It is perhaps the headache of any IT head when it comes to implement policies to have a smooth running network and department. But while the essence of a good security system is evident, it is really the implementation part that is hard to accomplish.
For one, the transition and building of security awareness from various threats that can easily make their way towards an acclaimed secure network is abundant. Manually or transmitted, suspicious files will always find a way especially if you are not that adamant towards making sure that all bases are covered as far as the security of your system and data is concerned.
Many people fail to appreciate that value of the data they have gathered. They fail to appreciate the value of a strict IT policy mainly because all they care about is a workstation to use and opening files (both internal and external) as they please. So if you put all these things together, you can imagine the problems that an IT guy has to work with. But to some, taking the initiative such as passwords and some hardware exclusions has to be made.
If you notice, some drives like the usual floppy drives or even USB ports are either missing or disabled. To make them work, certain permissions and passwords are set for them to be enabled. Only the IT administrator would know these security measures and basic as they may seem, they really help a lot.
This is just a basic but effective way that IT personnel use. There are the usual network policies but for the sake of people who want to making it doubly sure, old and basic practices such as this is perhaps the best way to go.