The 10 most important things to teach your users

To be effective in their jobs and contribute value to the business, users need at least a minimal grasp of information technology. Exactly what they need to know varies greatly from environment to environment. But in most organisations, they should at least be able to understand and follow certain computing best practices, including how to effectively report problems and how to safeguard their data.

Frequently, it becomes the responsibility of the support tech to impart this information. Here are the things I believe are most important for support techs to teach their users. Feel free to challenge these suggestions and add some of your own.

#1: Rebooting before calling for help
Although telling users to reboot when they experience a problem may seem like a cop out or delaying tactic, it's an uncomfortable fact that rebooting apparently fixes a multitude of both real and perceived errors. Even if a reboot does not solve the problem, the mere fact that the problem recurs after a reboot can give the canny support tech significant diagnostic information. Rebooting is not a panacea for all computer ailments, and it's even contraindicated in some cases, but appropriately and correctly applied it's a useful and simple tool with which to arm your users.

#2: Reporting a computer problem
In addition to knowing the correct procedure for reporting computer problems — e.g., emailing the help desk — users need to know what information will help expedite the resolution process. Users can easily be trained to effectively report problems if they're provided with a form that gathers the appropriate information, such as any error messages, open applications, what were they doing when the problem occurred, and whether they can reproduce the problem. Consistently asking users these questions will also serve as training and will help prevent them from either giving too little information or from offering their diagnosis of the problem instead of the symptoms.

#3: Keeping passwords safe
There is little point in having a password if it's written down in an unsecured location or shared among colleagues. I have seen passwords written on post-it notes attached to monitors, inscribed in permanent ink on the side of computer cases, written on the backs of hands, pinned to notice boards, and even displayed as the text of the Marquee screensaver. Instructing users not to write down or share passwords has little impact, however, if they don't understand why that's risky or if the password policy is unnecessarily onerous for the environment. On the other hand, an intelligently conceived password policy, suited to the current security needs and well communicated to users, will definitely cut down on the incidence of password carelessness.

#4: Constructing secure passwords
While educating users about the importance of securing passwords, take advantage of the opportunity to provide instruction in the art of secure password formation. To a certain extent, password construction is dictated by the constraints implemented through the security system, but in most cases these constraints aren't sufficient to prevent users from creating easily deciphered passwords. What constitutes a secure password will vary depending on the environment, but typically, names of family members, sequencing numbers, and obvious words and phrases should be avoided. Random numerals and a mix of cases, punctuation, and spaces is generally encouraged. Obviously, a balance between security and convenience must be found. If the requirements for complexity are too stringent, users will simply revert to writing down their passwords.

#5: Practicing safe computing while traveling
Taking a notebook, PDA, or other device on the road requires increased vigilance to prevent unauthorised access. Users need to know how to protect their data while out of the office and they need the appropriate tools to do it. For example, remote access tokens should not be carried in the same case as the computer; access codes, names, and passwords should not be written down; sensitive data should be encrypted and/or stored on removable data storage devices, also carried separately from the computer; computers should never be left unattended; and consoles should be secured when not in use. See "10 things you should do before letting users take their laptops out the door" and "End user laptop: Lock it down in 10 steps" for more best practices.

As a footnote, this might also be an opportune time to remind notebook users that they will keep us very happy if they remember to remove all solid objects, usually pens, from their keyboards before slamming down their lids.

#6: Preventing loss of data
Users need to know that backups don't happen by magic, and that if they delete a file before it has been backed up, it may not be recoverable. In most environments, individual users are at least partially accountable for regularly backing up their data, regardless of whether it resides in discrete files or within an application. Users need to know what's backed up and when and not simply assume that every file they create or modify, regardless of location, will be backed up. This is particularly true for users with notebooks, removable drives, and other mobile devices. Making users aware of backup routines may also have the usually desirable side effect of reducing the number of non-work related personal files saved to backed up locations. "10 things you can do to protect your data" will give your users a good overview of the basic concepts of data security.

#7: Observing usage policies
(No, it's not okay to hide pornography in Word docs or install Dr. Seuss Reading Games on "your" computer...