A couple ways
a pc policy that bites if violated. That takes upper management involvement. Have upper management sign a memo – distribute it – place it on a shared drive and re-educate the users on pc policy. Eliminate excuses.
We have strict rules about bringing in thumb drives/laptops. We also monitor contractors/vendors. If a vendor needs to access the network via our systems – someone signs off – name of the person – reason – date – time.
You need for your users to buy in. And that is hard. Kind a stick and a carrot approach.
We actually have static IP addresses, since we have less than 100 employees – it works for us. If you don’t have a predefined IP address, you aren’t connecting. I have most of ours memorized so if I were to see an odd tcp-ip address – I begin looking.
There is software that will look at the mac address of a piece of equipment determining if it can connect to the system. We have used that to some extent.
Also our users are blocked from seeing the tcpip setup on their pc’s. So entering a the current tcpip address on a new piece of equipment is harder. Not every user needs to be an administrator on their pc/laptop.
We also have wireless available-the wireless is password protected. That password changes often.
When a vendor requests access – we validate the virus software is up to date.
Also if you have RJ45 wall outlets – disconnect the cabling that connects in the computer room.
If you can make security everyone’s business – that will help. Software/hardware will help.
One other issue, is you don’t know what information the user might have ‘stolen’ or put the company at risk. What if that user now has payroll or sensitive data on his laptop – and it’s stolen or his/her kid places it on the web.
If I can help with forms or policies – let me know. I can provide blanks and you can modify at your will. Good Luck.