Dear Bob ... I read your recent Keep the Joint Running, advising readers to make disciplinary action the last resort rather than the first when it comes to implementing standards and policies. Basically I see your point but I am not quite sure that I understand how things like forbidding home WiFi behind the firewall and managing PDA connections (my understanding is that many companies end up with a boatload of Dear Bob …I read your recent Keep the Joint Running, advising readers to make disciplinary action the last resort rather than the first when it comes to implementing standards and policies. Basically I see your point but I am not quite sure that I understand how things like forbidding home WiFi behind the firewall and managing PDA connections (my understanding is that many companies end up with a boatload of different PDAs and some of them are now picking up viruses) can be done without comply or die.Thank you for your well thought out columns. – Not the EnforcerDear Not …Home WiFi inside the firewall? I presume you’re talking about bringing home a laptop computer that’s equipped for wireless communication and for a VPN connection. What you’re really asking is, “How do we get our employees to adhere to our security policies other than through threat of death.” The answer is, start by educating them on the logic of your company’s security policies, and how violating them can lead to vulnerabilities that cause problems for everyone. No, I take that back. The starting point is making sure the company’s security policy is logical and reasonable, so it will stand up to employee scrutiny. Then educate employees as to the nature and logic of the security policy and what it means to them. Most will comply because most employees are good people who want to succeed and work to help their employer succeed.The PDA discussion is a bit different – both in terms of the kinds of risks they bring with them, and the level, which is much lower.There are really only three PDAs likely to show up, I think – Palm-based and CE-based systems, and Blackberries (although I confess, having used Palm OS 5 for awhile it’s different enough to cause some headaches for IT support staff). If IT announces its standard, employees will, for the most part, go along happily, even if the standard is that “if you want one you’ll have to buy your own; this is what we allow on our systems.” If employees do have to buy their own, you will have to figure out how to deal with employees who already own an unsupported model. But it really isn’t that hard to support both Palm and CE for basic PDA functions. Blackberries are more interesting, since once employees have them they’ll almost immediately pressure IT to install server-based support.IT can, of course, allow multiple PDA OS’s on the network while still choosing only one as a development platform, if it chooses to deploy applications with PDA clients.As for PDA-hosted viruses: I’ve also read of these, but I doubt they pose much of a threat, at least for now. Since most viruses arrive via e-mail, it’s just easier to infect a PC. And if someone does figure out how to develop PDA-based viruses that arrive by e-mail and install covertly, they’ll be much easier to get rid of, since all of the data on a PDA is slaved to master data existing somewhere on the host PC: Just perform a cold reboot, delete anything in the PDA archive folder that isn’t an application you know you want, and resync. The “threat of death” is the last resort. I agree it has to be there, but it certainly shouldn’t be the starting point of the discussion.– Bob ——– Technology Industry