4 IT Resolutions for the New Year

After you recover from your holiday hangover and become used to writing 2006 on your checks, it's time to think ahead to the coming year. Although most organizations operate on fiscal, rather than calendar, time, making bold changes at the beginning of a new year can have a powerful psychological effect. At this time, when formulating personal resolutions for 2006 is on the top of most people's minds, take the opportunity to create resolutions with your IT staff to make improvements or eliminate bad habits. Here are four resolutions that you can use to improve your IT organization in 2006.

Resolved: To Get to Know Users
Although users often seem like the enemy, the bottom line is that if there were no users, we'd all still be playing video games or running bulletin board systems (BBSs). How well do you know your user community? How well do they know you? Building a stronger rapport with users will help you work closer together to solve problems, be more proactive in solving problems before they become emergencies, and defuse tensions during service disruptions. Pledge to get to know your user community better in 2006. Three effective activities to help you get to know your users include:

Holding focus groups. Work with managers throughout your organization to attend department team meetings and talk with users about how IT could better serve their business needs. Focus on opportunities rather than problems. Users are frequently unaware that the technology to accomplish tedious business tasks is readily available in the software that is installed on their computer.

Creating a newsletter. Do you really know which IT issues are of primary importance to your users? What do your users like and dislike most about your organization's IT services? How do you inform users of new IT initiatives or helpful tips? To help address all these needs, start a monthly newsletter (either in print or online) that has some interactive elements such as surveys and " Letters to the Administrator," publishes key IT metrics, and discusses top support concerns (e.g., how to avoid problems, helpful tips).

Walking around the office. Although doing so is disarmingly simple, regularly walking around the offices where users work and having casual conversations with key people (i.e., receptionists and administrative assistants) can help call your attention to emerging concerns before they become real problems. This practice could involve anything from changing a failing toner cartridge before the printer is out of commission to teaching a user to how to use mail merge in his or her word processing program in advance of an important deadline.

Resolved: To Do Something for the Community
Create goodwill in your local community by having your IT department start a community-oriented program. In addition to contributing to the welfare of your community and helping make it a better place to live, IT community programs can enhance the reputation and trustworthiness of your organization. Here are three examples of programs that you can start with a minimal financial outlay.

Hold a security open house event. Invite members of the local community to bring their computers into your company (or a local venue) to have their antivirus, antispyware, host firewall, and security update software configured correctly. Consider partnering with a local community college and other local businesses to have knowledgeable tech support people on hand to configure computers and answer questions.

Run free mini-classes on technology. Start a program to teach a specific end user?oriented technology one night each month. For example, one month offer a 90-minute lecture on parental controls, and the next month give a 90-minute lesson on buying and using digital cameras.

Provide technology assistance to local nonprofits. Release your IT employees for 2 hours a week specifically to donate technology assistance and support to local nonprofit groups and schools.

Resolved: To Test the Disaster Recovery Plan
The impact of Hurricane Katrina on the Gulf Coast opened everyone's eyes to the impact of ill-prepared and poorly executed disaster recovery. How would your organization fare if a similar natural disaster occurred in your area? How would it fare if a small-scale IT disaster took place? One thing that can be all but guaranteed is that mistakes will occur if participants and leaders aren't prepared. In 2006, pledge to reaffirm your organization's disaster recovery and/or business continuity plan by

• Ensuring that all employees understand how the organization will communicate with them and how they can communicate with the organization in the event of a natural disaster.
• Verifying that IT services and systems can be restored even if the central IT facilities are destroyed. Run a live test to restore crucial IT services in a location separate from your data center.
• Examining your facilities and processes for potential vulnerabilities in the wake of a disaster. The worst case is almost always worse than anyone ever predicts and, after-the-fact, communication lines are often damaged or destroyed, creating difficulty in developing and executing a recovery and continuity solution.

Resolved: To Run Better Meetings
Do you groan when you receive meeting requests? Does your staff groan when they get meeting requests from you? Although meetings are necessary, they are also expensive—try adding up the salaries of the people in the room and multiply by the length of the meeting once in a while. In addition, meetings can be morale killers. In 2006, pledge to run better meetings by

• Creating agendas in advance. Institute a simple procedural rule whereby agenda items are submitted in advance, and allot each agenda item a time slot. In the meeting, stick to the agenda and use the time-slot guidelines to move the discussion along. Don't accept ad hoc agenda items.
• Ensuring that everyone invited to the meeting has a purpose. Don't invite people to a meeting unless they will have direct participation or will be assigned action items. If you are inviting someone as a courtesy, inform that person in advance that this is the case.
• Never ending a meeting solely because you've reached the end of its allotted time. All meetings should have goals; you can end the meeting when you meet those goals. If you don't meet a meeting's goals by the time you reach the meeting's scheduled end, assign action items and reconvene another time.

Whether you adopt one or more of these resolutions or some of the ideas within them, don't miss the opportunity to take advantage of making a big bet or renewing an old one for 2006. After all, you might not get another good opportunity to do so—at least until January 2007, that is.

Ben Smith (bensmi@microsoft.com) is a security strategist at Microsoft, where he researches methods to help organizations achieve better security though improved management and measurement techniques. He is coauthor of Assessing Network Security(Microsoft Press).