Checklist: Get Joe User to limit his own actions

You may download a printer-friendly version.

Checklist: Get Joe User to limit his own actions

Give users a point of reference

Make this a win-win situation. Start with a lesson on how to secure their home computers, and then relate the topics to what you're doing in the enterprise. For example, Microsoft has

a free spyware tool that can be downloaded by home users. The download page also provides articles, a video and a webcast on spyware. Perhaps you can use these tools to

start explaining the issues to users, and then delve into how spyware impacts their work performance, how it affects their ability to download items from the Internet on work PCs

and what you're doing to solve these problems. This can be an effective approach.

Security often restricts choice while protecting computers and networks from attack. When users learn that spyware presents a real threat to their own private information, they usually

become less likely to complain about, or try to get around, network restrictions. The same goes for other educational programs. The more users understand about security,

including lessons like how to avoid Internet scams and how to keep kids safe on the Internet, the more knowledge they'll take with them to work.

A good source for security education is Microsoft's Security at Home. Many companies can also help you develop a security awareness program for your organization. Some, such as

Interpact's Security Awareness, may offer free posters or articles in addition to pay services.

Determine which Windows security issues users are facing and try to solve them

Is password management a problem? Are users having trouble accessing resources on the network, such as files or printers? If you know the problems and complaints users have,

you may be able to provide a solution or at least an explanation. Remember that small issues to you may be large concerns to users. When IT does not provide a solution users

will look for one on their own. This can become dangerous. Users often follow the advice of fellow workers, which could lead them to share information like passwords -- a big no-no.

Get users on your side

Enlist users in spotting security vulnerabilities. You cannot be everywhere at once, nor are you likely to notice things that an ordinary user might; they know the people around them

and may be able to spot unusual activity. Is a stranger sitting at a coworker's desk? Did the help desk person provide identification before asking to work on the user's computer?

Did a fellow employee just set up their own wireless access point? Are users able to see other payroll or benefits information when they look up their own? Is a strange e-mail

appearing in their inbox? With a little training and a staff that listens, users can be your early warning system.

Change your attitude

How many IT folks say things like "this job would be great if it wasn't for the users"? How many look down their noses at those less computer or network savvy than themselves, or

make remarks about "stupid users"? You cannot afford to make computing a contest between users and IT. Your 'us' and 'them' should be about your organization's employees

and the few destructive insiders and outsiders -- not about the educated and the ignorant. Furthermore, when users are treated with respect, they are more apt to deal with problems and possible intrusions in a manner that benefits security.

problems and possible intrusions in a manner that benefits security.

Windows Security Checklists offer you step-by-step advice for planning, setting up and hardening your Windows security infrastructure.
E-mail the editor to suggest additional checklist topics.

ABOUT THE AUTHOR:   Go back to Checklist

Roberta Bragg is author of "Hardening Windows systems" and a SearchWindowsSecurity.com resident expert. She is an MCSE, CISSP and Microsoft MVP, and a well-known information systems security consultant, columnist and speaker. Click to ask Roberta a question or purchase her book here. Also, if you have specific questions or comments about any of Roberta's checklists, click to e-mail her directly. Copyright 2004

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.