In each edition of Surviving IT Disasters, we go over best practices for thwarting downtime-causing IT disasters.
By now you know the issues that user error can cause, but if you want to know the who, what, why, and when of user error, check out IT Disasters in Focus: User Error.
User error happens, but there’s a lot you can do to minimize the risk if you plan for it now. Let’s discuss how IT professionals can work towards kicking user error to the curb.
There is no stopping user error; it’s just a fact of life. You need to plan on user error happening just like you need to plan on other types of error happening. In order to deal with the things that come up, you need to be flexible. You can spend all day creating different plans for business continuity and disaster recovery, but chances are that everyday user error will cause you plenty of downtime by itself, so be on your toes and ready to address even the little issues. The best way to learn how to be flexible is to create a detailed plan, which brings us to the next bit.
Backup and Disaster Recovery
User error is fairly easy to overlook when it comes to your backup and disaster recovery plan, but it’s something to think about carefully. With a solid backup and recovery solution you can recover something someone accidentally lost, or recover an entire system if someone, say, deleted essential drivers or was infected with malware like Cryptolocker (we’ll look at malware closely in a future post).
Remember, you need more than a backup. You also need recovery options. You don’t know what will happen and for what reason so you’ve got to be able to recover in a variety of ways, whether that means you’re restoring a backup image to a local machine or spinning up a VM from the cloud. Put backup and recovery at the top of your list when you’re thinking about how to deal with user error. Have a look at our guide Making Disaster Recovery Easy for more information on how to create a detailed disaster recovery plan.
This is a big one to keep in your IT tool belt. You may not have the power to prevent user accidents, but you can work towards preventing user negligence and ignorance. If you’re frustrated that users keep downloading viruses by mistake or other silly things, it might be time to teach them what to look for and to avoid. They may not have thought a lot about cyber-security, whether it’s personal security or company security, so teach them!
There are a bunch of ways you can educate people. Everything from giving a presentation, writing an article, or creating a webinar or video will help get some knowledge across—even just sharing with them some reputable best practices you found online will help them better understand systems while also empowering them to be better users.
So the big question is: what should you teach them? You’ll probably focus primarily on cyber-security and wise Internet usage. Whether you’re an IT provider or an IT admin, some things you might cover are:
- Using web safety tactics
- Maintaining personal security
- Securing intellectual property
- Understanding file storage services (such as Dropbox)
- Using bring-your-own-device best practices
If you’re an IT admin, it might be a good time to not only review security issues, but policies that govern computer usage at your organization. You may address things like:
- What is considered acceptable usage?
- What are the bring-your-own-device policies?
- What are third-party chat applications and are they allowed?
- What are third-party cloud storage sites and are they allowed?
- What types of website are employees allowed to visit?
- What (if any) privacy rights do employees have with regard to their workstations?
- What are some examples of inappropriate usage?
The above might make for safer users, but note that you can always help employees be more productive by teaching them tricks that can save them time. Things that would help might be:
- Microsoft Office tips
- Microsoft Windows tips
- CRM tips
- Keyboard shortcuts
For a more detailed look at different education methods, have a look at this post on empowering users through education.
Lastly, some companies will test their employees in various ways to see if their using systems safely. A colleague of mine told me the story of an IT department that sends out fake phishing emails to employees. Those who find it and report it are given a pat on the back while those who click the phishing link inside the email are taken to a page that teaches them how to recognize a phishing attack— it’s a pretty clever tactic. Companies that take the time to educate employees on cyber-security may also consider testing them to see if these concepts are sticking.
Having users that are safer and more productive is something any business can get behind. So when you’re planning to thwart user error, think of what you’ll also do to enable users to be better employees.
What’s your organization doing to prevent user error?
Photo credit: Crispin Semmens via Flickr