Computer Competency Test For Non-IT Hires? 369
wto605 writes "As computers are used for more and more vital business functions, small businesses must have office employees who understand the dangers of, and how to recognize and avoid, malware, spam, and phishing. After having been stung by monthly virus cleanups (at $75 an hour) due to an otherwise competent office manager, my parents have realized they need to be aware of their employees' computer skills beyond the ability to type a letter in Microsoft Word (currently the closest thing they have to a test of computer competence). The problem is, as a small business, they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills, such as an online test, a set of questions, etc. I have already pointed them to Sonicwall's Spam and Phishing test, but it definitely does not cover all of the issues facing computer users."
Anybody can have a bad day (Score:5, Insightful)
Anybody can have a bad day.
Just because someone is competent with a computer doesn't mean they can't be the vector for an infection. If you start with that premise you'll realize how completely futile it is. What you need instead is a tutorial program to reduce risks. Things they should and shouldn't do, etc.
And proper anti-virus processes and procedures.
Re:Anybody can have a bad day (Score:5, Interesting)
Right, but computers can be dangerous tools. You are expected to prove some basic competency before you are licensed to drive. Same thing with operating heavy machinery.
If you don't know what you're doing, you can cause a lot of harm. If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble. You're right that anyone could accidentally do that, but you should make sure they know that in the first place.
I don't see any problem with some basic competency stuff. A little anti-phishing, some basic tasks in an email client, etc. If a job requires knowledge of how to use a computer, the applicants should know how to use a computer.
If they don't? You could not hire them, or you could train them.
Seems pretty reasonable to me. If you hire them and it turns out they don't know what they are doing, you can lose money directly (like the above), or indirectly (as they spend a day or two to do a simple task before you find out they didn't know what they were doing).
I know that there are some things that I would like on the test. It drives me nuts how many people don't know how to send screenshots around. When you get a piece of text on a web page you want me to know about, just send me the text. I don't want a screenshot of the text. I really don't want a word document with a screenshot of the text. I don't want it internally, and I don't want clients/partners seeing that. I'd rather spend the 5 minutes to teach them how to do it correctly.
Re: (Score:3, Informative)
Basic training and locking down the PCs is the way to go.
Don't let the users run as administrators, and most of the infection problems will go away. From there, teach them how to deal with spam email and how to recognize fake antivirus and other phishing scams.
Once the users are kept from shooting themselves in the foot (restricted rights), and are taught why they shouldn't point the gun at their foot in the first place, things should improve dramatically.
Re: (Score:3, Insightful)
In many cases this is an issue more relevent to clueless developers together with clueless vendor support...
Re: (Score:3, Informative)
Don't let the users run as administrators, and most of the infection problems will go away
I wish. This used to be the case, but most of the FakeAV stuff can run and infect fine in a user context. Sure, you can blow the user account away and you're clean, but still, doing that several times a week because yet another infected ad on CNN or whatever hosed their profile, even through Firefox, even with ad-blocking at the squid proxy, is a PITA.
Sure, non-admin means less re-images, but it isn't stopping many of
Re: (Score:2, Interesting)
If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble.
Not even nearly as harmful as a crane falling on your head, or some old fart running you down because he hit the gas instead of the brakes. It's not that users aren't ready for computers, it's that computers aren't ready for the users. Cars weren't either until at least the 30s or 40s
Re:Anybody can have a bad day (Score:5, Interesting)
When working for big corporations, I often have to pass a "computer security and privacy awareness test". It is usually implemented through a web interface with simple radio button forms (multiple choices) and I have to pass it before I can get any access to their systems.
Trust me, you really do not have to be a techie to pass it but you must know basic principles about internet security and privacy issues, confidentiality and security levels etc.
The solution seems simple enough; just get a template for one of these tests that pretty much look alike in any big corporation. Such standard tests but be available through the internet.
Have the candidates pass the test. Also, state strict sanctions for mistakes with regards to not following those basic guidelines and make them clear right from the start, preferably as part of the test. Candidates get the idea that you do not fool around with these topics.
Re: (Score:3, Funny)
Dude.. my mom makes her presentations in excel !
Re: (Score:3, Insightful)
Then they should LEARN what BCC and CC are, or they can get a new fucking job. This is not rocket science. It takes approximately ten seconds to thoroughly learn the difference. Asking this of someone with an eighth grade education is not unreasonable.
Re:Anybody can have a bad day (Score:5, Funny)
Are you familiar with Windows? (Yes / No)
Is Linux a computer operating system, a breed of penguins or some guy from Europe? (Yes / No)
When was the last time you rebooted your computer? (Yes / No)
Have you ever had a password you wouldn't share? (Yes / No)
Do you know enough about computer security not to watch porn at work unless it's at lunch or a boring meeting? (Yes / No)
What is the name of your first pet, the town you grew up in or your elementary school? (Yes / No)
Do you post on Slashdot? (Yes / No)
Your hired!
Re: (Score:2, Insightful)
I've never had any of my computers, running Mac/Windows infected by anything that I know of, I don't use any sort of protection either. However, I know many people with more protection than me who get viruses because they don't know what they're doing.
Sure I could get a virus. However, my friend who torrented an antivirus package to get rid of a virus he got from another torrent is still much more of a security risk than I'll ever be.
Re: (Score:2)
Re: (Score:3, Informative)
I think you can probably make a case for users needing to be competent to avoid phishing attacks...because the impact can be so damaging and there is no real way to prevent them...but in all other aspects maintaining a good security posture really is more the responsibility of the IT staff. In the end, something is going to test your defenses. Most of the viruses we see at my very large enterprise spread via the network. You get one user who makes a wrong click and BAM every single one
Re: (Score:3, Insightful)
There is a big difference between making one single mistake and having a risky attitude. This is especially true for people who are at a hierarchical higher level than the IT people in charge of the security.
Re: (Score:2)
Sure, you have to scan your desk too.
Re:Anybody can have a bad day (Score:5, Funny)
racist (Score:2, Funny)
competency tests are all racist. they only seek to restrict minorities. you cannot legally require these - the courts have ruled. live with it, right wing tea bagger.
Re: (Score:3, Funny)
Are you saying incompetent people are no longer the majority?
Simpler solution... (Score:2, Interesting)
Re: (Score:3, Interesting)
Re:Simpler solution... (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:Simpler solution... (Score:5, Informative)
While it's great that modern systems can keep us up to date on the latest and greatest events around us, it's nothing more than a distraction most of the time, and it is almost NEVER serious business.
Re:Simpler solution... (Score:5, Insightful)
I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time.
Grownups aren't paid for their time; they're paid for their results. I'm sorry to hear that you still work at McDonald's.
Re: (Score:3, Insightful)
It was a nice try to slander me with accusations of working for McDonalds. Last time I checked, their POS terminals don't allow the user to initiate a web browser (or any other software).
Wether salary, or hourly, you are being paid for your time. Surely the result are what count (mostly), but there is usually an implicit agr
Re: (Score:3, Insightful)
I don't know how you work, but I get paid for the results I achieve in a certain time. They don't pay me for my time, as that's relatively worthless to them.
Re:Simpler solution... (Score:5, Insightful)
As cynically as he stated it, I'm going to have to agree with him, as least as far as most office jobs are concerned.
While you may technically be paid to "work" for some minimum number of hours, with the increase in telecommuting, flex schedules, and honestly just the modus operandi in tech jobs these days, time is one of the worst ways to judge productivity, and is rarely a significant factor in any type of focal review.
Results matter. If you are in sales and bring in $10M in revenue with 30 hours a week of effort, while your co-workers brings in $1M with twice that, it's pretty clear who's getting the "big bonus" this year. Your boss probably won't know or care how much of that time was spent on Facebook vs meeting with customers, as long as you meet or exceed expectations.
Re: (Score:3, Insightful)
I tend to agree with kklien, in that I would like to be compensated for my work, not for the time I took to accomplish the work.
I am not compensated for ideas I have in the shower, or stuff that comes to me in dreams. My company wants me to put 40 hours into a timesheet every week, sometimes more, but never less, unless I'm taking leave time. It doesn't matter to them if I can get everything they want me to do in 30 or 20 hours. If I can, they'll find more work for me to do to fill up the remaining time.
Re: (Score:2)
http://uninews.unimelb.edu.au/news/5750/ [unimelb.edu.au]
Re:Simpler solution... (Score:5, Interesting)
It's not about controlling the employees, which I agree is counterproductive. It's about protecting the corporate information. 90% of my Internet usage at work is personal and has no business being done on computers that might contain patient information. That doesn't mean I spend all day surfing rather than working; it just means I need to separate the two.
Re:Simpler solution... (Score:5, Insightful)
Oh sure, while you sit in the back playing games and watch Hulu all day... Screw you. I worked in an office where the computers were "locked down tight" for a few months.
"How many ounces are in a liter?"
"Just a sec while I Google it. Oh wait, I can't. Give me fifteen minutes to walk over to the factory and physically find a 1L bottle so that I can look at the fucking label."
If I wanted to protect all of the fleet vehicles from damage all I had to do was throw away the keys. But that would be about as stupid and lazy as your locking down the internet connection. It's 2010, do your job, do it well and stop acting like the non IT employees are a bunch of chimps.
Re: (Score:2, Offtopic)
Re: (Score:2, Insightful)
In my experience as IT support, non IT people ARE basically chimps with computers. Its like giving the keys to a Dodge Viper to a 12 year old thats played Grand Theft Auto....the results arent pretty.
Re:Simpler solution... (Score:4, Funny)
You're just envious of the people with real jobs who aren't stuck doing IT support.
Re: (Score:2, Insightful)
Re:Simpler solution... (Score:4, Insightful)
You'd make the kind of admin I despise.
Maybe because people like to listen to streaming music while they work. Maybe because people like to do research online while they work. Maybe IM is a useful form of communication. Maybe you want to research your clients or competition or do SEO or some graphics tutorials or download an editor for something yada yada yada. Don't hire total noobs, do your job of installing the latest updates, run some anti-virus (insert McAfee joke here), and have an understood IT policy - understood meaning people understand your concerns, not just "the rules". You can never have perfect security, but you can have reasonable security without being an ass about it. You can also have a backup plan, like backing up documents on a schedule to a safe(r) system and having a disc image to recover a system from reasonably quickly.
Yours is an office I wouldn't work in, and maybe there is something to say for self-selection of the people that would.
Re: (Score:2)
Re: (Score:3, Informative)
I work in a large hospital. If you log in as a generic user - typical for most stations, because anybody can wake it up f
Re:Simpler solution... (Score:5, Funny)
I love admins like you. I work for a university and our individual desktop machines were - until the policy was changed - "locked down tight" as you say.
So my group spent a week harassing IT by constantly sending emails to them - and to the relevant department heads - asking them to google stuff for us, print it out, and deliver it. We had them over at least 3-4 times a day to install software we wanted to test out. We called them about every. Single. Issue. We could come up with.
Five days of this and we were given admin privileges, the net-nanny software was removed, and the admin who came up with the "lock it down tight" policy was sent on to greener pastures because, after all, the purpose of computers in the workplace is to get work done, not to just avoid getting them infected with malware.
Re: (Score:2)
Re:Simpler solution... (Score:5, Insightful)
You can set different policies for different kinds of users. Users who are in the psychology department and who do sex research *probably* shouldn't be barred from going to websites the net-nanny software calls "sexual or adult content" while people who work in the university accounting office *probably* should. Someone who doesn't work in IT but who's job requires installing and trying out 2-3 bits of software on an average day to see if it's useful for research should *probably* not have their ability to install software on a sandbox computer restricted, while someone who works with very sensitive records in the hospital patient records office probably shouldn't be given the keys to the kingdom. Regardless of whether or not the workplace has 5 or 50,000 (as there are at my university, including students) users, there are usually going to be a fairly limited number of groups people will fall into.
Computers in the workplace are to get work done, not to be the private fiefdom of some control-freak. I don't, actually, care if keeping my computer locked down so I am continually inconvenienced because I can't install software myself or go to websites I need to visit reduces the burden on IT. I'm an educator and a researcher at a university; the purpose of the university is to educate people and do research, not maintain good computers. My needs trump theirs, to put it bluntly, so they need to get the hell out of my way and let me work.
I probably sound like a complete bitch, but the fact of the matter is, I don't enjoy wasting my time or my student's money sitting around with my thumb up my ass because some nitwit admin has decided that he can't be bothered to learn how to do his job well.
Re: (Score:3, Insightful)
Sure, I deal with users like you every day. If management would let us sign over the responsibilities that come with admining the computer over to you in addition with the increased rights, I'd be fine. I.e. if your computer gets a virus and we could say, not our problem, you clean it up as you're the "admin of record" then I'd be fine with what you want. But if I have to drop my projects, or push off a computer that needs an upgrade for someone who *wants* a managed, supported computer, then it annoys me.
I
Re: (Score:2)
And forgive the self reply, but there were other circumstances leading up to this - the guy was a complete martinet, a very stereotypical misanthrope who seemed to be more interested in denying services than in helping people do their work. This was just the last straw.
Re: (Score:2)
"Don't run as admin" *is* simple and will prevent most malware/infections.
Good way to encourage them to learn quickly (Score:4, Interesting)
A lot of people can recognize such things already. They just don't want to take the time to bother with it. So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.
When I was younger, the mother of one of my friends was bad enough about it that her computer needed wiping on a weekly basis. My friend wasn't much of a computer person, but he at least knew what not to do. Unfortunately he was stuck using the same machine and so still had to deal with it. For a while I was fixing it for them for free since he was a friend, but when I started charging $20/hour for cleanup his mother changed her ways amazingly quickly.
Re:Good way to encourage them to learn quickly (Score:5, Informative)
It's illegal to dock employees' pay for damage to the employer's property.
For accidental damage, employees have no liability at all: It's considered the employer's responsibility to manage its workplace in a way that minimizes accidental damage, and any that does occur is considered a cost of doing business. Viruses routinely appearing on company machines, especially if it happens to many employees' machines, is probably in that category.
For damage done intentionally or through serious negligence, the employee may be responsible, but the employer still cannot dock their pay; they must sue the employee to recover the damages, and must prove by a preponderance of the evidence that the damage was inflicted intentionally or negligently.
Re: (Score:2)
It's illegal to dock employees' pay for damage to the employer's property.
Are you sure? A quick Google suggests [blr.com] that this is true if the employee is exempt, if it wasn't in their contract, or if it would pull them below minimum wage, but not otherwise.
Re: (Score:2)
Ah yeah, I was assuming salaried (exempt) employees, which is the norm for office jobs that involve routine use of computers; though I suppose there are some hourly-wage data-entry jobs.
There are some cases where hourly workers can have their pay docked, but even then, as the site you link to says, only if "caused by the employee's gross negligence, or dishonest or willful act." And the bar for gross negligence is fairly high, not just anything that could have been prevented if the employee had been more ca
Re: (Score:3)
only if "caused by the employee's gross negligence, or dishonest or willful act."
Only in California. The federal law (FLSA) allows docking pay if the contract allows it and it doesn't bring the employee below minimum wage.
Re: (Score:2)
Seriously, I'm not an employer, but if I were I'd be laughing really hard.
Re: (Score:2)
What a horrible, backwards world you must live in.
Do they take away your health care when you get sick too? And does your car insurance stop if you have an accident?
Re: (Score:2)
Re: (Score:2)
They can dock your pay if they make agreeing to such a policy a condition of employment.
Re: (Score:2)
True if you're hourly, but not allowed for salaried employees even if they agreed to it (because salaries aren't allowed to have conditions).
Re: (Score:2)
So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.
Yeah, and that is going to work just as well as those 40-something 'businessmen' who think everything is going to ruin their hardware. Surely you've met a few, you know, the people who buy the $2,000 Sony computers with Core i7s but won't run anything more than IE, their corporate e-mail because it might 'damage' their computer? When people are afraid to use technology, productivity will drop -far- below when they use it for whatever. A re-image takes, what, 5, 10 minutes? An employee scared to use techno
Re: (Score:2)
and recovering from a data breach takes, what, infinity time? an employee being cavalier with their access can cause unmeasurable damage to the company they work for.
to be fair, i mostly agree with you. i do think you took it a little too far though.
Re: (Score:3, Interesting)
Re: (Score:2)
Seems to me that sort of thing falls on the sysadmin to worry about.
I don't know (Score:5, Interesting)
But the place I work at gave me a computer with Ubuntu installed to use. I requested this after the McAfee incident [cnet.com] last week. Apparently I'm the only one...
Re: (Score:2)
Re: (Score:3, Funny)
Global corporate policy forces me to install McAfee on every server I set up and run... even test servers for our lab.
My manager has no say in it, her manager has no say... the head of the office in my country has no say in it... it is decided in germany by the central "IT Security" department.
So... dont tell me what I can and cant do. If I had a choice I would dump mcafee... unfortunately I dont.
Re: (Score:2)
Re: (Score:3, Insightful)
Linux is simply not realistic in a regular office environment.
I work at a non tech company with a lot of average Jane's and Joe's.
We are talking about people who reboot their machine if tech-support tells them to restart a certain program. We are talking about people who don't know the difference between a url and a email adress. Cut/copy and paste is witchcraft. These people are good at what they do as long as the tools they have to work with just work.
If shit hits the fan they are lost. If after a update
Re: (Score:3, Insightful)
I disagree. The main problem is if they need to exchange documents with people outside the company, and that's an Office software issue, not an OS issue.
Well, I don't now, but I used to.
Yes, agreed.
No, it doesn't. They call up and say they c
Replace their PC's with Mac Mini's (Score:5, Interesting)
Get parallels or VMware if they really need Windows from something, have them run it in a virtual machine. Yes there may be an upfront cost to switch from MS Office for Mac from the windows version, but if the VM gets infected, nuke the VM and install a fresh one.
Something we learned real quick was that higher up front costs with macs were quickly recovered since we weren't dealing with these type of problems on a regular basis.
Hell, I have programmers that are good programmers but frankly don't know the first thing about systems administration.
Re:Replace their PC's with Mac Mini's (Score:5, Interesting)
(while I like the Get A Mac suggestion, perhaps something more windows-zealot-friendly...)
or get something like Deep Freeze [faronics.com] and have it simply restore the HD to factory every 2am. And use network home folders and shares for documents.
Then you have ONE place to run the malware/av software on, the server's shares, at 2am while all the machines on the floor are reimaging themselves for tomorrow.
(there's no point in suggesting something that they're unlikely to try even if you can make a good case for it or in fact are offering a very competitive suggetsion)
Re: (Score:2)
Deep Freeze doesn't actually re-image the computer - if you save a file locally, it's gone when you reboot it. It probably keeps a buffer or something at the end of a frozen partition.
You can have it automatically reboot (thawed) to install Windows updates and run maintenance scripts.
Re: (Score:2)
Perhaps you've understood a different definition of "re-image" than I do, but I'm pretty sure that's what is supposed to happen in one. No files on the drive except for what's in the image.
I think DeepFreeze does it by storing the image on a hidden partition on the same disk, though, so maybe that's what you're talking about?
Re: (Score:3, Informative)
It is possible that I misunderstood what you meant by "re-image." I work for IT on campus, and we deploy it on our lab images. So, I can tell you that it doesn't reboot our computer labs at 2am, pull a 5 GB image off of fast ethernet, and restart.
It also doesn't keep a copy of the image in a hidden partition - we have images that take up more than half the size of the victim machine's hard drive; the technology that would make that possible would be more interesting than Deep Freeze itself.
A frozen comput
Re: (Score:2)
Re: (Score:2)
For a small business, Macs are generally more harm than good, after all, most have one or two admins at most and most admins simply aren't good with people. Everything is different for the computer illiterate on a Mac. While a geek will be able to easily navigate between OS X, Unix, Linux, Windows, etc. your average employee (yeah, the one that thinks he deleted the internet one time when he remo
Re: (Score:2)
It would also work if you replaced "Mac" with "PC with Linux", except that Linux OS and OpenOffice cost $0.
Re: (Score:2)
It would also work if you replaced "Mac" with "PC with Linux", except that Linux OS and OpenOffice cost $0.
As heretical as it might be to say on here, I'd pick OS X over Ubuntu for a non-technical user. Ubuntu is definitely a friendly Linux (which I use daily at work), but it has enough rough edges and quirks I would rather pay the up-front cost and get (in theory) better efficiency from the employee (and definitely easier support).
Re: (Score:2)
Where is this place called "Theory" that you mentioned? Are your company's offices located there? If not, what does it matter what would happen there?
Re: (Score:2)
Looks like we have us an old fashioned stand-off....
User? (Score:2)
Re: (Score:2)
Make them maintain their own damn computer (Score:5, Interesting)
I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.
May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Here's a URL with a link to a December article about a few companies "dipping their toes in":
http://www.itbusinessedge.com/cm/community/features/articles/blog/employee-owned-computer-programs-diving-into-murky-waters/?cs=38238 [itbusinessedge.com]
I don't want to comment on companies that I have personal knowledge of, NDA's and all that. There are two that I currently know of personally that are in process. (Sorry, I have to leave it there)
It is really just another evolutionary step from companies that have started going to thi
Re: (Score:2)
I wish you luck with that. The president is really already there: salespeople often use their own cars for travel, many of us use our own cell-phones and home Internet connections for work, etc. Perhaps the company provides some sort of stipend for you to buy your own computer, maintain it, and replace it every X years. Or maybe not.
But you're right, the company won't be able to search it, won't be as interested in web filtering while you're at work, etc.
I thought everyone knew the answer to this (Score:4, Funny)
Have the pre-hire install Ubuntu. No prompt, no job. Ubuntu can do anything.
You ask a good question (Score:5, Insightful)
As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).
Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.
I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.
But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.
But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.
The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!
Re: (Score:2)
I consider computer illiterate people to be helping me secure my future!
Re: (Score:2)
For some use cases, there's nothing wrong with that. If the bad guys are sitting at your desk, the've got physical access...
That's all well and good... (Score:3, Funny)
but you can't fix stupid.
Step 1 (Score:5, Insightful)
Hire *good* people.
Step 2: work on developing their skills.
You see, what you're asking is like "how do I handle all the fame and adulation after I become a rock star?" The hard part is finding good people. If you can find 'em, they're worth training because they're *trainable*.
So if you've got somebody who can do a great job and adds to the team, but doesn't know what the hell phishing is, don't worry about that. You can teach a good hire what phishing is. You can't teach a bad hire who knows what phishing is to be a good employee.
Phish them OFFLINE! (Score:3, Interesting)
To test if they're too noobie for the job, design a form on paper that phishes their info. Personal info, more private that your regular form at Burger King. If they fall for it, kindly show them the door. Hire the ones that alert you of the problem.
KISS (Score:2)
Keep it simple, stupid, as they say. Remove local administrator and the person using the computer will find it impossible to fuck it up no matter how hard they try.
Step back and look at the big picture. (Score:4, Funny)
Why does a small business need computers? Think about how much more efficient you could be without all of those mumbo-jumbo computers and all the click-happy workers amusing themselves while back-doors and trojans compromise your network and data (on company time of course).
Carbon paper, filing cabinets, and shredders. This is the path to an efficient small business. You may even want to question why your small business needs so many phone lines. Sorry I could not be more helpful, but just step back and ask yourself, "is all this technology really necessary?" I think you will agree, it is a fad that simply over-complicates everything.
Applicable to higher-level jobs as well (Score:3, Interesting)
Myself, I'm mostly a self-taught computer geek. Many of you are also or are at least aware of acquaintances or friends who get by being self-taught, I've always been a firm believer in competency tests vs. degrees.
Work experience is another consideration, as I would test the competency of either a grad or a long-running self-taught previous employee somewhere else. The applicant's general knowledge may be good and well documented, but how are they able to specialize when the need arises?
I was able to ge promoted upwards to the career I have now based on the merits of my passion to learn -on the job or not- as well as well as my ability to apply new ideas quickly. Not everyone is as lucky whether they have the skills or not. which is why I believe a lot of budding IT professionals and/or programmers would get in the door a lot easier with a competency test. On the flipside, maybe less losers would get in the door too.You never know, it could happen. :)
Not a test... (Score:2)
Think of the school system. You do not test someone prior to teaching them.
Install an antivirus that locks down their computers: tracking changes in everything except for My Documents and their desktop. Registry changes should also be rare...they shouldn't be installing anything.
Done.
Re: (Score:2)
Actually, that is exactly what most schools do. How do you know what level of class to enroll someone in without knowing what they are already well-versed in?
Re: (Score:2)
1. Submitter mentions constant problems. From this we already know their level. They've taken their test IRL, and already failed.
2. You could spend lots of time creating documentation for them to read and understand, but it wouldn't work and nobody would want to do it.
3. You get a program that solves everything and is the overall cheapest solution you can get: An antivirus that locks most of the vulnerable areas down, while still letting them browse randomly.
Nice idea, but... (Score:2)
The current windows malware threat is not fully addressable by training. Some exploits are hitting people who have done nothing wrong. By all means train people, just be aware that no single measure will fully solve that issue.
Poorly word tests can knock out good IT works as w (Score:2)
Poorly word tests can knock out good IT works as well.
\Poorly word tests / trick questions can
Do they do the same thing with vehicles? (Score:2)
Relying on some test to see if people know not to open an email from "Hot Sex Machine" with a "cool app you must see now" is lazy IT administration. I know that small businesses often cannot afford an IT person, but to rely on some test is bad management. Are they going to retest people every year to make sure they're up on the latest scams or social engineering
ECDL (Score:3, Informative)
Re: (Score:3, Informative)
Got 10 out of 10, but doubt few people could, especially with the limited information shown.
Some of those they consider "legitimate" are very borderline in my view, especially that UPS one.
Also, the testing site makes a big deal about misspellings and formatting in some of the "phishing" emails. And yet the The Bank of Choice one, that's supposedly "legitimate", has an obvious spelling error in it too!
Ron