Computer Competency Test For Non-IT Hires?

← Back to Stories (view on slashdot.org)

Computer Competency Test For Non-IT Hires?

Posted by kdawson on Tuesday April 27, 2010 @01:52PM from the first-prove-you're-a-human dept.

wto605 writes "As computers are used for more and more vital business functions, small businesses must have office employees who understand the dangers of, and how to recognize and avoid, malware, spam, and phishing. After having been stung by monthly virus cleanups (at $75 an hour) due to an otherwise competent office manager, my parents have realized they need to be aware of their employees' computer skills beyond the ability to type a letter in Microsoft Word (currently the closest thing they have to a test of computer competence). The problem is, as a small business, they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills, such as an online test, a set of questions, etc. I have already pointed them to Sonicwall's Spam and Phishing test, but it definitely does not cover all of the issues facing computer users."

63 of 369 comments (clear)

Anybody can have a bad day by topham · 2010-04-27 13:55 · Score: 5, Insightful

Anybody can have a bad day.
Just because someone is competent with a computer doesn't mean they can't be the vector for an infection. If you start with that premise you'll realize how completely futile it is. What you need instead is a tutorial program to reduce risks. Things they should and shouldn't do, etc.
And proper anti-virus processes and procedures.
1. Re:Anybody can have a bad day by MBCook · 2010-04-27 14:03 · Score: 4, Interesting
  
  Right, but computers can be dangerous tools. You are expected to prove some basic competency before you are licensed to drive. Same thing with operating heavy machinery.
  If you don't know what you're doing, you can cause a lot of harm. If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble. You're right that anyone could accidentally do that, but you should make sure they know that in the first place.
  I don't see any problem with some basic competency stuff. A little anti-phishing, some basic tasks in an email client, etc. If a job requires knowledge of how to use a computer, the applicants should know how to use a computer.
  If they don't? You could not hire them, or you could train them.
  Seems pretty reasonable to me. If you hire them and it turns out they don't know what they are doing, you can lose money directly (like the above), or indirectly (as they spend a day or two to do a simple task before you find out they didn't know what they were doing).
  I know that there are some things that I would like on the test. It drives me nuts how many people don't know how to send screenshots around. When you get a piece of text on a web page you want me to know about, just send me the text. I don't want a screenshot of the text. I really don't want a word document with a screenshot of the text. I don't want it internally, and I don't want clients/partners seeing that. I'd rather spend the 5 minutes to teach them how to do it correctly.
  
  --
  Comment forecast: Bits of genius surrounded by a sea of mediocrity.
2. Re:Anybody can have a bad day by WrongSizeGlass · 2010-04-27 14:09 · Score: 4, Funny
  
  Please answer all of these questions with a 'Yes' or 'No':
  Are you familiar with Windows? (Yes / No)
  Is Linux a computer operating system, a breed of penguins or some guy from Europe? (Yes / No)
  When was the last time you rebooted your computer? (Yes / No)
  Have you ever had a password you wouldn't share? (Yes / No)
  Do you know enough about computer security not to watch porn at work unless it's at lunch or a boring meeting? (Yes / No)
  What is the name of your first pet, the town you grew up in or your elementary school? (Yes / No)
  Do you post on Slashdot? (Yes / No)
  
  Your hired!
3. Re:Anybody can have a bad day by Anonymous Coward · 2010-04-27 14:15 · Score: 3, Informative
  
  Basic training and locking down the PCs is the way to go.
  Don't let the users run as administrators, and most of the infection problems will go away. From there, teach them how to deal with spam email and how to recognize fake antivirus and other phishing scams.
  Once the users are kept from shooting themselves in the foot (restricted rights), and are taught why they shouldn't point the gun at their foot in the first place, things should improve dramatically.
4. Re:Anybody can have a bad day by Anonymous Coward · 2010-04-27 14:37 · Score: 2, Insightful
  
  I've never had any of my computers, running Mac/Windows infected by anything that I know of, I don't use any sort of protection either. However, I know many people with more protection than me who get viruses because they don't know what they're doing.
  Sure I could get a virus. However, my friend who torrented an antivirus package to get rid of a virus he got from another torrent is still much more of a security risk than I'll ever be.
5. Re:Anybody can have a bad day by countertrolling · 2010-04-27 14:41 · Score: 2, Interesting
  
  If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble.
  Not even nearly as harmful as a crane falling on your head, or some old fart running you down because he hit the gas instead of the brakes. It's not that users aren't ready for computers, it's that computers aren't ready for the users. Cars weren't either until at least the 30s or 40s
  
  --
  For justice, we must go to Don Corleone
6. Re:Anybody can have a bad day by ls671 · 2010-04-27 15:14 · Score: 5, Interesting
  
  When working for big corporations, I often have to pass a "computer security and privacy awareness test". It is usually implemented through a web interface with simple radio button forms (multiple choices) and I have to pass it before I can get any access to their systems.
  Trust me, you really do not have to be a techie to pass it but you must know basic principles about internet security and privacy issues, confidentiality and security levels etc.
  The solution seems simple enough; just get a template for one of these tests that pretty much look alike in any big corporation. Such standard tests but be available through the internet.
  Have the candidates pass the test. Also, state strict sanctions for mistakes with regards to not following those basic guidelines and make them clear right from the start, preferably as part of the test. Candidates get the idea that you do not fool around with these topics.
  
  --
  Everything I write is lies, read between the lines.
7. Re:Anybody can have a bad day by endus · 2010-04-27 15:28 · Score: 2, Informative
  
  Excellent point.
  
  I think you can probably make a case for users needing to be competent to avoid phishing attacks...because the impact can be so damaging and there is no real way to prevent them...but in all other aspects maintaining a good security posture really is more the responsibility of the IT staff. In the end, something is going to test your defenses. Most of the viruses we see at my very large enterprise spread via the network. You get one user who makes a wrong click and BAM every single one of your small office's unpatched computers are infected. You're never going to get staff that is incapable of making those types of mistakes...even IT staff make them from time to time.
  
  I don't disagree that users should be encouraged to be more computer literate and security aware...regardless of your budget and your staffing there are aspects of security which will come down to user decisions and there is nothing you can do about it. I have been an advocate for training and modifying the culture of my organization to try and instill at least SOME basic level of security awareness. Nurses who don't want to have a password on their computer because its too hard to remember...well...too bad. Start remembering a password or start touching up your resume is what I say. It's just part of the commitment a business needs to make when embracing IT as a part of it's business. However with things like viruses, spam, malware...it's always going to get through no matter what you do. The question is whether your infrastructure is ready for it.
8. Re:Anybody can have a bad day by tomhudson · 2010-04-27 15:31 · Score: 5, Funny
  
  Rule # 1 - the source of the problem is ALWAYS sitting between some keyboard and chair somewhere. Find that person!!!
9. Re:Anybody can have a bad day by topperharley122 · 2010-04-27 18:09 · Score: 2, Funny
  
  Do you realize that almost half of the questions on this Yes/No questionnaire are not Yes/No questions? (Yes/No)
10. Re:Anybody can have a bad day by mpe · 2010-04-27 18:23 · Score: 2, Insightful
  
  Don't let the users run as administrators, and most of the infection problems will go away.
  
  In many cases this is an issue more relevent to clueless developers together with clueless vendor support...
11. Re:Anybody can have a bad day by Yvanhoe · 2010-04-27 20:07 · Score: 2, Insightful
  
  Anyone can be fired for a bad day.
  
  There is a big difference between making one single mistake and having a risky attitude. This is especially true for people who are at a hierarchical higher level than the IT people in charge of the security.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
12. Re:Anybody can have a bad day by Anonymous Coward · 2010-04-27 20:21 · Score: 2, Interesting
  
  Your post:
  
  Just because someone is competent with a computer doesn't mean they can't be the vector for an infection.
  
  From the summary:
  
  they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills
  That does NOT deserve a +5 Insightful rating, mods. I don't actually see how that post could have been any less Insightful.
  I would recommend they try this:
  On the application, or perhaps on a short written "test" during an interview, ask them some questions like "do you use a gmail, yahoo, aol, etc. email account? If so, please provide user ID and login information here:____" Do the same for social networking sites like facebook, news aggregate sites like Slashdot, etc.
  Any applicant who gives you ANY login or password information, toss their application in the shredder and ask them to leave.
  Any applicant who turns in the paper with blank or smartass comments, call back for a 2nd interview.
  Any applicant who actually tells you, on the spot, that it's none of your business & you can fuck right off, you should offer them the job on the spot.
13. Re:Anybody can have a bad day by 0ld_d0g · 2010-04-27 21:18 · Score: 2, Funny
  
  Dude.. my mom makes her presentations in excel !
14. Re:Anybody can have a bad day by Anonymous Coward · 2010-04-27 21:54 · Score: 2, Interesting
  
  Sorry, it reduces your exposure, ever so slightly, but isn't enough. (I've done security for large and small companies, intrusion detection, malware, worms, etc. Research, decompiling the little buggers, etc.) I worked for one security company (a major one) in which *they* managed to catch a worm that reamed a chunk of engineering (by the nature of their development, the engineers could not run all the anti-bad stuff software on their many of their dev systems.) The worm got in when a marketing guy connected through a VPN to update his security software. Turns out IT didn't have the DMZ for that as tight as they thought. At another site, with more security software than most companies have, a worm managed to ream out the CEOs machine. He turned it on earlier than the AV company released its sigs. It got on to his machine from the chairman of the board (who's machines we didn't control). However, properly preparing the whole network in advance kept the worm on his machine and allowed IT to flash the system all the way down to the firmwares and BIOS, bringing him back up in 20 minutes to where he was immediately before the worm hit him. We later took the worm apart and see how it worked. It was interesting; clever but not brilliantly so.
  There is simply no substitute for a well setup environment. It's a matter of preparing to mitigatie the damage that *will* happen.
  All the IDS, Firewalls, user training, AV and anything else will not prevent you from catching something bad. Just setup everything to deal with it.
  I'm really surprised no one has offered insurance for this stuff. Just like in real life, you *will* catch something and it *will* make your systems "sick". And you *will* have to pay someone to fix them.
  Maybe the insurance could cost less if you engage in preventative healthcare from a reputable professional. Of course, they'd have to carry malpractice insurance, like doctors. The company would off-load some of their risk to the insurance company who would off-load some of their risk to trained professionals.
  Anyway, a company should never be using a tool that can easily, through normal usage, cause that much damage. Those are poorly implemented tools.
15. Re:Anybody can have a bad day by jp10558 · 2010-04-28 00:38 · Score: 2, Informative
  
  Don't let the users run as administrators, and most of the infection problems will go away
  I wish. This used to be the case, but most of the FakeAV stuff can run and infect fine in a user context. Sure, you can blow the user account away and you're clean, but still, doing that several times a week because yet another infected ad on CNN or whatever hosed their profile, even through Firefox, even with ad-blocking at the squid proxy, is a PITA.
  Sure, non-admin means less re-images, but it isn't stopping many of the dangerous attack vectors (zeus etc).
  
  --
  Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
16. Re:Anybody can have a bad day by BVis · 2010-04-28 01:44 · Score: 2, Insightful
  
  Then they should LEARN what BCC and CC are, or they can get a new fucking job. This is not rocket science. It takes approximately ten seconds to thoroughly learn the difference. Asking this of someone with an eighth grade education is not unreasonable.
  
  --
  Never underestimate the power of stupid people in large groups.
17. Re:Anybody can have a bad day by crashumbc · 2010-04-28 02:58 · Score: 2, Informative
  
  Although I'll get slammed for posting on lindot
  MOST small businesses use software that runs on windows...
  Quickbooks
  POS software
  most off the shelf inventory systems...
  finding someone to convert,maintain,train them in use of Linux alternatives is not cost effective...
racist by Anonymous Coward · 2010-04-27 13:56 · Score: 2, Funny

competency tests are all racist. they only seek to restrict minorities. you cannot legally require these - the courts have ruled. live with it, right wing tea bagger.
1. Re:racist by Rigrig · 2010-04-27 22:58 · Score: 3, Funny
  
  Are you saying incompetent people are no longer the majority?
  
  --
  **TODO** [X] Steal someone elses sig.
Simpler solution... by demonlapin · 2010-04-27 14:00 · Score: 2, Interesting

Why offer general internet access from office PCs anyway? Lock them down tight. If you want to be nice, have an unlocked PC or two with a completely separate Internet connection that can be used during break times for any minor personal details - checking personal email, reserving plane tickets, etc.
1. Re:Simpler solution... by biryokumaru · 2010-04-27 14:07 · Score: 2, Interesting
  
  Taking that a step further, they could sandbox all internet apps into a VM, and just wipe that if it gets virus-y.
  
  --
  When you're afraid to download music illegally in your own home, then the terrorists have won!
2. Re:Simpler solution... by Darkness404 · 2010-04-27 14:09 · Score: 4, Insightful
  
  Because people are generally more productive when they don't have things on their mind? I know for sure that if I have my personal e-mail/social networking sites/phone out I don't have to worry about missing important events, etc. and generally I'm more productive. I don't check it every 5 minutes or anything but it does help to allow me to focus without thinking about what I could be missing. Without the ability to check personal things, generally my mind tends to wander to them and I lose focus on work. I guess I'm just a tasklist type of person, I want to be -done- with everything, to be up-to-date on my e-mails, etc. Some people aren't. Some people would spend all day on Facebook and get nothing done, some people's minds just don't wander to other tasks, but in general mine does. If my work decided to block all the outside internet, I have little doubt my productivity would suffer because my mind would constantly be elsewhere.
  
  --
  Taxation is legalized theft, no more, no less.
3. Re:Simpler solution... by redmid17 · 2010-04-27 14:09 · Score: 2
  
  Well beyond the fact you need to tighten the comps down, there are very legitimate reasons to have web access at work. In fact a new Australian study thinks it actually raises productivity.
  http://uninews.unimelb.edu.au/news/5750/
4. Re:Simpler solution... by Anonymous Coward · 2010-04-27 14:17 · Score: 5, Insightful
  
  Oh sure, while you sit in the back playing games and watch Hulu all day... Screw you. I worked in an office where the computers were "locked down tight" for a few months.
  "How many ounces are in a liter?"
  "Just a sec while I Google it. Oh wait, I can't. Give me fifteen minutes to walk over to the factory and physically find a 1L bottle so that I can look at the fucking label."
  If I wanted to protect all of the fleet vehicles from damage all I had to do was throw away the keys. But that would be about as stupid and lazy as your locking down the internet connection. It's 2010, do your job, do it well and stop acting like the non IT employees are a bunch of chimps.
5. Re:Simpler solution... by aoteoroa · 2010-04-27 14:20 · Score: 2, Insightful
  
  In an age where many suppliers use web applications that our employees need to place orders, research part specifications and more blocking the web isn't very feasible, and white lists are way too much work compared to occasionally re-imaging a drive. However ever since we put in IPCop to track web usage the number of viruses and other malware decreased significantly. But it could be just a coincidence.
6. Re:Simpler solution... by demonlapin · 2010-04-27 14:27 · Score: 4, Interesting
  
  I work at a hospital. The computers that are on the network on which sensitive data is passed have whitelist Internet access to a tiny handful of sites. There is also a public wifi network that is basically open to anything but porn/warez sites which anyone can attach to. You're welcome to connect your smartphone or laptop to it.
  
  It's not about controlling the employees, which I agree is counterproductive. It's about protecting the corporate information. 90% of my Internet usage at work is personal and has no business being done on computers that might contain patient information. That doesn't mean I spend all day surfing rather than working; it just means I need to separate the two.
7. Re:Simpler solution... by DigitAl56K · 2010-04-27 14:28 · Score: 3, Insightful
  
  You'd make the kind of admin I despise.
  Maybe because people like to listen to streaming music while they work. Maybe because people like to do research online while they work. Maybe IM is a useful form of communication. Maybe you want to research your clients or competition or do SEO or some graphics tutorials or download an editor for something yada yada yada. Don't hire total noobs, do your job of installing the latest updates, run some anti-virus (insert McAfee joke here), and have an understood IT policy - understood meaning people understand your concerns, not just "the rules". You can never have perfect security, but you can have reasonable security without being an ass about it. You can also have a backup plan, like backing up documents on a schedule to a safe(r) system and having a disc image to recover a system from reasonably quickly.
  Yours is an office I wouldn't work in, and maybe there is something to say for self-selection of the people that would.
8. Re:Simpler solution... by demonlapin · 2010-04-27 14:50 · Score: 2, Informative
  
  Sorry. I should have been clearer. This is obviously a really small business (a $75/hr consultant makes a difference to them) that faces a difficult situation because of one otherwise exemplary employee. Set up a network with all the sensitive data on it that is locked down tighter than a nunnery and a network that's not so tightly managed that allows internet access. Problem solved.
  
  I work in a large hospital. If you log in as a generic user - typical for most stations, because anybody can wake it up from the screensaver - you get no Internet access. If you log in as yourself, making tracking (and disciplinary action) possible, you can go to any non-porn/warez/etc site. It's no serious imposition on people who work in one place, and it keeps the infections down.
9. Re:Simpler solution... by demonlapin · 2010-04-27 14:52 · Score: 2, Insightful
  
  Then use your phone. I use my smartphone at work for exactly those reasons - there are a lot of conversations I have that are none of my employer's business.
10. Re:Simpler solution... by KahabutDieDrake · 2010-04-27 15:21 · Score: 4, Informative
  
  It speaks volumes that your point of view is effectively, "I work better when I'm slightly less focused on my personal stuff". Has it occurred to you to try focusing on your work, when it's work time, and leave your personal issues at the door? I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time. If they can't, then you have a problem, and you should get counseling, OR you need to take a furlough from work and get your life in order.
  
  While it's great that modern systems can keep us up to date on the latest and greatest events around us, it's nothing more than a distraction most of the time, and it is almost NEVER serious business.
11. Re:Simpler solution... by thesandtiger · 2010-04-27 15:28 · Score: 4, Funny
  
  I love admins like you. I work for a university and our individual desktop machines were - until the policy was changed - "locked down tight" as you say.
  So my group spent a week harassing IT by constantly sending emails to them - and to the relevant department heads - asking them to google stuff for us, print it out, and deliver it. We had them over at least 3-4 times a day to install software we wanted to test out. We called them about every. Single. Issue. We could come up with.
  Five days of this and we were given admin privileges, the net-nanny software was removed, and the admin who came up with the "lock it down tight" policy was sent on to greener pastures because, after all, the purpose of computers in the workplace is to get work done, not to just avoid getting them infected with malware.
  
  --
  Since I can't tell them apart, I treat all ACs as the same person.
12. Re:Simpler solution... by kklein · 2010-04-27 15:52 · Score: 4, Insightful
  
  I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time.
  Grownups aren't paid for their time; they're paid for their results. I'm sorry to hear that you still work at McDonald's.
13. Re:Simpler solution... by KahabutDieDrake · 2010-04-27 16:01 · Score: 2, Insightful
  
  Professionals are paid for their time. Period. You can slice it however you want, but almost no one works piece meal. Most of those that do are VERY far down the skill ladders.
  
  It was a nice try to slander me with accusations of working for McDonalds. Last time I checked, their POS terminals don't allow the user to initiate a web browser (or any other software).
  
  Wether salary, or hourly, you are being paid for your time. Surely the result are what count (mostly), but there is usually an implicit agreement of a certain block of time, on certain days. If you can't abide the agreement, then you shouldn't make it. However, if you convinced someone to pay you salary, and then just do as you please, that's great. But it's not a career, kiddo.
14. Re:Simpler solution... by Anonymous Coward · 2010-04-27 16:08 · Score: 2, Insightful
  
  In my experience as IT support, non IT people ARE basically chimps with computers. Its like giving the keys to a Dodge Viper to a 12 year old thats played Grand Theft Auto....the results arent pretty.
15. Re:Simpler solution... by thesandtiger · 2010-04-27 17:02 · Score: 4, Insightful
  
  You can set different policies for different kinds of users. Users who are in the psychology department and who do sex research *probably* shouldn't be barred from going to websites the net-nanny software calls "sexual or adult content" while people who work in the university accounting office *probably* should. Someone who doesn't work in IT but who's job requires installing and trying out 2-3 bits of software on an average day to see if it's useful for research should *probably* not have their ability to install software on a sandbox computer restricted, while someone who works with very sensitive records in the hospital patient records office probably shouldn't be given the keys to the kingdom. Regardless of whether or not the workplace has 5 or 50,000 (as there are at my university, including students) users, there are usually going to be a fairly limited number of groups people will fall into.
  Computers in the workplace are to get work done, not to be the private fiefdom of some control-freak. I don't, actually, care if keeping my computer locked down so I am continually inconvenienced because I can't install software myself or go to websites I need to visit reduces the burden on IT. I'm an educator and a researcher at a university; the purpose of the university is to educate people and do research, not maintain good computers. My needs trump theirs, to put it bluntly, so they need to get the hell out of my way and let me work.
  I probably sound like a complete bitch, but the fact of the matter is, I don't enjoy wasting my time or my student's money sitting around with my thumb up my ass because some nitwit admin has decided that he can't be bothered to learn how to do his job well.
  
  --
  Since I can't tell them apart, I treat all ACs as the same person.
16. Re:Simpler solution... by JonJ · 2010-04-27 17:57 · Score: 2, Insightful
  
  Professionals are paid for their time. Period.
  I don't know how you work, but I get paid for the results I achieve in a certain time. They don't pay me for my time, as that's relatively worthless to them.
  
  --
  -- Linux user #369862
17. Re:Simpler solution... by Dahamma · 2010-04-27 18:14 · Score: 4, Insightful
  
  As cynically as he stated it, I'm going to have to agree with him, as least as far as most office jobs are concerned.
  While you may technically be paid to "work" for some minimum number of hours, with the increase in telecommuting, flex schedules, and honestly just the modus operandi in tech jobs these days, time is one of the worst ways to judge productivity, and is rarely a significant factor in any type of focal review.
  Results matter. If you are in sales and bring in $10M in revenue with 30 hours a week of effort, while your co-workers brings in $1M with twice that, it's pretty clear who's getting the "big bonus" this year. Your boss probably won't know or care how much of that time was spent on Facebook vs meeting with customers, as long as you meet or exceed expectations.
18. Re:Simpler solution... by tehcyder · 2010-04-27 22:06 · Score: 3, Funny
  
  In my experience as IT support, non IT people ARE basically chimps with computers. Its like giving the keys to a Dodge Viper to a 12 year old thats played Grand Theft Auto....the results arent pretty.
  
  You're just envious of the people with real jobs who aren't stuck doing IT support.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
19. Re:Simpler solution... by Junior+J.+Junior+III · 2010-04-28 01:05 · Score: 2, Insightful
  
  I tend to agree with kklien, in that I would like to be compensated for my work, not for the time I took to accomplish the work.
  I am not compensated for ideas I have in the shower, or stuff that comes to me in dreams. My company wants me to put 40 hours into a timesheet every week, sometimes more, but never less, unless I'm taking leave time. It doesn't matter to them if I can get everything they want me to do in 30 or 20 hours. If I can, they'll find more work for me to do to fill up the remaining time. It doesn't matter to them whether it has anything to do with my career field or not.
  I wear a pager and there's an expectation that I'll respond to pages potentially at any time, as though I'm a firefigher constantly on duty. I'm not compensated for all the time I wear the pager. My stance is that if they can page me at any time, intruding into my personal time, and expect me to drop whatever I'm doing and come in and do work, then they can damn well let me do some personal stuff during work hours, as long as I'm delivering consistent, high quality results. This includes casual web surfing, making personal phone calls, sending faxes from the office, and doing business with companies whose only hours of operation happen to be the same hours that I'm expected to be in the office doing work.
  
  --
  You see? You see? Your stupid minds! Stupid! Stupid!
20. Re:Simpler solution... by jp10558 · 2010-04-28 02:31 · Score: 2, Insightful
  
  Sure, I deal with users like you every day. If management would let us sign over the responsibilities that come with admining the computer over to you in addition with the increased rights, I'd be fine. I.e. if your computer gets a virus and we could say, not our problem, you clean it up as you're the "admin of record" then I'd be fine with what you want. But if I have to drop my projects, or push off a computer that needs an upgrade for someone who *wants* a managed, supported computer, then it annoys me.
  If you were responsible for the software licensing and EULA compliance for that computer, and the one to re-image if the software conflicts, and the one to figure out if installing that driver before installing Labview is why your hardware doesn't work with that PC, then fine, be admin.
  Or, heck, if your department wanted to pay someone's salary (even mine maybe) to sit around and re-image and re-install when the zbot infection gets your PC or the random software installs and uninstalls finally break Windows then that's that person's job. Or maybe pay the local consultant / geek squad / whatever to do it.
  A lot of this is of course management - they have to decide what balance of IT they want paid to re-image PCs weekly and what balance they want enabling new infrastructure, new OSs, new capabilities etc.
  
  --
  Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
Good way to encourage them to learn quickly by Jbcarpen · 2010-04-27 14:01 · Score: 4, Interesting

A lot of people can recognize such things already. They just don't want to take the time to bother with it. So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.
When I was younger, the mother of one of my friends was bad enough about it that her computer needed wiping on a weekly basis. My friend wasn't much of a computer person, but he at least knew what not to do. Unfortunately he was stuck using the same machine and so still had to deal with it. For a while I was fixing it for them for free since he was a friend, but when I started charging $20/hour for cleanup his mother changed her ways amazingly quickly.

--
GENERATION 667: The first time you see this, copy it into your sig on any forum and add 1 to the generation
1. Re:Good way to encourage them to learn quickly by Trepidity · 2010-04-27 14:10 · Score: 4, Informative
  
  It's illegal to dock employees' pay for damage to the employer's property.
  For accidental damage, employees have no liability at all: It's considered the employer's responsibility to manage its workplace in a way that minimizes accidental damage, and any that does occur is considered a cost of doing business. Viruses routinely appearing on company machines, especially if it happens to many employees' machines, is probably in that category.
  For damage done intentionally or through serious negligence, the employee may be responsible, but the employer still cannot dock their pay; they must sue the employee to recover the damages, and must prove by a preponderance of the evidence that the damage was inflicted intentionally or negligently.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
2. Re:Good way to encourage them to learn quickly by LordLimecat · 2010-04-27 14:40 · Score: 2, Interesting
  Did you check that competency quiz by sonicwall? People are expected to know the following to pass that test:
  
  What HTTPS is, what HTTP is, and which is better
  
  How any given company will format their emails-- will Yahoo address them by account number, or name? Or "member"?
  
  How the DNS heirarchy works-- that Internal Revenue Service emails will come from a .gov, and what that means
  
  What a legitimate domain name will look like (paypal.com isnt the same as paypal.com.somethingelse.net?)
  
  How to check where a link points to without clicking it
  
  May sound reasonable to a tech guy, but a lot of this isnt stuff that can easily be taught. Seems to me a lot of this is trying to ignore the fact that the existing DNS and SMTP systems are a mess and just blaming the user for being a retard.
  
  Maybe its just me, but when people hire me as an IT consultant, I generally assume its because they want ME to take care of the technical details, not blame them for not being able to pass a Net+ exam. Perhaps that paycheck youre earning is so that YOU can handle the complexities of spam and viruses? Just a thought.
3. Re:Good way to encourage them to learn quickly by demonlapin · 2010-04-27 14:59 · Score: 2
  
  only if "caused by the employee's gross negligence, or dishonest or willful act."
  Only in California. The federal law (FLSA) allows docking pay if the contract allows it and it doesn't bring the employee below minimum wage.
I don't know by the_humeister · 2010-04-27 14:03 · Score: 4, Interesting

But the place I work at gave me a computer with Ubuntu installed to use. I requested this after the McAfee incident last week. Apparently I'm the only one...
1. Re:I don't know by omglolbah · 2010-04-27 14:51 · Score: 2, Funny
  
  Global corporate policy forces me to install McAfee on every server I set up and run... even test servers for our lab.
  My manager has no say in it, her manager has no say... the head of the office in my country has no say in it... it is decided in germany by the central "IT Security" department.
  So... dont tell me what I can and cant do. If I had a choice I would dump mcafee... unfortunately I dont.
2. Re:I don't know by dtml-try+MyNick · 2010-04-27 17:42 · Score: 2, Insightful
  
  Linux is simply not realistic in a regular office environment.
  I work at a non tech company with a lot of average Jane's and Joe's.
  We are talking about people who reboot their machine if tech-support tells them to restart a certain program. We are talking about people who don't know the difference between a url and a email adress. Cut/copy and paste is witchcraft. These people are good at what they do as long as the tools they have to work with just work.
  If shit hits the fan they are lost. If after a update button X is moved to another menu or simply 100 pixels to the right hell breaks loose.
  Now imagine what would happen if their "computer" doesn't look like the "computer" they are used to seeing at home and everywhere else. Production wouldn't slow down, it would do a full emergency stop, handbrake with smoking and screaming tires...
  And this is what a lot of nerds like "us" tend to forget a lot of the time.
  There are vast amounts of people out there who don't get computers, os-es and software. It's a tool and it should work, period. They don't care how it works, even if they did they wouldn't understand it because they have no feeling for it.
  
  --
  Life starts at the end of your comfort zone.
3. Re:I don't know by dylan_- · 2010-04-28 01:18 · Score: 2, Insightful
  
  Linux is simply not realistic in a regular office environment.
  I disagree. The main problem is if they need to exchange documents with people outside the company, and that's an Office software issue, not an OS issue.
  
  I work at a non tech company with a lot of average Jane's and Joe's.
  Well, I don't now, but I used to.
  
  We are talking about people....[snip]
  Yes, agreed.
  
  If after a update button X is moved to another menu or simply 100 pixels to the right hell breaks loose.
  No, it doesn't. They call up and say they can't find button X, and you show them where it is now, and they write it down on a post-it and stick it to the monitor along with the 20 others.
  
  Now imagine what would happen if their "computer" doesn't look like the "computer" they are used to seeing at home and everywhere else.
  Their work computer never looked like the one at home (e.g. it might run a locked down version of XP Pro, while they have Windows 7 at home). They don't use a computer anywhere else.
  
  And this is what a lot of nerds like "us" tend to forget a lot of the time.
  You say this, but seem to have missed the point yourself. People in an office don't "use a computer". They follow a process that (hopefully!) results in what they want. They get a load of envelopes printed, or a group email sent. If the process changes in some way, they're lost because they don't understand what the process is, they just have some steps they need to follow.
  And they can follow these steps just as well on Linux as they can on Windows.
  
  --
  Igor Presnyakov stole my hat
Replace their PC's with Mac Mini's by ducomputergeek · 2010-04-27 14:07 · Score: 5, Interesting

Get parallels or VMware if they really need Windows from something, have them run it in a virtual machine. Yes there may be an upfront cost to switch from MS Office for Mac from the windows version, but if the VM gets infected, nuke the VM and install a fresh one.
Something we learned real quick was that higher up front costs with macs were quickly recovered since we weren't dealing with these type of problems on a regular basis.
Hell, I have programmers that are good programmers but frankly don't know the first thing about systems administration.

--
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
1. Re:Replace their PC's with Mac Mini's by v1 · 2010-04-27 14:15 · Score: 5, Interesting
  
  (while I like the Get A Mac suggestion, perhaps something more windows-zealot-friendly...)
  or get something like Deep Freeze and have it simply restore the HD to factory every 2am. And use network home folders and shares for documents.
  Then you have ONE place to run the malware/av software on, the server's shares, at 2am while all the machines on the floor are reimaging themselves for tomorrow.
  (there's no point in suggesting something that they're unlikely to try even if you can make a good case for it or in fact are offering a very competitive suggetsion)
  
  --
  I work for the Department of Redundancy Department.
2. Re:Replace their PC's with Mac Mini's by Z34107 · 2010-04-27 15:33 · Score: 2, Informative
  
  It is possible that I misunderstood what you meant by "re-image." I work for IT on campus, and we deploy it on our lab images. So, I can tell you that it doesn't reboot our computer labs at 2am, pull a 5 GB image off of fast ethernet, and restart.
  It also doesn't keep a copy of the image in a hidden partition - we have images that take up more than half the size of the victim machine's hard drive; the technology that would make that possible would be more interesting than Deep Freeze itself.
  A frozen computer works exactly as a normal computer does - you can save documents, delete Windows files, even format the disk. Except that your changes are magically gone upon rebooting, like the computer has "amnesia." Wikipedia says it works by redirecting writes to disk sectors, which makes sense. It might redirect writes to a "hidden" partition, because modifying a frozen partition offline causes weird behavior.
  
  --
  DATABASE WOW WOW
Make them maintain their own damn computer by bbernard · 2010-04-27 14:19 · Score: 4, Interesting

I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.
May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.

--
----- Connection reset by beer
1. Re:Make them maintain their own damn computer by jareds · 2010-04-27 15:38 · Score: 2, Insightful
  
  Assuming this is even legal (as you're not only requiring employees to bring their own tools, but to spend their time maintaining said tools for free), this works great until potential employees wise up and you have to pay higher base wages to compensate for the inevitable docked pay (or spare computers or parts to avoid it). Since it's obviously much cheaper on average to keep a handful of spare computers or spare parts for the whole company, for use while dealing with the manufacturer for warranty repair or replacement, etc., than to keep one spare computer for every employee, this probably saves money mostly if you dupe your employees into eating the loss.
I thought everyone knew the answer to this by Anonymous Coward · 2010-04-27 14:20 · Score: 4, Funny

Have the pre-hire install Ubuntu. No prompt, no job. Ubuntu can do anything.
You ask a good question by grahamsaa · 2010-04-27 14:26 · Score: 4, Insightful

But from what I've seen there's no good answer. Management in small businesses (and in business in general) is usually not concerned with someone's computer security skills or credentials, unless they're hiring someone for an IT position. Even then, it's not uncommon for someone without basic skills to make the cut.

As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).

Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.

I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.

But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.

But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.

The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!

--
Facts have a liberal bias.
That's all well and good... by Like2Byte · 2010-04-27 14:46 · Score: 2, Funny

but you can't fix stupid.
Step 1 by hey! · 2010-04-27 14:51 · Score: 4, Insightful

Hire *good* people.
Step 2: work on developing their skills.
You see, what you're asking is like "how do I handle all the fame and adulation after I become a rock star?" The hard part is finding good people. If you can find 'em, they're worth training because they're *trainable*.
So if you've got somebody who can do a great job and adds to the team, but doesn't know what the hell phishing is, don't worry about that. You can teach a good hire what phishing is. You can't teach a bad hire who knows what phishing is to be a good employee.

--
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Re:that quiz is rubbish by Ron+Bennett · 2010-04-27 14:57 · Score: 2, Informative

Got 10 out of 10, but doubt few people could, especially with the limited information shown.
Some of those they consider "legitimate" are very borderline in my view, especially that UPS one.
Also, the testing site makes a big deal about misspellings and formatting in some of the "phishing" emails. And yet the The Bank of Choice one, that's supposedly "legitimate", has an obvious spelling error in it too!
Ron
Phish them OFFLINE! by bronney · 2010-04-27 14:57 · Score: 2, Interesting

To test if they're too noobie for the job, design a form on paper that phishes their info. Personal info, more private that your regular form at Burger King. If they fall for it, kindly show them the door. Hire the ones that alert you of the problem.
Step back and look at the big picture. by Proudrooster · 2010-04-27 15:04 · Score: 3, Funny

Kind sir, computers are "fad". A mere inconsequential passing fancy. Computers are either used as tools of amusement (aka Windows, the formerly best $80 Solitaire game money could buy) and for destruction of the world (aka, hypertrading systems on Wall Street and cruise missile guidance systems).

Why does a small business need computers? Think about how much more efficient you could be without all of those mumbo-jumbo computers and all the click-happy workers amusing themselves while back-doors and trojans compromise your network and data (on company time of course).

Carbon paper, filing cabinets, and shredders. This is the path to an efficient small business. You may even want to question why your small business needs so many phone lines. Sorry I could not be more helpful, but just step back and ask yourself, "is all this technology really necessary?" I think you will agree, it is a fad that simply over-complicates everything.
Applicable to higher-level jobs as well by drfreak · 2010-04-27 15:12 · Score: 2, Interesting

Myself, I'm mostly a self-taught computer geek. Many of you are also or are at least aware of acquaintances or friends who get by being self-taught, I've always been a firm believer in competency tests vs. degrees.
Work experience is another consideration, as I would test the competency of either a grad or a long-running self-taught previous employee somewhere else. The applicant's general knowledge may be good and well documented, but how are they able to specialize when the need arises?
I was able to ge promoted upwards to the career I have now based on the merits of my passion to learn -on the job or not- as well as well as my ability to apply new ideas quickly. Not everyone is as lucky whether they have the skills or not. which is why I believe a lot of budding IT professionals and/or programmers would get in the door a lot easier with a competency test. On the flipside, maybe less losers would get in the door too.You never know, it could happen. :)
ECDL by taylormc · 2010-04-27 16:12 · Score: 3, Informative

The European Computer Driving License may be helpful here. See http://www.bcs.org/server.php?show=nav.5829 for a syllabus.