Let’s talk about punishment

Perhaps I’m just reading the wrong publications, but it seems as though discussion of sticks has been conspicuously lacking from the MyDoom stories and opinion columns that unfailingly lament the unwillingness and/or inability of end users to heed their IT advisers and cut it the heck out. Whuppin’ stick anyone?

You’ve probably seen the Southwest Airlines commercial in which an office worker unintentionally unleashes an e-mail virus and then stands in astonishment as her negligent act comes crashing down – audibly, no less – on a sea of fellow cubicle dwellers.

“Wanna get away?” is the ad campaign’s familiar kicker.

What if instead of hopping a jetliner to escape her embarrassment, the woman had to cancel previously made flight reservations because her employer was about to punish her irresponsibility by rescinding the only five vacation days she had left?

Wanna get away? . . . Next time, resist the temptation to open that attachment. You attended the company’s mandatory anti-virus training course. You signed the form attesting that you understand what you should and shouldn’t open when working at your company-issued desktop – and you are fully aware of the consequences for non-compliance. Now go home, unpack your suitcase, explain to the family why you can’t go on vacation, and be here Monday morning ready to do your job without keeping others from doing theirs.

Buzz can be a hard-ass from time to time. We’re talking here about punitive measures – consequences – the stick half of that much-ballyhooed carrot-and-stick combination that has served management well for eons when trying to change the behavior of otherwise intractable human beings. Perhaps I’m just reading the wrong publications, but it seems as though discussion of sticks has been conspicuously lacking from the MyDoom stories and opinion columns that unfailingly lament the unwillingness and/or inability of end users to heed their IT advisers and cut it the heck out.

Whuppin’ stick anyone?

Perhaps this is already happening in no-nonsense workplaces. Perhaps it’s been considered – or tried – and rejected elsewhere. Maybe punishing people for their promiscuous attachment to attachments is plain beyond the pale. I honestly don’t know . . . and look forward to hearing from those of you who do.

But if these virus outbreaks are actually costing companies as much as experts say they are – thousands, tens of thousands, millions of dollars at a clip – shouldn’t sticks be on the table, too?

By way of comparison, corporate America decided that legal liability from sexual harassment lawsuits was simply too great to limit prevention strategies to education and cajoling. People now get fired for that sort of thing every day. If they didn’t, you’d still see the office clown e-mailing dirty jokes companywide . . . and pinups on workplace walls.

I’m not suggesting anyone get fired over aiding the spread of MyDoom or even that they lose so much as a single day’s pay. Let the punishment fit the crime. If revoking vacation privileges isn’t the answer, I’m sure the bright minds of American industry can conjure up one that is effective and fair.

After all, there seems to be a consensus that education efforts and technological advances have taken the anti-virus fight only so far and are unlikely to ever be enough.

The objections are not difficult to imagine, so allow me to tick off a few:

• We can presume that such a policy would be as unpopular as yanking the free coffee out of the company cafeteria.

• Unions will not be amused – you can almost hear the guffawing of labor leaders at the mere suggestion of holding their memberships accountable?

• What happens when it’s the CIO or CEO who screws up? Who gets to send the boss to the penalty box? (See Winn Schwartau’s take on this issue)

•  And not all viruses are created equal. What if the next one is so clever that even Network World readers are fooled into infecting their own networks?

Hey, I never said this would be painless.

Want to whack the columnist? Address is buzz@nww.com.