Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Businesses Spam

Computer Competency Test For Non-IT Hires? 369

wto605 writes "As computers are used for more and more vital business functions, small businesses must have office employees who understand the dangers of, and how to recognize and avoid, malware, spam, and phishing. After having been stung by monthly virus cleanups (at $75 an hour) due to an otherwise competent office manager, my parents have realized they need to be aware of their employees' computer skills beyond the ability to type a letter in Microsoft Word (currently the closest thing they have to a test of computer competence). The problem is, as a small business, they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills, such as an online test, a set of questions, etc. I have already pointed them to Sonicwall's Spam and Phishing test, but it definitely does not cover all of the issues facing computer users."
This discussion has been archived. No new comments can be posted.

Computer Competency Test For Non-IT Hires?

Comments Filter:
  • by topham ( 32406 ) on Tuesday April 27, 2010 @09:55PM (#32007732) Homepage

    Anybody can have a bad day.

    Just because someone is competent with a computer doesn't mean they can't be the vector for an infection. If you start with that premise you'll realize how completely futile it is. What you need instead is a tutorial program to reduce risks. Things they should and shouldn't do, etc.

    And proper anti-virus processes and procedures.

    • by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Tuesday April 27, 2010 @10:03PM (#32007822) Homepage

      Right, but computers can be dangerous tools. You are expected to prove some basic competency before you are licensed to drive. Same thing with operating heavy machinery.

      If you don't know what you're doing, you can cause a lot of harm. If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble. You're right that anyone could accidentally do that, but you should make sure they know that in the first place.

      I don't see any problem with some basic competency stuff. A little anti-phishing, some basic tasks in an email client, etc. If a job requires knowledge of how to use a computer, the applicants should know how to use a computer.

      If they don't? You could not hire them, or you could train them.

      Seems pretty reasonable to me. If you hire them and it turns out they don't know what they are doing, you can lose money directly (like the above), or indirectly (as they spend a day or two to do a simple task before you find out they didn't know what they were doing).

      I know that there are some things that I would like on the test. It drives me nuts how many people don't know how to send screenshots around. When you get a piece of text on a web page you want me to know about, just send me the text. I don't want a screenshot of the text. I really don't want a word document with a screenshot of the text. I don't want it internally, and I don't want clients/partners seeing that. I'd rather spend the 5 minutes to teach them how to do it correctly.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Basic training and locking down the PCs is the way to go.

        Don't let the users run as administrators, and most of the infection problems will go away. From there, teach them how to deal with spam email and how to recognize fake antivirus and other phishing scams.

        Once the users are kept from shooting themselves in the foot (restricted rights), and are taught why they shouldn't point the gun at their foot in the first place, things should improve dramatically.

        • Re: (Score:3, Insightful)

          by mpe ( 36238 )
          Don't let the users run as administrators, and most of the infection problems will go away.

          In many cases this is an issue more relevent to clueless developers together with clueless vendor support...
        • Re: (Score:3, Informative)

          by jp10558 ( 748604 )

          Don't let the users run as administrators, and most of the infection problems will go away
          I wish. This used to be the case, but most of the FakeAV stuff can run and infect fine in a user context. Sure, you can blow the user account away and you're clean, but still, doing that several times a week because yet another infected ad on CNN or whatever hosed their profile, even through Firefox, even with ad-blocking at the squid proxy, is a PITA.

          Sure, non-admin means less re-images, but it isn't stopping many of

      • Re: (Score:2, Interesting)

        If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble.

        Not even nearly as harmful as a crane falling on your head, or some old fart running you down because he hit the gas instead of the brakes. It's not that users aren't ready for computers, it's that computers aren't ready for the users. Cars weren't either until at least the 30s or 40s

    • by WrongSizeGlass ( 838941 ) on Tuesday April 27, 2010 @10:09PM (#32007888)
      Please answer all of these questions with a 'Yes' or 'No':
      Are you familiar with Windows? (Yes / No)
      Is Linux a computer operating system, a breed of penguins or some guy from Europe? (Yes / No)
      When was the last time you rebooted your computer? (Yes / No)
      Have you ever had a password you wouldn't share? (Yes / No)
      Do you know enough about computer security not to watch porn at work unless it's at lunch or a boring meeting? (Yes / No)
      What is the name of your first pet, the town you grew up in or your elementary school? (Yes / No)
      Do you post on Slashdot? (Yes / No)

      Your hired!
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I've never had any of my computers, running Mac/Windows infected by anything that I know of, I don't use any sort of protection either. However, I know many people with more protection than me who get viruses because they don't know what they're doing.

      Sure I could get a virus. However, my friend who torrented an antivirus package to get rid of a virus he got from another torrent is still much more of a security risk than I'll ever be.

    • Sure it's futile, but it doesn't have to be a royal PITA in the process. Proper education of your employees should always be your first line of defense, followed by network, server, and workstations anti-virus protection. In the event of an infection, it should be rare and isolated.

    • Re: (Score:3, Informative)

      by endus ( 698588 )
      Excellent point.

      I think you can probably make a case for users needing to be competent to avoid phishing attacks...because the impact can be so damaging and there is no real way to prevent them...but in all other aspects maintaining a good security posture really is more the responsibility of the IT staff. In the end, something is going to test your defenses. Most of the viruses we see at my very large enterprise spread via the network. You get one user who makes a wrong click and BAM every single one
    • Re: (Score:3, Insightful)

      by Yvanhoe ( 564877 )
      Anyone can be fired for a bad day.

      There is a big difference between making one single mistake and having a risky attitude. This is especially true for people who are at a hierarchical higher level than the IT people in charge of the security.
  • racist (Score:2, Funny)

    by Anonymous Coward

    competency tests are all racist. they only seek to restrict minorities. you cannot legally require these - the courts have ruled. live with it, right wing tea bagger.

  • Simpler solution... (Score:2, Interesting)

    by demonlapin ( 527802 )
    Why offer general internet access from office PCs anyway? Lock them down tight. If you want to be nice, have an unlocked PC or two with a completely separate Internet connection that can be used during break times for any minor personal details - checking personal email, reserving plane tickets, etc.
    • Re: (Score:3, Interesting)

      by biryokumaru ( 822262 )
      Taking that a step further, they could sandbox all internet apps into a VM, and just wipe that if it gets virus-y.
    • by Darkness404 ( 1287218 ) on Tuesday April 27, 2010 @10:09PM (#32007882)
      Because people are generally more productive when they don't have things on their mind? I know for sure that if I have my personal e-mail/social networking sites/phone out I don't have to worry about missing important events, etc. and generally I'm more productive. I don't check it every 5 minutes or anything but it does help to allow me to focus without thinking about what I could be missing. Without the ability to check personal things, generally my mind tends to wander to them and I lose focus on work. I guess I'm just a tasklist type of person, I want to be -done- with everything, to be up-to-date on my e-mails, etc. Some people aren't. Some people would spend all day on Facebook and get nothing done, some people's minds just don't wander to other tasks, but in general mine does. If my work decided to block all the outside internet, I have little doubt my productivity would suffer because my mind would constantly be elsewhere.
      • Re: (Score:3, Insightful)

        by demonlapin ( 527802 )
        Then use your phone. I use my smartphone at work for exactly those reasons - there are a lot of conversations I have that are none of my employer's business.
      • by KahabutDieDrake ( 1515139 ) on Tuesday April 27, 2010 @11:21PM (#32008594)
        It speaks volumes that your point of view is effectively, "I work better when I'm slightly less focused on my personal stuff". Has it occurred to you to try focusing on your work, when it's work time, and leave your personal issues at the door? I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time. If they can't, then you have a problem, and you should get counseling, OR you need to take a furlough from work and get your life in order.

        While it's great that modern systems can keep us up to date on the latest and greatest events around us, it's nothing more than a distraction most of the time, and it is almost NEVER serious business.
        • by kklein ( 900361 ) on Tuesday April 27, 2010 @11:52PM (#32008880)

          I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time.

          Grownups aren't paid for their time; they're paid for their results. I'm sorry to hear that you still work at McDonald's.

          • Re: (Score:3, Insightful)

            Professionals are paid for their time. Period. You can slice it however you want, but almost no one works piece meal. Most of those that do are VERY far down the skill ladders.

            It was a nice try to slander me with accusations of working for McDonalds. Last time I checked, their POS terminals don't allow the user to initiate a web browser (or any other software).

            Wether salary, or hourly, you are being paid for your time. Surely the result are what count (mostly), but there is usually an implicit agr
            • Re: (Score:3, Insightful)

              by JonJ ( 907502 )

              Professionals are paid for their time. Period.

              I don't know how you work, but I get paid for the results I achieve in a certain time. They don't pay me for my time, as that's relatively worthless to them.

            • by Dahamma ( 304068 ) on Wednesday April 28, 2010 @02:14AM (#32010334)

              As cynically as he stated it, I'm going to have to agree with him, as least as far as most office jobs are concerned.

              While you may technically be paid to "work" for some minimum number of hours, with the increase in telecommuting, flex schedules, and honestly just the modus operandi in tech jobs these days, time is one of the worst ways to judge productivity, and is rarely a significant factor in any type of focal review.

              Results matter. If you are in sales and bring in $10M in revenue with 30 hours a week of effort, while your co-workers brings in $1M with twice that, it's pretty clear who's getting the "big bonus" this year. Your boss probably won't know or care how much of that time was spent on Facebook vs meeting with customers, as long as you meet or exceed expectations.

            • Re: (Score:3, Insightful)

              I tend to agree with kklien, in that I would like to be compensated for my work, not for the time I took to accomplish the work.

              I am not compensated for ideas I have in the shower, or stuff that comes to me in dreams. My company wants me to put 40 hours into a timesheet every week, sometimes more, but never less, unless I'm taking leave time. It doesn't matter to them if I can get everything they want me to do in 30 or 20 hours. If I can, they'll find more work for me to do to fill up the remaining time.

    • Well beyond the fact you need to tighten the comps down, there are very legitimate reasons to have web access at work. In fact a new Australian study thinks it actually raises productivity.

      http://uninews.unimelb.edu.au/news/5750/ [unimelb.edu.au]

      • by demonlapin ( 527802 ) on Tuesday April 27, 2010 @10:27PM (#32008068) Homepage Journal
        I work at a hospital. The computers that are on the network on which sensitive data is passed have whitelist Internet access to a tiny handful of sites. There is also a public wifi network that is basically open to anything but porn/warez sites which anyone can attach to. You're welcome to connect your smartphone or laptop to it.

        It's not about controlling the employees, which I agree is counterproductive. It's about protecting the corporate information. 90% of my Internet usage at work is personal and has no business being done on computers that might contain patient information. That doesn't mean I spend all day surfing rather than working; it just means I need to separate the two.
    • by Anonymous Coward on Tuesday April 27, 2010 @10:17PM (#32007958)

      Oh sure, while you sit in the back playing games and watch Hulu all day... Screw you. I worked in an office where the computers were "locked down tight" for a few months.

      "How many ounces are in a liter?"
      "Just a sec while I Google it. Oh wait, I can't. Give me fifteen minutes to walk over to the factory and physically find a 1L bottle so that I can look at the fucking label."

      If I wanted to protect all of the fleet vehicles from damage all I had to do was throw away the keys. But that would be about as stupid and lazy as your locking down the internet connection. It's 2010, do your job, do it well and stop acting like the non IT employees are a bunch of chimps.

      • Re: (Score:2, Offtopic)

        by demonlapin ( 527802 )
        I'm not IT.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        In my experience as IT support, non IT people ARE basically chimps with computers. Its like giving the keys to a Dodge Viper to a 12 year old thats played Grand Theft Auto....the results arent pretty.

    • Re: (Score:2, Insightful)

      by aoteoroa ( 596031 )
      In an age where many suppliers use web applications that our employees need to place orders, research part specifications and more blocking the web isn't very feasible, and white lists are way too much work compared to occasionally re-imaging a drive. However ever since we put in IPCop to track web usage the number of viruses and other malware decreased significantly. But it could be just a coincidence.
    • by DigitAl56K ( 805623 ) * on Tuesday April 27, 2010 @10:28PM (#32008074)

      You'd make the kind of admin I despise.

      Maybe because people like to listen to streaming music while they work. Maybe because people like to do research online while they work. Maybe IM is a useful form of communication. Maybe you want to research your clients or competition or do SEO or some graphics tutorials or download an editor for something yada yada yada. Don't hire total noobs, do your job of installing the latest updates, run some anti-virus (insert McAfee joke here), and have an understood IT policy - understood meaning people understand your concerns, not just "the rules". You can never have perfect security, but you can have reasonable security without being an ass about it. You can also have a backup plan, like backing up documents on a schedule to a safe(r) system and having a disc image to recover a system from reasonably quickly.

      Yours is an office I wouldn't work in, and maybe there is something to say for self-selection of the people that would.

      • Depending on where you work, it might be a good idea to lock down most of the computers. A hospital or doctor's patient information shouldn't be on machines with free-for-all internet access, as someone mentioned above. The problem here isn't "loss of data". It's "anyone who isn't authorized seeing nearly any portion of the data", which is a much harder thing to do when everyone has access to email, Google and every bit of snoopware that comes with that.
      • Re: (Score:3, Informative)

        by demonlapin ( 527802 )
        Sorry. I should have been clearer. This is obviously a really small business (a $75/hr consultant makes a difference to them) that faces a difficult situation because of one otherwise exemplary employee. Set up a network with all the sensitive data on it that is locked down tighter than a nunnery and a network that's not so tightly managed that allows internet access. Problem solved.

        I work in a large hospital. If you log in as a generic user - typical for most stations, because anybody can wake it up f
    • by thesandtiger ( 819476 ) on Tuesday April 27, 2010 @11:28PM (#32008666)

      I love admins like you. I work for a university and our individual desktop machines were - until the policy was changed - "locked down tight" as you say.

      So my group spent a week harassing IT by constantly sending emails to them - and to the relevant department heads - asking them to google stuff for us, print it out, and deliver it. We had them over at least 3-4 times a day to install software we wanted to test out. We called them about every. Single. Issue. We could come up with.

      Five days of this and we were given admin privileges, the net-nanny software was removed, and the admin who came up with the "lock it down tight" policy was sent on to greener pastures because, after all, the purpose of computers in the workplace is to get work done, not to just avoid getting them infected with malware.

      • You're totally in the clear. Universities with - let's be insanely conservative here - 1000 users are just like 5-employee firms.
        • by thesandtiger ( 819476 ) on Wednesday April 28, 2010 @01:02AM (#32009608)

          You can set different policies for different kinds of users. Users who are in the psychology department and who do sex research *probably* shouldn't be barred from going to websites the net-nanny software calls "sexual or adult content" while people who work in the university accounting office *probably* should. Someone who doesn't work in IT but who's job requires installing and trying out 2-3 bits of software on an average day to see if it's useful for research should *probably* not have their ability to install software on a sandbox computer restricted, while someone who works with very sensitive records in the hospital patient records office probably shouldn't be given the keys to the kingdom. Regardless of whether or not the workplace has 5 or 50,000 (as there are at my university, including students) users, there are usually going to be a fairly limited number of groups people will fall into.

          Computers in the workplace are to get work done, not to be the private fiefdom of some control-freak. I don't, actually, care if keeping my computer locked down so I am continually inconvenienced because I can't install software myself or go to websites I need to visit reduces the burden on IT. I'm an educator and a researcher at a university; the purpose of the university is to educate people and do research, not maintain good computers. My needs trump theirs, to put it bluntly, so they need to get the hell out of my way and let me work.

          I probably sound like a complete bitch, but the fact of the matter is, I don't enjoy wasting my time or my student's money sitting around with my thumb up my ass because some nitwit admin has decided that he can't be bothered to learn how to do his job well.

          • Re: (Score:3, Insightful)

            by jp10558 ( 748604 )

            Sure, I deal with users like you every day. If management would let us sign over the responsibilities that come with admining the computer over to you in addition with the increased rights, I'd be fine. I.e. if your computer gets a virus and we could say, not our problem, you clean it up as you're the "admin of record" then I'd be fine with what you want. But if I have to drop my projects, or push off a computer that needs an upgrade for someone who *wants* a managed, supported computer, then it annoys me.


      • And forgive the self reply, but there were other circumstances leading up to this - the guy was a complete martinet, a very stereotypical misanthrope who seemed to be more interested in denying services than in helping people do their work. This was just the last straw.

  • by Jbcarpen ( 883850 ) on Tuesday April 27, 2010 @10:01PM (#32007796)

    A lot of people can recognize such things already. They just don't want to take the time to bother with it. So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.

    When I was younger, the mother of one of my friends was bad enough about it that her computer needed wiping on a weekly basis. My friend wasn't much of a computer person, but he at least knew what not to do. Unfortunately he was stuck using the same machine and so still had to deal with it. For a while I was fixing it for them for free since he was a friend, but when I started charging $20/hour for cleanup his mother changed her ways amazingly quickly.

    • It's illegal to dock employees' pay for damage to the employer's property.

      For accidental damage, employees have no liability at all: It's considered the employer's responsibility to manage its workplace in a way that minimizes accidental damage, and any that does occur is considered a cost of doing business. Viruses routinely appearing on company machines, especially if it happens to many employees' machines, is probably in that category.

      For damage done intentionally or through serious negligence, the employee may be responsible, but the employer still cannot dock their pay; they must sue the employee to recover the damages, and must prove by a preponderance of the evidence that the damage was inflicted intentionally or negligently.

      • It's illegal to dock employees' pay for damage to the employer's property.

        Are you sure? A quick Google suggests [blr.com] that this is true if the employee is exempt, if it wasn't in their contract, or if it would pull them below minimum wage, but not otherwise.

        • by Trepidity ( 597 )

          Ah yeah, I was assuming salaried (exempt) employees, which is the norm for office jobs that involve routine use of computers; though I suppose there are some hourly-wage data-entry jobs.

          There are some cases where hourly workers can have their pay docked, but even then, as the site you link to says, only if "caused by the employee's gross negligence, or dishonest or willful act." And the bar for gross negligence is fairly high, not just anything that could have been prevented if the employee had been more ca

          • only if "caused by the employee's gross negligence, or dishonest or willful act."

            Only in California. The federal law (FLSA) allows docking pay if the contract allows it and it doesn't bring the employee below minimum wage.

      • They can dock your pay if they make agreeing to such a policy a condition of employment.

        • by Trepidity ( 597 )

          True if you're hourly, but not allowed for salaried employees even if they agreed to it (because salaries aren't allowed to have conditions).

    • So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.

      Yeah, and that is going to work just as well as those 40-something 'businessmen' who think everything is going to ruin their hardware. Surely you've met a few, you know, the people who buy the $2,000 Sony computers with Core i7s but won't run anything more than IE, their corporate e-mail because it might 'damage' their computer? When people are afraid to use technology, productivity will drop -far- below when they use it for whatever. A re-image takes, what, 5, 10 minutes? An employee scared to use techno

      • and recovering from a data breach takes, what, infinity time? an employee being cavalier with their access can cause unmeasurable damage to the company they work for.

        to be fair, i mostly agree with you. i do think you took it a little too far though.

    • Re: (Score:3, Interesting)

      Did you check that competency quiz by sonicwall? People are expected to know the following to pass that test:
      • What HTTPS is, what HTTP is, and which is better
      • How any given company will format their emails-- will Yahoo address them by account number, or name? Or "member"?
      • How the DNS heirarchy works-- that Internal Revenue Service emails will come from a .gov, and what that means
      • What a legitimate domain name will look like (paypal.com isnt the same as paypal.com.somethingelse.net?)
      • How to check where a l
  • I don't know (Score:5, Interesting)

    by the_humeister ( 922869 ) on Tuesday April 27, 2010 @10:03PM (#32007812)

    But the place I work at gave me a computer with Ubuntu installed to use. I requested this after the McAfee incident [cnet.com] last week. Apparently I'm the only one...

    • Honestly, if youre running a Symantec or McAfee product, you really lose any rights to complain about what happens to your computer / server.
      • Re: (Score:3, Funny)

        by omglolbah ( 731566 )

        Global corporate policy forces me to install McAfee on every server I set up and run... even test servers for our lab.
        My manager has no say in it, her manager has no say... the head of the office in my country has no say in it... it is decided in germany by the central "IT Security" department.

        So... dont tell me what I can and cant do. If I had a choice I would dump mcafee... unfortunately I dont.

        • Im simply pointing out that complaining that a Symantec or McAfee product worked poorly, trashed your data, and left the toilet seat up is about as worthwhile as blaming your users for the viruses that they keep getting. Youre welcome to do it, but its not terribly productive.
    • Re: (Score:3, Insightful)

      Linux is simply not realistic in a regular office environment.

      I work at a non tech company with a lot of average Jane's and Joe's.
      We are talking about people who reboot their machine if tech-support tells them to restart a certain program. We are talking about people who don't know the difference between a url and a email adress. Cut/copy and paste is witchcraft. These people are good at what they do as long as the tools they have to work with just work.

      If shit hits the fan they are lost. If after a update

      • Re: (Score:3, Insightful)

        by dylan_- ( 1661 )

        Linux is simply not realistic in a regular office environment.

        I disagree. The main problem is if they need to exchange documents with people outside the company, and that's an Office software issue, not an OS issue.

        I work at a non tech company with a lot of average Jane's and Joe's.

        Well, I don't now, but I used to.

        We are talking about people....[snip]

        Yes, agreed.

        If after a update button X is moved to another menu or simply 100 pixels to the right hell breaks loose.

        No, it doesn't. They call up and say they c

  • by ducomputergeek ( 595742 ) on Tuesday April 27, 2010 @10:07PM (#32007852)

    Get parallels or VMware if they really need Windows from something, have them run it in a virtual machine. Yes there may be an upfront cost to switch from MS Office for Mac from the windows version, but if the VM gets infected, nuke the VM and install a fresh one.

    Something we learned real quick was that higher up front costs with macs were quickly recovered since we weren't dealing with these type of problems on a regular basis.

    Hell, I have programmers that are good programmers but frankly don't know the first thing about systems administration.

    • by v1 ( 525388 ) on Tuesday April 27, 2010 @10:15PM (#32007942) Homepage Journal

      (while I like the Get A Mac suggestion, perhaps something more windows-zealot-friendly...)

      or get something like Deep Freeze [faronics.com] and have it simply restore the HD to factory every 2am. And use network home folders and shares for documents.

      Then you have ONE place to run the malware/av software on, the server's shares, at 2am while all the machines on the floor are reimaging themselves for tomorrow.

      (there's no point in suggesting something that they're unlikely to try even if you can make a good case for it or in fact are offering a very competitive suggetsion)

      • by Z34107 ( 925136 )

        Deep Freeze doesn't actually re-image the computer - if you save a file locally, it's gone when you reboot it. It probably keeps a buffer or something at the end of a frozen partition.

        You can have it automatically reboot (thawed) to install Windows updates and run maintenance scripts.

        • Perhaps you've understood a different definition of "re-image" than I do, but I'm pretty sure that's what is supposed to happen in one. No files on the drive except for what's in the image.

          I think DeepFreeze does it by storing the image on a hidden partition on the same disk, though, so maybe that's what you're talking about?

          • Re: (Score:3, Informative)

            by Z34107 ( 925136 )

            It is possible that I misunderstood what you meant by "re-image." I work for IT on campus, and we deploy it on our lab images. So, I can tell you that it doesn't reboot our computer labs at 2am, pull a 5 GB image off of fast ethernet, and restart.

            It also doesn't keep a copy of the image in a hidden partition - we have images that take up more than half the size of the victim machine's hard drive; the technology that would make that possible would be more interesting than Deep Freeze itself.

            A frozen comput

      • Another vote for deepfreeze, (or something similar like Microsoft's free ?steady state?) I remember back in my senior year of HS when deepfreeze was first out, me being one of the known "hackers" was told by my teacher and computer mentor to see what I could do to bypass it. Even back then in its beta stage, I tried all kinds of things, deleting key files, total formats, and in the end the only way I was able to compromise DF was via hardware keylogger. I didn't know as much then as I do now but it was pret
    • Good luck getting everyone to learn OS X, hiring -good- OS X admins, hardware support, and setting up the VM.

      For a small business, Macs are generally more harm than good, after all, most have one or two admins at most and most admins simply aren't good with people. Everything is different for the computer illiterate on a Mac. While a geek will be able to easily navigate between OS X, Unix, Linux, Windows, etc. your average employee (yeah, the one that thinks he deleted the internet one time when he remo
    • It would also work if you replaced "Mac" with "PC with Linux", except that Linux OS and OpenOffice cost $0.

      • It would also work if you replaced "Mac" with "PC with Linux", except that Linux OS and OpenOffice cost $0.

        As heretical as it might be to say on here, I'd pick OS X over Ubuntu for a non-technical user. Ubuntu is definitely a friendly Linux (which I use daily at work), but it has enough rough edges and quirks I would rather pay the up-front cost and get (in theory) better efficiency from the employee (and definitely easier support).

        • I would rather pay the up-front cost and get (in theory)

          Where is this place called "Theory" that you mentioned? Are your company's offices located there? If not, what does it matter what would happen there?

        • And Id rather pick windows over dealing with the costs of OSX.

          Looks like we have us an old fashioned stand-off....
  • by Mooga ( 789849 )
    Make them run as user without any admin rights. Problems solved.
    • If you think that step alone fixes all problems, then I would suspect that your job doesnt involve keeping computers clean, or your users are partiicularly savvy. Antivirus 20xx doesnt need admin rights to close every userland app that opens with the message "this program is infected and was blocked", and youre STILL left with manually uninfecting the machine. Thats ignoring that the bug may have pulled some sort of escalation trick to run as admin irregardless.
  • by bbernard ( 930130 ) on Tuesday April 27, 2010 @10:19PM (#32007986)

    I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.

    May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.

    • by santax ( 1541065 )
      Yes and when they all screw up, I'm sure I will have no trouble getting enough workers there to continue my business... And if not, I don't complain about being bankrupt and liable to a shitload of customers damages, no - I'll just take a free day from my workers who are perfectly happy to agree to such a contract... Fortune 500, here I come!
    • Re: (Score:3, Insightful)

      by jareds ( 100340 )
      Assuming this is even legal (as you're not only requiring employees to bring their own tools, but to spend their time maintaining said tools for free), this works great until potential employees wise up and you have to pay higher base wages to compensate for the inevitable docked pay (or spare computers or parts to avoid it). Since it's obviously much cheaper on average to keep a handful of spare computers or spare parts for the whole company, for use while dealing with the manufacturer for warranty repair
  • by Anonymous Coward on Tuesday April 27, 2010 @10:20PM (#32007992)

    Have the pre-hire install Ubuntu. No prompt, no job. Ubuntu can do anything.

  • by grahamsaa ( 1287732 ) on Tuesday April 27, 2010 @10:26PM (#32008046)
    But from what I've seen there's no good answer. Management in small businesses (and in business in general) is usually not concerned with someone's computer security skills or credentials, unless they're hiring someone for an IT position. Even then, it's not uncommon for someone without basic skills to make the cut.

    As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).

    Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.

    I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.

    But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.

    But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.

    The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!
    • As a college student who may/will end up in IT one day, I'm not even sure I really WANT everyone to be competent with computers. While it would obviously keep a lot of leaks/hacks/phishing/etc from happening, I might end up being the guy getting paid to clean up the mess (please though, only for the first year or two, I hope)...

      I consider computer illiterate people to be helping me secure my future!
  • by Like2Byte ( 542992 ) <Like2Byte AT yahoo DOT com> on Tuesday April 27, 2010 @10:46PM (#32008260) Homepage

    but you can't fix stupid.

  • Step 1 (Score:5, Insightful)

    by hey! ( 33014 ) on Tuesday April 27, 2010 @10:51PM (#32008308) Homepage Journal

    Hire *good* people.

    Step 2: work on developing their skills.

    You see, what you're asking is like "how do I handle all the fame and adulation after I become a rock star?" The hard part is finding good people. If you can find 'em, they're worth training because they're *trainable*.

    So if you've got somebody who can do a great job and adds to the team, but doesn't know what the hell phishing is, don't worry about that. You can teach a good hire what phishing is. You can't teach a bad hire who knows what phishing is to be a good employee.

  • Phish them OFFLINE! (Score:3, Interesting)

    by bronney ( 638318 ) on Tuesday April 27, 2010 @10:57PM (#32008370) Homepage

    To test if they're too noobie for the job, design a form on paper that phishes their info. Personal info, more private that your regular form at Burger King. If they fall for it, kindly show them the door. Hire the ones that alert you of the problem.

  • by JeffSh ( 71237 )

    Keep it simple, stupid, as they say. Remove local administrator and the person using the computer will find it impossible to fuck it up no matter how hard they try.

  • by Proudrooster ( 580120 ) on Tuesday April 27, 2010 @11:04PM (#32008430) Homepage
    Kind sir, computers are "fad". A mere inconsequential passing fancy. Computers are either used as tools of amusement (aka Windows, the formerly best $80 Solitaire game money could buy) and for destruction of the world (aka, hypertrading systems on Wall Street and cruise missile guidance systems).

    Why does a small business need computers? Think about how much more efficient you could be without all of those mumbo-jumbo computers and all the click-happy workers amusing themselves while back-doors and trojans compromise your network and data (on company time of course).

    Carbon paper, filing cabinets, and shredders. This is the path to an efficient small business. You may even want to question why your small business needs so many phone lines. Sorry I could not be more helpful, but just step back and ask yourself, "is all this technology really necessary?" I think you will agree, it is a fad that simply over-complicates everything.
  • Myself, I'm mostly a self-taught computer geek. Many of you are also or are at least aware of acquaintances or friends who get by being self-taught, I've always been a firm believer in competency tests vs. degrees.

    Work experience is another consideration, as I would test the competency of either a grad or a long-running self-taught previous employee somewhere else. The applicant's general knowledge may be good and well documented, but how are they able to specialize when the need arises?

    I was able to ge promoted upwards to the career I have now based on the merits of my passion to learn -on the job or not- as well as well as my ability to apply new ideas quickly. Not everyone is as lucky whether they have the skills or not. which is why I believe a lot of budding IT professionals and/or programmers would get in the door a lot easier with a competency test. On the flipside, maybe less losers would get in the door too.You never know, it could happen. :)

  • Think of the school system. You do not test someone prior to teaching them.

    Install an antivirus that locks down their computers: tracking changes in everything except for My Documents and their desktop. Registry changes should also be rare...they shouldn't be installing anything.


    • by drfreak ( 303147 )

      You do not test someone prior to teaching them.

      Actually, that is exactly what most schools do. How do you know what level of class to enroll someone in without knowing what they are already well-versed in?

      • 1. Submitter mentions constant problems. From this we already know their level. They've taken their test IRL, and already failed.

        2. You could spend lots of time creating documentation for them to read and understand, but it wouldn't work and nobody would want to do it.

        3. You get a program that solves everything and is the overall cheapest solution you can get: An antivirus that locks most of the vulnerable areas down, while still letting them browse randomly.

  • The current windows malware threat is not fully addressable by training. Some exploits are hitting people who have done nothing wrong. By all means train people, just be aware that no single measure will fully solve that issue.

  • Poorly word tests can knock out good IT works as well.

    \Poorly word tests / trick questions can

  • If they use/provide company vehicles, would they test potential employees to see if they know how to change brake pads or replace a timing belt?

    Relying on some test to see if people know not to open an email from "Hot Sex Machine" with a "cool app you must see now" is lazy IT administration. I know that small businesses often cannot afford an IT person, but to rely on some test is bad management. Are they going to retest people every year to make sure they're up on the latest scams or social engineering
  • ECDL (Score:3, Informative)

    by taylormc ( 926607 ) on Wednesday April 28, 2010 @12:12AM (#32009040)
    The European Computer Driving License may be helpful here. See http://www.bcs.org/server.php?show=nav.5829 [bcs.org] for a syllabus.

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall