the analogy before the similar one showed up on the Dave Chapelle show, thanks. But all he did was show porn and pop-ups. So I stand by the originality of mine.
As to me creating policies, well, there are a couple fo things I would have to say to that. I think of myself as a mechanic. I keep everything in tip-top shape. I can’t possibly prevent everyone, however, from taking their Miatas off-roading, or driving over spiked chains.
The other thing is, the in order to prevent people from doing the equivalent of those things, I would have to implment domain policies so severe that they wouldn’t be able to do anything. Our main accounting/inventory/job costing suite requires admin privileges on all local machines. The best I can do is control the firewall, which is a bit like fencing them off from some of the problems.
As to where they would carry their credit card numbers… tattooed on their anally raped asses.
Ya, and I invented the Internet even before Al Gore did. Of course, I have no proof.
As for what applications are used on the network and their security requirements… well, that is sorta the responsibility of the IT Manager, isn’t it? I mean, don’t blame end users for the software they use. Don’t blame them for being given Admin access to their local computers. Blame the IT Manager. And, then get him/her to fix it.
Heh. IT Managers do not often get to pick what applications run on a system. The system in place is what I inhereted, and switching it out is not ‘up to the IT manager’. It’s up to the owners and various VPs.
I just thought of something. Don’t you know have you own space for stuff like this? Your http://www.carlreyes.com? Don’t the tags “carl, rant” pretty much tag it for going there?
I almost posted it there, but then I realized it was almost a geek PSA.