Subject: Emily's bad day
Emily is having a bad day in the communications crisis story.
- What do you think has happened?
- How should she deal with the virus?
- Did she do all she could to prepare the IT for the campaign launch?
This comment was last edited on Feb 12, 2010
I would like to think that at the very least there were backups kept of any important data - contingency planning for precisely this kind of event.
All Age Aid IT equipment really ought to be protected with the standard anti spyware, antivirus, firewall software which would ideally have flagged up an issue such as this early enough for it to be noticed and acted upon.
This comment was last edited on Feb 12, 2010
It just demonstrates how naughty we are clicking the 'Remind me later' button for expired virus protection. I do it all the time!
I always e-mail really important documents to myself. Computers, back up disks, usb sticks....thay can all be damaged /stolen /lost /vapourise (that seems to happen to many of my belongings!). If she'd e-mailed it to herself first it would have been safe!
This comment was last edited on Feb 12, 2010
This seems to me like an occasion where double-loop learning might be relevant; Emily needs to address both the governing variable (how to ensure that her systems are properly backed up and well protected against viruses) and the action strategy (how to get out of the mess that she's in today). Given the deadlines, she's best to concentrate on the action strategy for the time being.
This also seems to be something where Will's technical knowledge could be useful. If this is a new virus, are there any tools which can be downloaded to deal with it? If the virus definitions are out-of-date, what can be done to update them? And does Will know whether there's anybody at Millcaster University (either a technical IT person or a member of the computer science faculty) with expertise in data recovery, who could have a go at retrieving the newsletter and loading it onto a clean and virus-free computer?
Incidentally the hyperlink above is to a page about Chris Argyris, one of the thinkers behind the concept of double-loop learning, which is where the terms 'action strategy' and 'governing variable' come from
Martin
This comment was last edited on Feb 12, 2010
Oh dear, Emily's day is getting worse in part 2 of the story. It seems like she might have been cutting corners which led to the virus. Is she being too hard on herself or is she at fault here?
This comment was last edited on Feb 12, 2010
I think that it easy not only for virus protection not to be kept up to date but also organisations having a lack of policies around use of computers and the internet.
Have a look at the following Knowledgebase articles:
- ICT Acceptable Use Policies - http://www.ictknowledgebase.org.uk/acceptableusepolicy
- ICT Induction Manual - http://www.ictknowledgebase.org.uk/inductionmanual
Ian
This comment was last edited on Feb 12, 2010
Thanks iang. Have now added those as useful links to the story. If only Emily had known about them she might have avoided all this mess! 
This comment was last edited on Feb 12, 2010
@iang
These are very useful links - worth noting that there are particular issues about anti-virus software because it can be incredibly difficult to manage properly on a small scale. Sadly my experience of using one well-known AV package on a single computer at home is that it can seem as though the virus package serves only to slow down the computer and to block access to websites that you need to use.
A couple of other points. Emily's reaction, that Pam's Russian prince email is unlikely to be the cause but Will's music downloading could be, is correct. But she needs to be cautious, especially in reassuring Pam, since there's a whole category of malicious emails, like this one, that depend on 'social engineering', and an acceptable use policy needs to include something about how to deal with these. Rather than apportioning blame, a quick discussion of the different risks, and how they could be averted, would be useful.
Even though Emily's and Will's computers are both working again, it's a very bad idea just to switch them on, work with the backup, and hope for the best. They need to check out the computers, perhaps start them up in 'safe mode' and run some up-to-date anti-virus software, before going further. And of course they need to ensure that the backup copy stays as a backup - in other words they copy the backup to a new place on the computer, and work from that. This sounds obvious, but it's easy to get the backup infected, especially if everybody's a bit flustered about the virus.
Martin
This comment was last edited on Feb 12, 2010
There is a lot of emphasis in the story on lower-level staff and their actions, but I think that senior management cannot escape blame. Even the smallest of offices (including one person set ups) are increasingly totally dependent on IT. Something going wrong has costs in terms of finance, reputation etc. I suspect that the CEO and her senior colleagues have neglected IT in all sorts of ways, not least risk management. As the various links show, there is plenty of good advice out there. I don't think senior managers can any more get away with just abdicating their responsibilities for mission-critical (even if unexciting) areas such as IT security.
This comment was last edited on Feb 12, 2010
I agree strongly with JohnDon that senior managers need to take responsibility. There have been plenty of non-IT non-voluntary sector disasters where this has been an issue: the disaster may have been down to individual carelessness but there are also questions as to how a climate could arise where such carelessness was acceptable. The Zeebrugge ferry disaster in the 1980s and the collapse of Barings bank in the 1990s are two high-profile disasters where this applied.
This comment was last edited on Feb 12, 2010
Brought to you by:
