One day people will realise that telling employees to take the security of their company’s network seriously is an exercise in futility. It’s like asking motorists not to speed in their cars. If cars weren’t intended to cruise at 120mph, why did manufacturers bother to invent exhaust turbochargers?

In its latest survey of employee behaviour, Sophos notes that “79% of IT professionals believe that employees are putting their companies at risk by failing to act safely online.”

It lists the seven deadly sins (only seven?) employees are guilty of, including the usual gamut of porn surfing, music downloading, email forwarding, and password naivety. It departments have a lot on their plate, it seems, and it’s almost all the Internet’s fault.

In a perfect world, IT departments wouldn’t be stuck in the middle in all this. They would wave a magic wand and be able to enforce policies on everything. Even better, IT would have developed along mainframe lines using proprietary communications protocols and none of this would have come to pass at all.

The survey lists good practice, and there is certainly plenty that can be done to stop things getting out of hand. But the bigger question is why don’t IT departments do follow these procedures anyway?

If they don’t then perhaps the problem is not the idle folly of the users.