IT professionals this week considered the organisational weaknesses that brought chaos to the UK's IT systems.
Roger Marshall, IT director of the Corporation of London, said, "You can have technical solutions in place but the real lesson for those who were badly hit is the need to tighten up staff e-mail policies and security practices."
John Perkins, chief executive of the National Computing Centre, agreed. "E-mail and security policies are essential, but they are only useful if applied properly.
"We've got to get through to people that if they put IT in jeopardy they put the business in jeopardy," he added.
The IT director of a major high-street retail chain said managers should resist the temptation to restrict e-mail and Internet access. "The Internet has made a tremendous difference to the way people perform their jobs," he said. "We were able to deal with the virus because a product manager e-mailed us a warning."
IT lawyers thought this was only part of the equation. Robert McCallough, IT partner at law firm Masons, said the establishment of effective e-mail protocols could reduce risk, but once they were in place, a failure to implement them could leave an organisation liable if it propagated a virus to others.
George Gardiner, senior IT associate at law firm Tarlo Lyons, questioned the complexity and vulnerability of software. "We don't need half the features that make us vulnerable," he said. Products "with gaping security holes like Microsoft has with Outlook could face liability claims," he added.