6: Preventing loss of data
Users need to know that backups don't happen by magic, and that if they delete a file before it has been backed up, it may not be recoverable. In most environments, individual users are at least partially accountable for regularly backing up their data, regardless of whether it resides in discrete files or within an application. Users need to know what's backed up and when and not simply assume that every file they create or modify, regardless of location, will be backed up. This is particularly true for users with notebooks, removable drives, and other mobile devices. Making users aware of backup routines may also have the usually desirable side effect of reducing the number of non-work related personal files saved to backed up locations.
7: Observing usage policies (No, it's not okay to hide pornography in Word docs or install Dr. Seuss Reading Games on "your" computer...
...for your five year old to play over the weekend and then remove it before returning to the office on Monday.) When it comes to personal use of corporate IT resources, most organisations have some sort of policy, more or less stringently enforced, defining what is and what is not acceptable usage. Generally speaking, such policies are put in place to protect the company from lawsuits and to protect the integrity of the IT infrastructure. To be effective, such policies must be appropriate for the environment, be clearly communicated, and be enforceable with well-defined consequences for violators.
Regardless of the strength or content of the policy, we would like our users to know that it is not acceptable to violate it, especially not in sneaky ways that insult our intelligence. In addition to knowing the policy, users need to know that we have measures in place for detecting attempts at violation. As much as we don't wish to play the role of compliance police, we are forced to do so to protect our network and our jobs. This information security policy includes sections on acceptable usage of company computer resources.
8: Exercising care in sending e-mails
How many times have you been asked to recall an e-mail accidentally sent to the wrong person or persons? Over the years I have seen the following messages misdirected: termination notices, pay raise denials, extremely personal medical information about a girlfriend sent to the user's wife, and images of a very questionable nature accidentally sent to the director of human resources. Regardless of an organisation's e-mail policy, users need to be aware of this danger and be taught to exercise appropriate caution: Think before pressing Reply To All, double-check addressees before clicking Send, refrain from using the corporate e-mail system for non-business related messages, and in general, regard e-mail messages as postcards instead of letters.
9: Protecting against viruses, phishing, malware, and other nasties
Although it is usually the responsibility of the IT professionals to protect corporate resources, this protection can never be 100 percent foolproof, so we are forced to depend on the vigilance of the user. Users need to be taught to recognise and handle threats and the consequences of not doing so. They need to be provided with specific information on how to identify phishing and how malicious e-mail can appear to be from a legitimate contact. They should be warned not to open e-mails from unknown sources, not to open unidentified attachments, not to enter their corporate e-mail address on Web sites, and not to turn off any protection on their computer. They should be understand the need to stay on top of antivirus updates. Frequent reports of new threats and statistics of how many viruses have been caught within your organisation can also help raise their security awareness.
10: Remembering that support techs work most effectively when adequately supplied with chocolate
This requires no further explanation.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2006 TechRepublic, Inc.
