Computer Competency Test For Non-IT Hires? 369
wto605 writes "As computers are used for more and more vital business functions, small businesses must have office employees who understand the dangers of, and how to recognize and avoid, malware, spam, and phishing. After having been stung by monthly virus cleanups (at $75 an hour) due to an otherwise competent office manager, my parents have realized they need to be aware of their employees' computer skills beyond the ability to type a letter in Microsoft Word (currently the closest thing they have to a test of computer competence). The problem is, as a small business, they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills, such as an online test, a set of questions, etc. I have already pointed them to Sonicwall's Spam and Phishing test, but it definitely does not cover all of the issues facing computer users."
Anybody can have a bad day (Score:5, Insightful)
Anybody can have a bad day.
Just because someone is competent with a computer doesn't mean they can't be the vector for an infection. If you start with that premise you'll realize how completely futile it is. What you need instead is a tutorial program to reduce risks. Things they should and shouldn't do, etc.
And proper anti-virus processes and procedures.
Re:Simpler solution... (Score:5, Insightful)
Re:Simpler solution... (Score:5, Insightful)
Oh sure, while you sit in the back playing games and watch Hulu all day... Screw you. I worked in an office where the computers were "locked down tight" for a few months.
"How many ounces are in a liter?"
"Just a sec while I Google it. Oh wait, I can't. Give me fifteen minutes to walk over to the factory and physically find a 1L bottle so that I can look at the fucking label."
If I wanted to protect all of the fleet vehicles from damage all I had to do was throw away the keys. But that would be about as stupid and lazy as your locking down the internet connection. It's 2010, do your job, do it well and stop acting like the non IT employees are a bunch of chimps.
Re:Simpler solution... (Score:2, Insightful)
Re:Replace their PC's with Mac Mini's (Score:1, Insightful)
Or to not throw your money down the drain replacing all your computers (if this is an option)..... Install linux on their existing computers using a network wide install, and then have them use VMware/Virtual box.
You ask a good question (Score:5, Insightful)
As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).
Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.
I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.
But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.
But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.
The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!
Re:Simpler solution... (Score:4, Insightful)
You'd make the kind of admin I despise.
Maybe because people like to listen to streaming music while they work. Maybe because people like to do research online while they work. Maybe IM is a useful form of communication. Maybe you want to research your clients or competition or do SEO or some graphics tutorials or download an editor for something yada yada yada. Don't hire total noobs, do your job of installing the latest updates, run some anti-virus (insert McAfee joke here), and have an understood IT policy - understood meaning people understand your concerns, not just "the rules". You can never have perfect security, but you can have reasonable security without being an ass about it. You can also have a backup plan, like backing up documents on a schedule to a safe(r) system and having a disc image to recover a system from reasonably quickly.
Yours is an office I wouldn't work in, and maybe there is something to say for self-selection of the people that would.
Re:Anybody can have a bad day (Score:2, Insightful)
I've never had any of my computers, running Mac/Windows infected by anything that I know of, I don't use any sort of protection either. However, I know many people with more protection than me who get viruses because they don't know what they're doing.
Sure I could get a virus. However, my friend who torrented an antivirus package to get rid of a virus he got from another torrent is still much more of a security risk than I'll ever be.
Step 1 (Score:5, Insightful)
Hire *good* people.
Step 2: work on developing their skills.
You see, what you're asking is like "how do I handle all the fame and adulation after I become a rock star?" The hard part is finding good people. If you can find 'em, they're worth training because they're *trainable*.
So if you've got somebody who can do a great job and adds to the team, but doesn't know what the hell phishing is, don't worry about that. You can teach a good hire what phishing is. You can't teach a bad hire who knows what phishing is to be a good employee.
Re:Simpler solution... (Score:3, Insightful)
Re:You ask a good question (Score:1, Insightful)
This will be true as long as my generation, the baby boomers and maybe the next youngest are around. I know many people who completed their education and early work careers before one was expected to understand computers. Suddenly everyone has to use a computer but no training or testing was required. How many people think they are "computer literate" when the extent of their skill is checking email, sending email, deleting email, printing email...
We have a huge training gap in our workforce. Business isn't willing to foot the cost and many workers don't understand the necessity of upgrading computer skills.
Re:Make them maintain their own damn computer (Score:3, Insightful)
Re:Simpler solution... (Score:5, Insightful)
I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time.
Grownups aren't paid for their time; they're paid for their results. I'm sorry to hear that you still work at McDonald's.
Re:Simpler solution... (Score:3, Insightful)
It was a nice try to slander me with accusations of working for McDonalds. Last time I checked, their POS terminals don't allow the user to initiate a web browser (or any other software).
Wether salary, or hourly, you are being paid for your time. Surely the result are what count (mostly), but there is usually an implicit agreement of a certain block of time, on certain days. If you can't abide the agreement, then you shouldn't make it. However, if you convinced someone to pay you salary, and then just do as you please, that's great. But it's not a career, kiddo.
Re:Simpler solution... (Score:2, Insightful)
In my experience as IT support, non IT people ARE basically chimps with computers. Its like giving the keys to a Dodge Viper to a 12 year old thats played Grand Theft Auto....the results arent pretty.
Re:Simpler solution... (Score:5, Insightful)
You can set different policies for different kinds of users. Users who are in the psychology department and who do sex research *probably* shouldn't be barred from going to websites the net-nanny software calls "sexual or adult content" while people who work in the university accounting office *probably* should. Someone who doesn't work in IT but who's job requires installing and trying out 2-3 bits of software on an average day to see if it's useful for research should *probably* not have their ability to install software on a sandbox computer restricted, while someone who works with very sensitive records in the hospital patient records office probably shouldn't be given the keys to the kingdom. Regardless of whether or not the workplace has 5 or 50,000 (as there are at my university, including students) users, there are usually going to be a fairly limited number of groups people will fall into.
Computers in the workplace are to get work done, not to be the private fiefdom of some control-freak. I don't, actually, care if keeping my computer locked down so I am continually inconvenienced because I can't install software myself or go to websites I need to visit reduces the burden on IT. I'm an educator and a researcher at a university; the purpose of the university is to educate people and do research, not maintain good computers. My needs trump theirs, to put it bluntly, so they need to get the hell out of my way and let me work.
I probably sound like a complete bitch, but the fact of the matter is, I don't enjoy wasting my time or my student's money sitting around with my thumb up my ass because some nitwit admin has decided that he can't be bothered to learn how to do his job well.
Re:I don't know (Score:3, Insightful)
Linux is simply not realistic in a regular office environment.
I work at a non tech company with a lot of average Jane's and Joe's.
We are talking about people who reboot their machine if tech-support tells them to restart a certain program. We are talking about people who don't know the difference between a url and a email adress. Cut/copy and paste is witchcraft. These people are good at what they do as long as the tools they have to work with just work.
If shit hits the fan they are lost. If after a update button X is moved to another menu or simply 100 pixels to the right hell breaks loose.
Now imagine what would happen if their "computer" doesn't look like the "computer" they are used to seeing at home and everywhere else. Production wouldn't slow down, it would do a full emergency stop, handbrake with smoking and screaming tires...
And this is what a lot of nerds like "us" tend to forget a lot of the time.
There are vast amounts of people out there who don't get computers, os-es and software. It's a tool and it should work, period. They don't care how it works, even if they did they wouldn't understand it because they have no feeling for it.
Re:Simpler solution... (Score:3, Insightful)
I don't know how you work, but I get paid for the results I achieve in a certain time. They don't pay me for my time, as that's relatively worthless to them.
Re:Simpler solution... (Score:5, Insightful)
As cynically as he stated it, I'm going to have to agree with him, as least as far as most office jobs are concerned.
While you may technically be paid to "work" for some minimum number of hours, with the increase in telecommuting, flex schedules, and honestly just the modus operandi in tech jobs these days, time is one of the worst ways to judge productivity, and is rarely a significant factor in any type of focal review.
Results matter. If you are in sales and bring in $10M in revenue with 30 hours a week of effort, while your co-workers brings in $1M with twice that, it's pretty clear who's getting the "big bonus" this year. Your boss probably won't know or care how much of that time was spent on Facebook vs meeting with customers, as long as you meet or exceed expectations.
Re:Anybody can have a bad day (Score:3, Insightful)
In many cases this is an issue more relevent to clueless developers together with clueless vendor support...
Re:Anybody can have a bad day (Score:1, Insightful)
Re:Anybody can have a bad day (Score:3, Insightful)
There is a big difference between making one single mistake and having a risky attitude. This is especially true for people who are at a hierarchical higher level than the IT people in charge of the security.
Re:Simpler solution... (Score:3, Insightful)
I tend to agree with kklien, in that I would like to be compensated for my work, not for the time I took to accomplish the work.
I am not compensated for ideas I have in the shower, or stuff that comes to me in dreams. My company wants me to put 40 hours into a timesheet every week, sometimes more, but never less, unless I'm taking leave time. It doesn't matter to them if I can get everything they want me to do in 30 or 20 hours. If I can, they'll find more work for me to do to fill up the remaining time. It doesn't matter to them whether it has anything to do with my career field or not.
I wear a pager and there's an expectation that I'll respond to pages potentially at any time, as though I'm a firefigher constantly on duty. I'm not compensated for all the time I wear the pager. My stance is that if they can page me at any time, intruding into my personal time, and expect me to drop whatever I'm doing and come in and do work, then they can damn well let me do some personal stuff during work hours, as long as I'm delivering consistent, high quality results. This includes casual web surfing, making personal phone calls, sending faxes from the office, and doing business with companies whose only hours of operation happen to be the same hours that I'm expected to be in the office doing work.
Re:I don't know (Score:3, Insightful)
I disagree. The main problem is if they need to exchange documents with people outside the company, and that's an Office software issue, not an OS issue.
Well, I don't now, but I used to.
Yes, agreed.
No, it doesn't. They call up and say they can't find button X, and you show them where it is now, and they write it down on a post-it and stick it to the monitor along with the 20 others.
Their work computer never looked like the one at home (e.g. it might run a locked down version of XP Pro, while they have Windows 7 at home). They don't use a computer anywhere else.
You say this, but seem to have missed the point yourself. People in an office don't "use a computer". They follow a process that (hopefully!) results in what they want. They get a load of envelopes printed, or a group email sent. If the process changes in some way, they're lost because they don't understand what the process is, they just have some steps they need to follow.
And they can follow these steps just as well on Linux as they can on Windows.
Re:Anybody can have a bad day (Score:3, Insightful)
Then they should LEARN what BCC and CC are, or they can get a new fucking job. This is not rocket science. It takes approximately ten seconds to thoroughly learn the difference. Asking this of someone with an eighth grade education is not unreasonable.
Re:Simpler solution... (Score:3, Insightful)
Sure, I deal with users like you every day. If management would let us sign over the responsibilities that come with admining the computer over to you in addition with the increased rights, I'd be fine. I.e. if your computer gets a virus and we could say, not our problem, you clean it up as you're the "admin of record" then I'd be fine with what you want. But if I have to drop my projects, or push off a computer that needs an upgrade for someone who *wants* a managed, supported computer, then it annoys me.
If you were responsible for the software licensing and EULA compliance for that computer, and the one to re-image if the software conflicts, and the one to figure out if installing that driver before installing Labview is why your hardware doesn't work with that PC, then fine, be admin.
Or, heck, if your department wanted to pay someone's salary (even mine maybe) to sit around and re-image and re-install when the zbot infection gets your PC or the random software installs and uninstalls finally break Windows then that's that person's job. Or maybe pay the local consultant / geek squad / whatever to do it.
A lot of this is of course management - they have to decide what balance of IT they want paid to re-image PCs weekly and what balance they want enabling new infrastructure, new OSs, new capabilities etc.