They could deal with the email issue in a number of ways, all of them causing the security, systems, and network teams hassle, but not end users.
For example, blocking all outgoing SMTP traffic except via approved internal relay servers would make tracking these millions of unexpected outgoing emails much easier. Most organisations already put these kinds of restrictions in place, it seems Oxford don't.
As far as I can see, their temporary blocking of Google Docs access did nothing but annoy users, cause them to lose face amongst users, and in the long term make users less likely to cooperate with the security team.
For example, blocking all outgoing SMTP traffic except via approved internal relay servers would make tracking these millions of unexpected outgoing emails much easier. Most organisations already put these kinds of restrictions in place, it seems Oxford don't.
As far as I can see, their temporary blocking of Google Docs access did nothing but annoy users, cause them to lose face amongst users, and in the long term make users less likely to cooperate with the security team.