Slashdot Mirror
Computer Competency Test For Non-IT Hires?
wto605 writes "As computers are used for more and more vital business functions, small businesses must have office employees who understand the dangers of, and how to recognize and avoid, malware, spam, and phishing. After having been stung by monthly virus cleanups (at $75 an hour) due to an otherwise competent office manager, my parents have realized they need to be aware of their employees' computer skills beyond the ability to type a letter in Microsoft Word (currently the closest thing they have to a test of computer competence). The problem is, as a small business, they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills, such as an online test, a set of questions, etc. I have already pointed them to Sonicwall's Spam and Phishing test, but it definitely does not cover all of the issues facing computer users."
Anybody can have a bad day.
Just because someone is competent with a computer doesn't mean they can't be the vector for an infection. If you start with that premise you'll realize how completely futile it is. What you need instead is a tutorial program to reduce risks. Things they should and shouldn't do, etc.
And proper anti-virus processes and procedures.
A lot of people can recognize such things already. They just don't want to take the time to bother with it. So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.
When I was younger, the mother of one of my friends was bad enough about it that her computer needed wiping on a weekly basis. My friend wasn't much of a computer person, but he at least knew what not to do. Unfortunately he was stuck using the same machine and so still had to deal with it. For a while I was fixing it for them for free since he was a friend, but when I started charging $20/hour for cleanup his mother changed her ways amazingly quickly.
GENERATION 667: The first time you see this, copy it into your sig on any forum and add 1 to the generation
But the place I work at gave me a computer with Ubuntu installed to use. I requested this after the McAfee incident last week. Apparently I'm the only one...
Get parallels or VMware if they really need Windows from something, have them run it in a virtual machine. Yes there may be an upfront cost to switch from MS Office for Mac from the windows version, but if the VM gets infected, nuke the VM and install a fresh one.
Something we learned real quick was that higher up front costs with macs were quickly recovered since we weren't dealing with these type of problems on a regular basis.
Hell, I have programmers that are good programmers but frankly don't know the first thing about systems administration.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
Because people are generally more productive when they don't have things on their mind? I know for sure that if I have my personal e-mail/social networking sites/phone out I don't have to worry about missing important events, etc. and generally I'm more productive. I don't check it every 5 minutes or anything but it does help to allow me to focus without thinking about what I could be missing. Without the ability to check personal things, generally my mind tends to wander to them and I lose focus on work. I guess I'm just a tasklist type of person, I want to be -done- with everything, to be up-to-date on my e-mails, etc. Some people aren't. Some people would spend all day on Facebook and get nothing done, some people's minds just don't wander to other tasks, but in general mine does. If my work decided to block all the outside internet, I have little doubt my productivity would suffer because my mind would constantly be elsewhere.
Taxation is legalized theft, no more, no less.
Oh sure, while you sit in the back playing games and watch Hulu all day... Screw you. I worked in an office where the computers were "locked down tight" for a few months.
"How many ounces are in a liter?"
"Just a sec while I Google it. Oh wait, I can't. Give me fifteen minutes to walk over to the factory and physically find a 1L bottle so that I can look at the fucking label."
If I wanted to protect all of the fleet vehicles from damage all I had to do was throw away the keys. But that would be about as stupid and lazy as your locking down the internet connection. It's 2010, do your job, do it well and stop acting like the non IT employees are a bunch of chimps.
I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.
May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.
----- Connection reset by beer
Have the pre-hire install Ubuntu. No prompt, no job. Ubuntu can do anything.
But from what I've seen there's no good answer. Management in small businesses (and in business in general) is usually not concerned with someone's computer security skills or credentials, unless they're hiring someone for an IT position. Even then, it's not uncommon for someone without basic skills to make the cut.
As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).
Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.
I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.
But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.
But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.
The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!
Facts have a liberal bias.
I work at a hospital. The computers that are on the network on which sensitive data is passed have whitelist Internet access to a tiny handful of sites. There is also a public wifi network that is basically open to anything but porn/warez sites which anyone can attach to. You're welcome to connect your smartphone or laptop to it.
It's not about controlling the employees, which I agree is counterproductive. It's about protecting the corporate information. 90% of my Internet usage at work is personal and has no business being done on computers that might contain patient information. That doesn't mean I spend all day surfing rather than working; it just means I need to separate the two.
Hire *good* people.
Step 2: work on developing their skills.
You see, what you're asking is like "how do I handle all the fame and adulation after I become a rock star?" The hard part is finding good people. If you can find 'em, they're worth training because they're *trainable*.
So if you've got somebody who can do a great job and adds to the team, but doesn't know what the hell phishing is, don't worry about that. You can teach a good hire what phishing is. You can't teach a bad hire who knows what phishing is to be a good employee.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
It speaks volumes that your point of view is effectively, "I work better when I'm slightly less focused on my personal stuff". Has it occurred to you to try focusing on your work, when it's work time, and leave your personal issues at the door? I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time. If they can't, then you have a problem, and you should get counseling, OR you need to take a furlough from work and get your life in order.
While it's great that modern systems can keep us up to date on the latest and greatest events around us, it's nothing more than a distraction most of the time, and it is almost NEVER serious business.
I love admins like you. I work for a university and our individual desktop machines were - until the policy was changed - "locked down tight" as you say.
So my group spent a week harassing IT by constantly sending emails to them - and to the relevant department heads - asking them to google stuff for us, print it out, and deliver it. We had them over at least 3-4 times a day to install software we wanted to test out. We called them about every. Single. Issue. We could come up with.
Five days of this and we were given admin privileges, the net-nanny software was removed, and the admin who came up with the "lock it down tight" policy was sent on to greener pastures because, after all, the purpose of computers in the workplace is to get work done, not to just avoid getting them infected with malware.
Since I can't tell them apart, I treat all ACs as the same person.
I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time.
Grownups aren't paid for their time; they're paid for their results. I'm sorry to hear that you still work at McDonald's.
You can set different policies for different kinds of users. Users who are in the psychology department and who do sex research *probably* shouldn't be barred from going to websites the net-nanny software calls "sexual or adult content" while people who work in the university accounting office *probably* should. Someone who doesn't work in IT but who's job requires installing and trying out 2-3 bits of software on an average day to see if it's useful for research should *probably* not have their ability to install software on a sandbox computer restricted, while someone who works with very sensitive records in the hospital patient records office probably shouldn't be given the keys to the kingdom. Regardless of whether or not the workplace has 5 or 50,000 (as there are at my university, including students) users, there are usually going to be a fairly limited number of groups people will fall into.
Computers in the workplace are to get work done, not to be the private fiefdom of some control-freak. I don't, actually, care if keeping my computer locked down so I am continually inconvenienced because I can't install software myself or go to websites I need to visit reduces the burden on IT. I'm an educator and a researcher at a university; the purpose of the university is to educate people and do research, not maintain good computers. My needs trump theirs, to put it bluntly, so they need to get the hell out of my way and let me work.
I probably sound like a complete bitch, but the fact of the matter is, I don't enjoy wasting my time or my student's money sitting around with my thumb up my ass because some nitwit admin has decided that he can't be bothered to learn how to do his job well.
Since I can't tell them apart, I treat all ACs as the same person.
As cynically as he stated it, I'm going to have to agree with him, as least as far as most office jobs are concerned.
While you may technically be paid to "work" for some minimum number of hours, with the increase in telecommuting, flex schedules, and honestly just the modus operandi in tech jobs these days, time is one of the worst ways to judge productivity, and is rarely a significant factor in any type of focal review.
Results matter. If you are in sales and bring in $10M in revenue with 30 hours a week of effort, while your co-workers brings in $1M with twice that, it's pretty clear who's getting the "big bonus" this year. Your boss probably won't know or care how much of that time was spent on Facebook vs meeting with customers, as long as you meet or exceed expectations.