Sometimes as an IT service technician the users are actively working against you. It isn't out of malice, they simply don't understand system security on the level that you do. There are a few major habits that they might develop that will cause you a headache for a long time to come -- if you don't discuss it with them first:
1. Writing Down Passwords
When given a complicated password, the first impulse is just to write it down. Unfortunately, that means anyone who accesses their desk will know how to get into the computer system. Encourage users to set memorable passwords that they won't need to log.
2. Sharing Their Accounts
It's often the case that a user will tell someone to log in as them so that they can access some data -- especially if the other employee should have access to that data anyway. Sharing accounts is terrible security hygiene because it means that you can no longer log which employee accessed which file.
3. Leaving Themselves Logged In
Computers should always be set to automatically log the user out after a certain interval -- anywhere from five to fifteen minutes is safe. Otherwise when the person is away from their desk, the entire system is vulnerable.
4. Connecting On Other Computers
A user may not see anything wrong with connecting to their email account on other computers, such as those of family, friends or even libraries. But connecting to an email account gives access to all the data in that email account, which could include other login information and protected data.
5. Sending Sensitive Data via Unencrypted Email
Passwords, personally identifiable information and other sensitive, protected data should always be encrypted before sending. As an IT service technician, you can make encrypting email fairly easy, but you still need to encourage the users to actually encrypt rather than send their emails in plain text.
6. Using Their Smartphone
If you don't have mobile device management systems in place, your users should not be using their non-business devices to connect to any of the company systems. Otherwise, if the device is lost, the person who finds the device could access your company's data.
Sometimes there's really nothing you can do except make sure that your technology is secured and hope that your users have internalized their IT training. Regular IT training is essential for curbing the above behaviors and creating a more secured network overall. Contact a company like Logical Developments IT strategy services to learn more.