Recommended Practices: Basic training for IT end users

This is a multi-part series on recommended IT practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

End users receive the benefits of IT, but usually with some pain involved, which they are glad to share with the IT administrators and technicians.  Oftentimes, the pain comes from not knowing the correct way to do something or from enabling malware; these can be avoided (or at least reduced) through proper training.

Training is usually considered optional, but the increased emphasis on security and compliance, along with the potential gains from trained users that are comfortable and knowledgeable with their IT assets and systems, can provide significant return on investment.

Training can play a critical role in the satisfaction of end users and in the security of the computer network.  It can provide end users with the knowledge to safely browse the Internet, reject harmful emails, and avoid trouble.  It is also important to define appropriate-use policies and demonstrate how to enter timely data into information systems.

Training topics

Generally, IT-oriented training occurs in these areas:

  • End-user equipment
  • Network resources
  • Applications
  • Policy
  • Security

End-user equipment

End-users have a myriad of devices, ranging from desktop PCs to terminals, tablets and other mobile devices; some have specialized items like hand-held scanners or terminals tied to a specific application.

The fundamentals are important:

  • Simple maintenance (cooling, ventilation, etc.)
  • How to operate the user interface (touch display, special keyboard, etc.)
  • Basic usage at the operating-system (Windows, Android, iOS) level

Ergonomics should also be considered; ensure that the equipment is optimized to the user’s body in the placement of displays, keyboards, mouse, etc. and that ergonomically correct accessories (gel-based wrist pads, comfortable seating, etc.) are provided and aligned properly.  (See Ergonomics Made Simple from the May 2014 edition of Bryley Tips and Information.)

Network resources

Resources available to end-users should be identified and demonstrated:

  • Printer features (b&w/color options, duplexing, etc.), location, and use
  • Multi-Function Printer (MFP) functions (faxing, copying, scanning) and use
  • Server names, basic purpose, shared folders, and access privileges
  • Conference-room display and wireless keyboard/mouse
  • Login credentials to Wireless Access Points (WAPs)

Labeling these resources makes them easier for end-users to identify.

Applications

Software applications fit a variety of functions, including:

  • Productivity suites:
    • Microsoft Office
    • Google Apps
  • Organization-wide:
    • Customer Relationship Management ((CRM)
    • Professional Services Administration (PSA)
    • Enterprise Resource Planning (ERP)
  • Utilities:
    • PDF readers and writers
    • Password managers
    • File compression
    • Storage
    • Backup
  • Prevention:
    • Email protection
    • End-point security
    • Web filtering

(Software applications are discussed in the September 2013 through January 2014 editions of Bryley Tips and Information.)

Policy

Usage policies focus on the organization’s permissiveness (and lack thereof); they are designed to specify proper use and discourage improper behavior.

Most organizations have at least these IT-related policies:

  • Authorized use of computer network and its resources
  • Internet, email, and social media use and etiquette
  • Information Security Policy

Security

Security relies heavily on policies, training, and protective applications; the human element is the largest security risk in any organization.  Policies and training should encourage end-user behavior that minimizes security risks; protective applications help to enforce policies and to detect and remove problems when they occur.

Security training should include, at a minimum:

  • Anti-virus/anti-malware protection
  • Preventing phishing attacks
  • Password guidance
  • Safe web browsing

Many organizations will provide continuous training and reminders; some setup internal honeypots designed to lure end users into inappropriate behavior so that this behavior can be addressed and corrected.

Training process and related factors

The training process:

  • Set training goals
  • Assess end-user needs
  • Tailor the delivery methods
  • Create the training program
  • Scale the program to the audience

Trainers should factor in these items:

  • Budget training at the beginning of the project
  • Consider the needs and learning styles of the end-users
  • Marry the business context of the need to the IT training

References