TechWeb

Two User Resolutions

Dec 28, 2007 (12:12 AM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=208802439


3:18 PM -- As the New Year approaches, people often make resolutions to do something new or to change a bad habit. On New Year's Eve, I'll take a stab at some resolutions to make you a better security professional, but today I want to talk about two things you can do for your end users to help them have a happier, safer computing experience:

Security awareness
I've seen numerous articles and blog posts over the years arguing that awareness doesn't work. But maybe those people are just doing it wrong. I've found if you take the time to explain security issues to an end user and to fully answer his or her questions, that user is more likely to change the behavior that's the root cause of the security issue. Of course, there are a few bad apples that you simply can't change. For them, there's almost always a technical solution to keep them from hurting your network -- find it and use it.

Publish a newsletter
This may fall into the awareness category somewhat, but it doesn't have to be awareness only. IT workers typically are considered just the "IT guy" who fixes the problems and nothing more. End users call the help desk with a problem, and rarely do they put a name to a face. So consider publishing a monthly newsletter that celebrates your successes -- how much spam was stopped, how many viruses were blocked, etc., as well as profiles IT staffers, tip, tricks, or interesting Websites that aren't necessarily work-specific.

A safer computing environment for your users doesn't necessarily require a technical solution. It can start with the end users themselves, which will have a far greater impact than you realize. Some security people (myself included) sometimes look at security as a game of us versus end users. But to truly be effective, we've got to work together. Think about that as you gear up for 2008.

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading