Category Archives: Standards

Generic Staff Orientation: Security

Information Security

securityConsider the confidential information you have access to, whether you actually access it or not. If your machine, or account, is accessed, all that information is wide open to any person of evil, or even prank, intent. Not a good thing! To an evil hacker, access to any point in the network opens up a much easier route to hacking the rest of the network. Don’t be the weakest link! Your account can be the key to an infiltration of the most secretive parts of the network. Let’s not be in the news like Target was in December 2013, or banks and other institutions over the last few years. In many of these cases, a weak password of a “non-financial” person was the key to the breech.

Good passwords meet these requirements:

  1. Easy for you to remember. So easy that it never needs to be written down, not even the first time
  2. Impossible for anyone else to guess
  3. Not subject to automated attacks
  4. Never written down or shared. Your password is your password. You are 100% responsible for it’s use (both good and bad)
  5. Not reused. Unique passwords for each site

See “passwords” in the Knowledgebase for more information, but here’s a really simple key: a  l-o-n-g  password is always better than something short, even if if the short password is very complex.

Walking away from your machine: Lock (Windows + L). A passworded screen-saver is also a good idea for when you forget (10-15 minutes is a long time for someone with evil intent. Some organizations choose times as short a 2-3 minutes)

At the end of the day, be sure to close programs and log out. (not just lock)

Generic Staff Orientation

OrientationDo you do a “technical” orientation for new staff? What do you cover? Here are some thoughts toward a generic orientation you could adapt to your particular needs. Consider this as just a “top ten” list. What would you add or change?

Staff Information Technology Orientation

[Generic]

A few key things to help make better use of the resources available

Welcome to the world of Information Technology in ministry.  If you are new, or just wanting to review technology basics, this document is a good starting point.

If you are reading this document on-line, rather than printed (why waste the paper?), remember you can search it using Ctrl+F (Command+F on a Mac). For many topics there will be corresponding items in the Staff Knowledgebase.

In a Nutshell

  1. Security matters
  2. Corporate data should be available to others
  3. Save early, save often
  4. Do you know where your documents are?
  5. Log out at the end of each day
  6. Problem reports, help requests, helping yourself
  7. On-site and off-site resources and access
  8. Good stewardship
  9. Standards of operation
  10. Bias for Chrome or Firefox; not Internet Explorer

Suggested Standard for Computer Naming

Names200Churches and small businesses have a lot of ways for naming computers. Johns-PC and SallyMBP are pretty common. Then there are conventions that tie to the Mac address, or the serial number, or the service tag. Each may have it’s place. Let me throw out a suggestion that is clear for users and productive for accounting and IT.

Example: FTC10016dm

FTC: Organization abbreviation. Almost every organization has a shorthand or abbreviated name. By starting with this letter sequence, it’s very easy when browsing the network to see “foreign” machines that are connected.

10: year purchased. Know at a glance approximately how old a machine is. Helps with budgeting, standards, and more. This little tidbit of data in the computer’s name will save you hours of looking up inventory records.

016: serial within that year. The first machine you buy in a year will be 001. next 002, etc. Regardless of machine type, just assign the next sequential number. Many (most) small organizations can get by with just 2 digits. Why not think big anyway?

d: desktop, notebook, Mac, Server, etc. Quickly identify the basic category of machine. If you have iPads and iPods and iPhones and more, you may need to be a bit creative. Or, nothing says you have to devote just a single character. Short is good, too short, maybe not so much.

m: If you have multiple campuses, append a designator that identifies the primary location.

Notice that if a computer changes owners, the name doesn’t change. If a computer changes campuses, only the last components changes. For inventory purposes, the list of assets remains in the same order.

Bonus idea: Put the user’s name in the comment or Computer Description for the computer. When browsing the network with a detailed view, you quickly see who the user is.

 

Setting a Standard

The wonderful thing about standards is that there are so many of them [to choose from].
— Variously attributed to Grace Hopper, Andrew Tanenbaum, Patricia Seybold, and Ken Olsen

Standards

Standards

Does the multitude of competing standards keep you from choosing a set of your own? Consistency has such value in so many ways. There may always be exceptions, but defining a standard is a fundamental for simplifying life, especially in the world of IT and Support.