Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Computer Competency Test For Non-IT Hires?

kdawson posted more than 4 years ago | from the first-prove-you're-a-human dept.

Businesses 369

wto605 writes "As computers are used for more and more vital business functions, small businesses must have office employees who understand the dangers of, and how to recognize and avoid, malware, spam, and phishing. After having been stung by monthly virus cleanups (at $75 an hour) due to an otherwise competent office manager, my parents have realized they need to be aware of their employees' computer skills beyond the ability to type a letter in Microsoft Word (currently the closest thing they have to a test of computer competence). The problem is, as a small business, they have no IT expert who would be able to judge a potential employee's competency. I'm wondering if anyone knows of a good way to test these security/safety awareness skills, such as an online test, a set of questions, etc. I have already pointed them to Sonicwall's Spam and Phishing test, but it definitely does not cover all of the issues facing computer users."

cancel ×

369 comments

Sorry! There are no comments related to the filter you selected.

Anybody can have a bad day (5, Insightful)

topham (32406) | more than 4 years ago | (#32007732)

Anybody can have a bad day.

Just because someone is competent with a computer doesn't mean they can't be the vector for an infection. If you start with that premise you'll realize how completely futile it is. What you need instead is a tutorial program to reduce risks. Things they should and shouldn't do, etc.

And proper anti-virus processes and procedures.

Re:Anybody can have a bad day (4, Interesting)

MBCook (132727) | more than 4 years ago | (#32007822)

Right, but computers can be dangerous tools. You are expected to prove some basic competency before you are licensed to drive. Same thing with operating heavy machinery.

If you don't know what you're doing, you can cause a lot of harm. If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble. You're right that anyone could accidentally do that, but you should make sure they know that in the first place.

I don't see any problem with some basic competency stuff. A little anti-phishing, some basic tasks in an email client, etc. If a job requires knowledge of how to use a computer, the applicants should know how to use a computer.

If they don't? You could not hire them, or you could train them.

Seems pretty reasonable to me. If you hire them and it turns out they don't know what they are doing, you can lose money directly (like the above), or indirectly (as they spend a day or two to do a simple task before you find out they didn't know what they were doing).

I know that there are some things that I would like on the test. It drives me nuts how many people don't know how to send screenshots around. When you get a piece of text on a web page you want me to know about, just send me the text. I don't want a screenshot of the text. I really don't want a word document with a screenshot of the text. I don't want it internally, and I don't want clients/partners seeing that. I'd rather spend the 5 minutes to teach them how to do it correctly.

Re:Anybody can have a bad day (3, Informative)

Anonymous Coward | more than 4 years ago | (#32007940)

Basic training and locking down the PCs is the way to go.

Don't let the users run as administrators, and most of the infection problems will go away. From there, teach them how to deal with spam email and how to recognize fake antivirus and other phishing scams.

Once the users are kept from shooting themselves in the foot (restricted rights), and are taught why they shouldn't point the gun at their foot in the first place, things should improve dramatically.

Re:Anybody can have a bad day (0)

Anonymous Coward | more than 4 years ago | (#32007968)

This is very true. You can lock away admin access, but unless you lock people out of E-mail access, they still can wreak havoc by not following BCC/CC rules, sending to mailing lists, or even CC-ing stuff to people not in a company.

Even mere access to a Web browser and browsing of pr0n on company time can result in sexual harassment lawsuits in some businesses.

Re:Anybody can have a bad day (5, Interesting)

ls671 (1122017) | more than 4 years ago | (#32008524)

When working for big corporations, I often have to pass a "computer security and privacy awareness test". It is usually implemented through a web interface with simple radio button forms (multiple choices) and I have to pass it before I can get any access to their systems.

Trust me, you really do not have to be a techie to pass it but you must know basic principles about internet security and privacy issues, confidentiality and security levels etc.

The solution seems simple enough; just get a template for one of these tests that pretty much look alike in any big corporation. Such standard tests but be available through the internet.

Have the candidates pass the test. Also, state strict sanctions for mistakes with regards to not following those basic guidelines and make them clear right from the start, preferably as part of the test. Candidates get the idea that you do not fool around with these topics.

Re:Anybody can have a bad day (2, Interesting)

countertrolling (1585477) | more than 4 years ago | (#32008206)

If you send out a message to a ton of clients and use CC instead of BCC.... you are in deep trouble.

Not even nearly as harmful as a crane falling on your head, or some old fart running you down because he hit the gas instead of the brakes. It's not that users aren't ready for computers, it's that computers aren't ready for the users. Cars weren't either until at least the 30s or 40s

Re:Anybody can have a bad day (0, Offtopic)

countertrolling (1585477) | more than 4 years ago | (#32008420)

(Score:0, Offtopic)

Oh go fuck yourself! You obviously don't speak English.

I was replying to this aspect of the post, Right, but computers can be dangerous tools. You are expected to prove some basic competency before you are licensed to drive. Same thing with operating heavy machinery.

Re:Anybody can have a bad day (0, Offtopic)

Anonymous Coward | more than 4 years ago | (#32008406)

all this licensing would do is create a caste society. it sounds great on the surface, but people would use it to exclude others for other reasons than competence.

Re:Anybody can have a bad day (-1, Troll)

biryokumaru (822262) | more than 4 years ago | (#32008530)

Like they do with driver's licenses, and truck licenses, and nuclear power plant licenses, and fishing licenses and all those other licenses that are misused to create a caste society, right?

Re:Anybody can have a bad day (0)

Anonymous Coward | more than 4 years ago | (#32007862)

A proper anti-virus process and procedure won't help if the error is between keyboard and chair.

Re:Anybody can have a bad day (1)

ClosedSource (238333) | more than 4 years ago | (#32008490)

Sure, you have to scan your desk too.

Re:Anybody can have a bad day (4, Funny)

WrongSizeGlass (838941) | more than 4 years ago | (#32007888)

Please answer all of these questions with a 'Yes' or 'No':
Are you familiar with Windows? (Yes / No)
Is Linux a computer operating system, a breed of penguins or some guy from Europe? (Yes / No)
When was the last time you rebooted your computer? (Yes / No)
Have you ever had a password you wouldn't share? (Yes / No)
Do you know enough about computer security not to watch porn at work unless it's at lunch or a boring meeting? (Yes / No)
What is the name of your first pet, the town you grew up in or your elementary school? (Yes / No)
Do you post on Slashdot? (Yes / No)

Your hired!

Re:Anybody can have a bad day (-1, Flamebait)

MaggieL (10193) | more than 4 years ago | (#32007954)

Do you use spell-check?
Will spell-check tell you the difference between "your" and "you're"?
You're fired.

Re:Anybody can have a bad day (0, Flamebait)

clarkkent09 (1104833) | more than 4 years ago | (#32008192)

Do you realize that almost half of the questions on this Yes/No questionnaire are not Yes/No questions? (Yes/No)

Re:Anybody can have a bad day (0)

Anonymous Coward | more than 4 years ago | (#32007918)

Anybody can have a bad day.

That's what the SEC lawyers said after someone did a review of the firewall logs.

Re:Anybody can have a bad day (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32008160)

I've never had any of my computers, running Mac/Windows infected by anything that I know of, I don't use any sort of protection either. However, I know many people with more protection than me who get viruses because they don't know what they're doing.

Sure I could get a virus. However, my friend who torrented an antivirus package to get rid of a virus he got from another torrent is still much more of a security risk than I'll ever be.

Re:Anybody can have a bad day (1)

DigiShaman (671371) | more than 4 years ago | (#32008292)

Sure it's futile, but it doesn't have to be a royal PITA in the process. Proper education of your employees should always be your first line of defense, followed by network, server, and workstations anti-virus protection. In the event of an infection, it should be rare and isolated.

racist (2, Funny)

Anonymous Coward | more than 4 years ago | (#32007752)

competency tests are all racist. they only seek to restrict minorities. you cannot legally require these - the courts have ruled. live with it, right wing tea bagger.

Simpler solution... (2, Interesting)

demonlapin (527802) | more than 4 years ago | (#32007786)

Why offer general internet access from office PCs anyway? Lock them down tight. If you want to be nice, have an unlocked PC or two with a completely separate Internet connection that can be used during break times for any minor personal details - checking personal email, reserving plane tickets, etc.

Re:Simpler solution... (1)

assemblyronin (1719578) | more than 4 years ago | (#32007810)

There are more attack vectors than just web traffic.

They'll need decent e-mail spam/virus filters, and physically disconnect USB drive access to their machines (people plugging in their dirty USB sticks).

Re:Simpler solution... (2, Interesting)

biryokumaru (822262) | more than 4 years ago | (#32007864)

Taking that a step further, they could sandbox all internet apps into a VM, and just wipe that if it gets virus-y.

Re:Simpler solution... (4, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#32007882)

Because people are generally more productive when they don't have things on their mind? I know for sure that if I have my personal e-mail/social networking sites/phone out I don't have to worry about missing important events, etc. and generally I'm more productive. I don't check it every 5 minutes or anything but it does help to allow me to focus without thinking about what I could be missing. Without the ability to check personal things, generally my mind tends to wander to them and I lose focus on work. I guess I'm just a tasklist type of person, I want to be -done- with everything, to be up-to-date on my e-mails, etc. Some people aren't. Some people would spend all day on Facebook and get nothing done, some people's minds just don't wander to other tasks, but in general mine does. If my work decided to block all the outside internet, I have little doubt my productivity would suffer because my mind would constantly be elsewhere.

Re:Simpler solution... (2, Insightful)

demonlapin (527802) | more than 4 years ago | (#32008318)

Then use your phone. I use my smartphone at work for exactly those reasons - there are a lot of conversations I have that are none of my employer's business.

Re:Simpler solution... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32008324)

It truly has become bizzaro world. You need constant access to distractions to not be distracted. And I believe you.

Re:Simpler solution... (4, Informative)

KahabutDieDrake (1515139) | more than 4 years ago | (#32008594)

It speaks volumes that your point of view is effectively, "I work better when I'm slightly less focused on my personal stuff". Has it occurred to you to try focusing on your work, when it's work time, and leave your personal issues at the door? I know this isn't a popular opinion around here, but your email, facebook and txt messages can wait until you aren't being paid for your time. If they can't, then you have a problem, and you should get counseling, OR you need to take a furlough from work and get your life in order.

While it's great that modern systems can keep us up to date on the latest and greatest events around us, it's nothing more than a distraction most of the time, and it is almost NEVER serious business.

Re:Simpler solution... (2)

redmid17 (1217076) | more than 4 years ago | (#32007886)

Well beyond the fact you need to tighten the comps down, there are very legitimate reasons to have web access at work. In fact a new Australian study thinks it actually raises productivity.

http://uninews.unimelb.edu.au/news/5750/ [unimelb.edu.au]

Re:Simpler solution... (4, Interesting)

demonlapin (527802) | more than 4 years ago | (#32008068)

I work at a hospital. The computers that are on the network on which sensitive data is passed have whitelist Internet access to a tiny handful of sites. There is also a public wifi network that is basically open to anything but porn/warez sites which anyone can attach to. You're welcome to connect your smartphone or laptop to it.

It's not about controlling the employees, which I agree is counterproductive. It's about protecting the corporate information. 90% of my Internet usage at work is personal and has no business being done on computers that might contain patient information. That doesn't mean I spend all day surfing rather than working; it just means I need to separate the two.

Re:Simpler solution... (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32007958)

Oh sure, while you sit in the back playing games and watch Hulu all day... Screw you. I worked in an office where the computers were "locked down tight" for a few months.

"How many ounces are in a liter?"
"Just a sec while I Google it. Oh wait, I can't. Give me fifteen minutes to walk over to the factory and physically find a 1L bottle so that I can look at the fucking label."

If I wanted to protect all of the fleet vehicles from damage all I had to do was throw away the keys. But that would be about as stupid and lazy as your locking down the internet connection. It's 2010, do your job, do it well and stop acting like the non IT employees are a bunch of chimps.

Re:Simpler solution... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32008416)

Hellooo, the non-IT employees are a bunch of chimps! In fact, so are at least half the IT employees...

Re:Simpler solution... (1, Offtopic)

demonlapin (527802) | more than 4 years ago | (#32008442)

I'm not IT.

Re:Simpler solution... (2, Insightful)

aoteoroa (596031) | more than 4 years ago | (#32007988)

In an age where many suppliers use web applications that our employees need to place orders, research part specifications and more blocking the web isn't very feasible, and white lists are way too much work compared to occasionally re-imaging a drive. However ever since we put in IPCop to track web usage the number of viruses and other malware decreased significantly. But it could be just a coincidence.

Re:Simpler solution... (3, Insightful)

DigitAl56K (805623) | more than 4 years ago | (#32008074)

You'd make the kind of admin I despise.

Maybe because people like to listen to streaming music while they work. Maybe because people like to do research online while they work. Maybe IM is a useful form of communication. Maybe you want to research your clients or competition or do SEO or some graphics tutorials or download an editor for something yada yada yada. Don't hire total noobs, do your job of installing the latest updates, run some anti-virus (insert McAfee joke here), and have an understood IT policy - understood meaning people understand your concerns, not just "the rules". You can never have perfect security, but you can have reasonable security without being an ass about it. You can also have a backup plan, like backing up documents on a schedule to a safe(r) system and having a disc image to recover a system from reasonably quickly.

Yours is an office I wouldn't work in, and maybe there is something to say for self-selection of the people that would.

Re:Simpler solution... (1)

blackraven14250 (902843) | more than 4 years ago | (#32008266)

Depending on where you work, it might be a good idea to lock down most of the computers. A hospital or doctor's patient information shouldn't be on machines with free-for-all internet access, as someone mentioned above. The problem here isn't "loss of data". It's "anyone who isn't authorized seeing nearly any portion of the data", which is a much harder thing to do when everyone has access to email, Google and every bit of snoopware that comes with that.

Re:Simpler solution... (0)

Anonymous Coward | more than 4 years ago | (#32008384)

A hospital or doctor's patient information shouldn't be on machines with free-for-all internet access

That information probably shouldn't be accessible from a personal machine, period. Well-run hospitals and such have dedicated machines for handling all patient data, with 'regular' machines on desks. Same thing in certain classified environments - you can have a sensitive (but non-internet-connected) machine next to an open machine on the same desk.

The realistic answer is that you need 'enough' security so that you maximize productivity. More security can reduce productivity if the incremental benefit of more security makes employees' jobs harder. But you definitely don't need the same policy for non-sensitive machines that you do for a doctor's office.

Certainly 'locking down' all the machines is just damned lazy. I want to pimp slap the losers who force that crap through.

Re:Simpler solution... (2, Informative)

demonlapin (527802) | more than 4 years ago | (#32008302)

Sorry. I should have been clearer. This is obviously a really small business (a $75/hr consultant makes a difference to them) that faces a difficult situation because of one otherwise exemplary employee. Set up a network with all the sensitive data on it that is locked down tighter than a nunnery and a network that's not so tightly managed that allows internet access. Problem solved.

I work in a large hospital. If you log in as a generic user - typical for most stations, because anybody can wake it up from the screensaver - you get no Internet access. If you log in as yourself, making tracking (and disciplinary action) possible, you can go to any non-porn/warez/etc site. It's no serious imposition on people who work in one place, and it keeps the infections down.

Re:Simpler solution... (0)

Anonymous Coward | more than 4 years ago | (#32008112)

"Lock them down tight" isn't necessarily simple, and isn't a practical solution for a small business with "no IT expert". Simple is relative - if you have experience locking down Windows boxes, then yeah - it's simple. If you're a business that just happens to depend on off-the-shelf computers to run some day-to-day operations then some sort of pre-employment skills assessment is far more simple. I think they'd spend just as much money hiring someone to lock down the environment, only to find the locked-down environment overly restrictive and preventing installation or operation of apps. Users need sufficient system rights to do work; the reason a business exists in the first place. Identifying candidates who can recognize and avoid common infections will strike a better balance between security and functionality for a small business with no IT staff.

Re:Simpler solution... (1)

Joce640k (829181) | more than 4 years ago | (#32008320)

"Don't run as admin" *is* simple and will prevent most malware/infections.

Good way to encourage them to learn quickly (4, Interesting)

Jbcarpen (883850) | more than 4 years ago | (#32007796)

A lot of people can recognize such things already. They just don't want to take the time to bother with it. So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.

When I was younger, the mother of one of my friends was bad enough about it that her computer needed wiping on a weekly basis. My friend wasn't much of a computer person, but he at least knew what not to do. Unfortunately he was stuck using the same machine and so still had to deal with it. For a while I was fixing it for them for free since he was a friend, but when I started charging $20/hour for cleanup his mother changed her ways amazingly quickly.

Re:Good way to encourage them to learn quickly (1)

wikid_one (1056810) | more than 4 years ago | (#32007884)

Exactly. Money always makes people think twice.

I cleaned up a PC that had over 500 (was several years ago, don't remember the exact number) infections. They were a friend of my dad's so I just charged him some gas money, since all I did was throw in an unattended XP CD and waited for it to finish.

I received a phone call from him before I had even made it home... about 15 min away. The AV I installed had already found several viruses on there. He got mad and said he was taking it to Best Buy. After they charged him $350 to reinstall Windows like I had just done, he was more than willing to sit down with me and let me show him how to be more secure with his computer use.

Re:Good way to encourage them to learn quickly (1)

LordLimecat (1103839) | more than 4 years ago | (#32008224)

If your users can do significant damage to their computers by clicking links, perhaps its your salary that should be docked. Maybe try, oh, I dont know...
  • Not running as admin
  • keeping your OS and browsers up to date
  • Locking down what browser plugins exist and can run
  • setting up a proxy to filter out "bad stuff" (exe, pdf, etc)

Seems to me that sort of thing falls on the sysadmin to worry about.

Re:Good way to encourage them to learn quickly (4, Informative)

Trepidity (597) | more than 4 years ago | (#32007890)

It's illegal to dock employees' pay for damage to the employer's property.

For accidental damage, employees have no liability at all: It's considered the employer's responsibility to manage its workplace in a way that minimizes accidental damage, and any that does occur is considered a cost of doing business. Viruses routinely appearing on company machines, especially if it happens to many employees' machines, is probably in that category.

For damage done intentionally or through serious negligence, the employee may be responsible, but the employer still cannot dock their pay; they must sue the employee to recover the damages, and must prove by a preponderance of the evidence that the damage was inflicted intentionally or negligently.

Re:Good way to encourage them to learn quickly (1)

demonlapin (527802) | more than 4 years ago | (#32008130)

It's illegal to dock employees' pay for damage to the employer's property.

Are you sure? A quick Google suggests [blr.com] that this is true if the employee is exempt, if it wasn't in their contract, or if it would pull them below minimum wage, but not otherwise.

Re:Good way to encourage them to learn quickly (1)

Trepidity (597) | more than 4 years ago | (#32008214)

Ah yeah, I was assuming salaried (exempt) employees, which is the norm for office jobs that involve routine use of computers; though I suppose there are some hourly-wage data-entry jobs.

There are some cases where hourly workers can have their pay docked, but even then, as the site you link to says, only if "caused by the employee's gross negligence, or dishonest or willful act." And the bar for gross negligence is fairly high, not just anything that could have been prevented if the employee had been more careful.

Re:Good way to encourage them to learn quickly (2)

demonlapin (527802) | more than 4 years ago | (#32008378)

only if "caused by the employee's gross negligence, or dishonest or willful act."

Only in California. The federal law (FLSA) allows docking pay if the contract allows it and it doesn't bring the employee below minimum wage.

Re:Good way to encourage them to learn quickly (0)

Anonymous Coward | more than 4 years ago | (#32008422)

Well you can try docking my pay, but we are going to have issues. Court is going to be your first. Oh you ARE going to have to fire me, but I will be underhanded enough to make it look like your fault. And once I am fired I will have LOTS of time putting together my case against you. Badmouthing you to your clients, as untraceable as possible (enough so your going to have a hell of a time proving it, remember I have time now). So if you want to be a douche and dock my pay because you were too cheap or lazy to maintain your equipment, yeah it will be war.

Signed
Anonymous Coward (we are everywhere)

Re:Good way to encourage them to learn quickly (1)

demonlapin (527802) | more than 4 years ago | (#32008564)

You have lots of time to be unemployed, with no unemployment benefits because you got fired...

Seriously, I'm not an employer, but if I were I'd be laughing really hard.

Re:Good way to encourage them to learn quickly (1)

Darkness404 (1287218) | more than 4 years ago | (#32008040)

So dock the cleanup costs out of their pay, suddenly they'll be a LOT more careful about what they trust.

Yeah, and that is going to work just as well as those 40-something 'businessmen' who think everything is going to ruin their hardware. Surely you've met a few, you know, the people who buy the $2,000 Sony computers with Core i7s but won't run anything more than IE, their corporate e-mail because it might 'damage' their computer? When people are afraid to use technology, productivity will drop -far- below when they use it for whatever. A re-image takes, what, 5, 10 minutes? An employee scared to use technology takes out many, many, hours of work.

Re:Good way to encourage them to learn quickly (1)

rootofevil (188401) | more than 4 years ago | (#32008580)

and recovering from a data breach takes, what, infinity time? an employee being cavalier with their access can cause unmeasurable damage to the company they work for.

to be fair, i mostly agree with you. i do think you took it a little too far though.

Re:Good way to encourage them to learn quickly (2, Interesting)

LordLimecat (1103839) | more than 4 years ago | (#32008194)

Did you check that competency quiz by sonicwall? People are expected to know the following to pass that test:
  • What HTTPS is, what HTTP is, and which is better
  • How any given company will format their emails-- will Yahoo address them by account number, or name? Or "member"?
  • How the DNS heirarchy works-- that Internal Revenue Service emails will come from a .gov, and what that means
  • What a legitimate domain name will look like (paypal.com isnt the same as paypal.com.somethingelse.net?)
  • How to check where a link points to without clicking it

May sound reasonable to a tech guy, but a lot of this isnt stuff that can easily be taught. Seems to me a lot of this is trying to ignore the fact that the existing DNS and SMTP systems are a mess and just blaming the user for being a retard.

Maybe its just me, but when people hire me as an IT consultant, I generally assume its because they want ME to take care of the technical details, not blame them for not being able to pass a Net+ exam. Perhaps that paycheck youre earning is so that YOU can handle the complexities of spam and viruses? Just a thought.

Re:Good way to encourage them to learn quickly (1)

Jbcarpen (883850) | more than 4 years ago | (#32008484)

Perhaps, but the story author doesn't have an IT guy.

Heck, my grandma is better about computer security than the 'manager' mentioned in the story.

I don't know (4, Interesting)

the_humeister (922869) | more than 4 years ago | (#32007812)

But the place I work at gave me a computer with Ubuntu installed to use. I requested this after the McAfee incident [cnet.com] last week. Apparently I'm the only one...

Re:I don't know (1)

LordLimecat (1103839) | more than 4 years ago | (#32008254)

Honestly, if youre running a Symantec or McAfee product, you really lose any rights to complain about what happens to your computer / server.

Re:I don't know (2, Funny)

omglolbah (731566) | more than 4 years ago | (#32008306)

Global corporate policy forces me to install McAfee on every server I set up and run... even test servers for our lab.
My manager has no say in it, her manager has no say... the head of the office in my country has no say in it... it is decided in germany by the central "IT Security" department.

So... dont tell me what I can and cant do. If I had a choice I would dump mcafee... unfortunately I dont.

Fairly simple comprehensive (1)

redmid17 (1217076) | more than 4 years ago | (#32007828)

Gave them do a couple of tasks 1) Give them a website to go to pull data from (could be anything you can put in a spreadsheet - weather, money, but something fairly simple should do) 2) Have them open excel and plot averages, totals, means, etc... (you can choose what is relevant) and make a chart of the data 3) Have them open word doc and insert the chart/data table into the word document and describe whatever data is there 4) Have them make a crappy 1 slide powerpoint slide to demonstrate it (still including the graph 5) have them save the file to a network drive after they map to it. 6) Lastly have them use the search function of whatever OS you're using to find said document after everything has been closed nothing too difficult, and these are relatively routine tasks that most office workers do on a daily/weekly/monthly basis.

Replace their PC's with Mac Mini's (5, Interesting)

ducomputergeek (595742) | more than 4 years ago | (#32007852)

Get parallels or VMware if they really need Windows from something, have them run it in a virtual machine. Yes there may be an upfront cost to switch from MS Office for Mac from the windows version, but if the VM gets infected, nuke the VM and install a fresh one.

Something we learned real quick was that higher up front costs with macs were quickly recovered since we weren't dealing with these type of problems on a regular basis.

Hell, I have programmers that are good programmers but frankly don't know the first thing about systems administration.

Re:Replace their PC's with Mac Mini's (5, Interesting)

v1 (525388) | more than 4 years ago | (#32007942)

(while I like the Get A Mac suggestion, perhaps something more windows-zealot-friendly...)

or get something like Deep Freeze [faronics.com] and have it simply restore the HD to factory every 2am. And use network home folders and shares for documents.

Then you have ONE place to run the malware/av software on, the server's shares, at 2am while all the machines on the floor are reimaging themselves for tomorrow.

(there's no point in suggesting something that they're unlikely to try even if you can make a good case for it or in fact are offering a very competitive suggetsion)

Re:Replace their PC's with Mac Mini's (1)

Z34107 (925136) | more than 4 years ago | (#32008296)

Deep Freeze doesn't actually re-image the computer - if you save a file locally, it's gone when you reboot it. It probably keeps a buffer or something at the end of a frozen partition.

You can have it automatically reboot (thawed) to install Windows updates and run maintenance scripts.

Re:Replace their PC's with Mac Mini's (1)

zippthorne (748122) | more than 4 years ago | (#32008458)

Perhaps you've understood a different definition of "re-image" than I do, but I'm pretty sure that's what is supposed to happen in one. No files on the drive except for what's in the image.

I think DeepFreeze does it by storing the image on a hidden partition on the same disk, though, so maybe that's what you're talking about?

Re:Replace their PC's with Mac Mini's (1)

DeltaHat (645840) | more than 4 years ago | (#32008550)

I installed Deep Freeze on my parent's computer years ago after they proved themselves unable to handle the responsibility of a computer. It turned out to be a godsend and took much of the burden off of both of us. They no longer fear damaging their computer with their ignorance - they are one reboot away from a fresh machine, and I no longer fear their phone calls. Deep freeze is extra handy in that it doesn't stop them from using their computer; it just resets it back to "factory" condition each time they reboot. All the windows functionality remains and it stays out of the way. If they really need to make a permanent change, they just have to reboot in defrost mode. I spent years futilely trying to teach my parents to safely use a computer. But since I couldn't take the knife away from them, I could only make sure it wasn't sharp enough to hurt anybody.

Re:Replace their PC's with Mac Mini's (1)

Darkness404 (1287218) | more than 4 years ago | (#32007964)

Good luck getting everyone to learn OS X, hiring -good- OS X admins, hardware support, and setting up the VM.

For a small business, Macs are generally more harm than good, after all, most have one or two admins at most and most admins simply aren't good with people. Everything is different for the computer illiterate on a Mac. While a geek will be able to easily navigate between OS X, Unix, Linux, Windows, etc. your average employee (yeah, the one that thinks he deleted the internet one time when he removed the shortcut to IE) is going to need a month or more of training before it becomes second nature.

Macs are also a pain to upgrade. While its pretty easy to buy ~20 cheap Dell PCs for $400 and just replace components, its a lot harder to do with a Mac Mini. CD drive goes out on the Dell? Just swap in a cheap $15 drive. CD drive goes out on the Mini? You need to find a specific model otherwise it isn't going to work right with the case.

If you have a tech-based shop, yeah it might make sense to transition to Macs, for the average small business? Its just too much expense. Just get a PC, keep RAID servers, back up everything onto the servers and be good. If you -really- want to, install Linux to remove the virus problem. But Macs aren't cost effective for most small businesses.

Re:Replace their PC's with Mac Mini's (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32008006)

Or to not throw your money down the drain replacing all your computers (if this is an option)..... Install linux on their existing computers using a network wide install, and then have them use VMware/Virtual box.

Re:Replace their PC's with Mac Mini's (1)

Pentium100 (1240090) | more than 4 years ago | (#32008042)

It would also work if you replaced "Mac" with "PC with Linux", except that Linux OS and OpenOffice cost $0.

Re:Replace their PC's with Mac Mini's (1)

frosty_tsm (933163) | more than 4 years ago | (#32008144)

It would also work if you replaced "Mac" with "PC with Linux", except that Linux OS and OpenOffice cost $0.

As heretical as it might be to say on here, I'd pick OS X over Ubuntu for a non-technical user. Ubuntu is definitely a friendly Linux (which I use daily at work), but it has enough rough edges and quirks I would rather pay the up-front cost and get (in theory) better efficiency from the employee (and definitely easier support).

Re:Replace their PC's with Mac Mini's (1)

techno-vampire (666512) | more than 4 years ago | (#32008310)

I would rather pay the up-front cost and get (in theory)

Where is this place called "Theory" that you mentioned? Are your company's offices located there? If not, what does it matter what would happen there?

Re:Replace their PC's with Mac Mini's (0)

Anonymous Coward | more than 4 years ago | (#32008472)

Except that the amount of work hours lost getting Stupuntu (TM) to actually do anything is not worth the trouble.
And if you use a non-unbuntu linux distro, then OK the hax0rs won't be able to hack it but the n00bs won't be able to use it either.

stupuntu is made to look friendly but when it comes down to it, it takes a lot of work even by a linux guru to make it usable and useful.

Remove admin rights (0, Offtopic)

MyLongNickName (822545) | more than 4 years ago | (#32007878)

If the user does not have admin rights to his workstation, 95% of the problems go away. Don't throw out otherwise valuable workers because of lack of competence on the part of the sysadmin.

Re:Remove admin rights (1)

dougsk (677406) | more than 4 years ago | (#32008362)

+1 The right answer

Skills assessments (1, Informative)

Anonymous Coward | more than 4 years ago | (#32007892)

Previsor has extensive pre-employment online skills and knowledge tests. One from their catalog that comes to mind is the Information Security Awareness test, described as:

This is an adaptive test that measures the candidate's knowledge of information security. Designed for general computer users, this test includes the following topics: Computer Best Practices, Computer Ethics & Misuse, ID & Data Information Theft, Internet Best Practices, Passwords, Physical Security, Sensitive Information, and Viruses & Other Harmful Software.

http://www.previsor.com/products/assessments/catalog

User? (1)

Mooga (789849) | more than 4 years ago | (#32007920)

Make them run as user without any admin rights. Problems solved.

Educating and lockdown (1)

Dewser (853519) | more than 4 years ago | (#32007966)

It certainly isn't a bad idea to test new hires. I currently have a non-profit client that has a large number of service staff that use laptops. A majority of them have absolutely no clue how to use the computers. Most see the application and confirm they know how to use computers. Frankly I believe laptops are reserved for slightly more advanced end users. We were back and forth with this client a couple times a week because their most recent user was completely computer illiterate. She didn't know why her laptop wouldn't stay on.... I checked the docking station and the power cable was not connected.

Many state agencies require prospective admin staff to take an exam before they can apply for a job. These exams cover a number of topics that have to do with the level of job they are going for. I don't see a problem with developing similar standards for non-government jobs. Then again its tougher for a small business with no IT staff to go through this. What I would recommend is to get your parents to hire an outside firm to help them not only with their IT support but with educating their users. They should easily be able to develop a hiring quiz for new hires as well as develop training plans for users.

Locking down the workstations is also not a bad idea. Get regular users out of the local admin groups on the workstations. Make sure AV is being properly updated and even look into installing a small business class firewall that does some content filtering as well as gateway AV. Sonicwalls provide these services and usually at a pretty good rate.

Good luck!!

Make them maintain their own damn computer (4, Interesting)

bbernard (930130) | more than 4 years ago | (#32007986)

I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.

May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.

Re:Make them maintain their own damn computer (0)

Anonymous Coward | more than 4 years ago | (#32008348)

You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment.

No problem. Be aware, dear company, that as I am providing my own work tools I will be charging at contracting rates and that my machine will not be subject to searches by you.

Re:Make them maintain their own damn computer (1)

archmcd (1789532) | more than 4 years ago | (#32008368)

I'm intrigued... which companies are doing this?

Re:Make them maintain their own damn computer (1)

bbernard (930130) | more than 4 years ago | (#32008614)

Here's a URL with a link to a December article about a few companies "dipping their toes in":
http://www.itbusinessedge.com/cm/community/features/articles/blog/employee-owned-computer-programs-diving-into-murky-waters/?cs=38238 [itbusinessedge.com]

I don't want to comment on companies that I have personal knowledge of, NDA's and all that. There are two that I currently know of personally that are in process. (Sorry, I have to leave it there)

It is really just another evolutionary step from companies that have started going to thin-clients (Sun Ray, WYSE, etc.) just going the next step to a software only client.

I will say that I haven't seen all the kinks worked out yet.

Re:Make them maintain their own damn computer (1)

santax (1541065) | more than 4 years ago | (#32008438)

Yes and when they all screw up, I'm sure I will have no trouble getting enough workers there to continue my business... And if not, I don't complain about being bankrupt and liable to a shitload of customers damages, no - I'll just take a free day from my workers who are perfectly happy to agree to such a contract... Fortune 500, here I come!

Re:Make them maintain their own damn computer (1)

Rivalz (1431453) | more than 4 years ago | (#32008446)

So does the virus have a once a day down time, once a pay period, or once a lifetime for that one vacation day to kick in?
I personally would opt for a virus on my computer once every Mon, Wed, Thur.

I thought everyone knew the answer to this (4, Funny)

Anonymous Coward | more than 4 years ago | (#32007992)

Have the pre-hire install Ubuntu. No prompt, no job. Ubuntu can do anything.

that quiz is rubbish (-1)

Anonymous Coward | more than 4 years ago | (#32008020)

They claim the UPS and 'bank of choice' emails are legitimate, however:
  - the UPS one has a link asking you to click on it to view images (90% of spam these days has this - just look at your spam folder in gmail).
  - the 'bank of choice' one asks you to go to 'bankofchoiceonline.com' which could easily be a domain name registered by a phisher (ie with the 'online' part added).

the only one which is legitimately legitimate-looking is the wells fargo one which doesn't ask you to do anything.

Re:that quiz is rubbish (2, Informative)

Ron Bennett (14590) | more than 4 years ago | (#32008364)

Got 10 out of 10, but doubt few people could, especially with the limited information shown.

Some of those they consider "legitimate" are very borderline in my view, especially that UPS one.

Also, the testing site makes a big deal about misspellings and formatting in some of the "phishing" emails. And yet the The Bank of Choice one, that's supposedly "legitimate", has an obvious spelling error in it too!

Ron

You ask a good question (4, Insightful)

grahamsaa (1287732) | more than 4 years ago | (#32008046)

But from what I've seen there's no good answer. Management in small businesses (and in business in general) is usually not concerned with someone's computer security skills or credentials, unless they're hiring someone for an IT position. Even then, it's not uncommon for someone without basic skills to make the cut.

As an IT manager (or, the only IT manager) at a smallish (25 seat) company, I've been confounded by the fact that management doesn't seem to care about basic IT literacy. They're much more concerned with how qualified someone is to be an accountant, an admin or a lawyer (and I'm not picking on any of these professions -- just using a few examples).

Unfortunately most people who possess these skills (valuable non-IT-related skills) don't know much about computers -- and the older, more experienced (and thus more valuable) employees tend to know even less.

I once tried to get a basic IT related questionnaire added to our interview process for all employees. Management wasn't interested because they feared that it might disqualify an otherwise valuable employee. I've long since come to terms with the fact that at most companies, IT skills are only important for IT-related positions. Sure, they may make an applicant slightly more attractive, but it really has no influence over the hiring process.

But since you ask the question -- if it were a perfect world (at least, according to my definition), we wouldn't hire anyone for a desk job that couldn't type at least 40 wpm. We wouldn't hire anyone who couldn't explain the differences between a good and bad password. We wouldn't hire anyone anyone who thought thinks it's safe to give their password out to a stranger or to click on a link that they didn't trust.

But that's not the world we live in. Unfortunately, if my company were to stick to those guidelines we would have to downsize dramatically. We'd definitely stop growing.

The truth is that people who aren't involved in IT related work generally don't care about IT. And while I find it frustrating, I can't blame them. For most people, particularly older people, IT just doesn't make sense. Unless and until it does, good luck!

Re:You ask a good question (1)

ProdigyPuNk (614140) | more than 4 years ago | (#32008286)

As a college student who may/will end up in IT one day, I'm not even sure I really WANT everyone to be competent with computers. While it would obviously keep a lot of leaks/hacks/phishing/etc from happening, I might end up being the guy getting paid to clean up the mess (please though, only for the first year or two, I hope)...

I consider computer illiterate people to be helping me secure my future!

Re:You ask a good question (1)

archmcd (1789532) | more than 4 years ago | (#32008322)

We wouldn't hire anyone who couldn't explain the differences between a good and bad password.

Add "We wouldn't hire anyone who knew what a good password was, but chose to jot it on a sticky note on their keyboard so they wouldn't forget it."

I shouldn't say this, but that's what the most experienced people in my company do.

Re:You ask a good question (1)

zippthorne (748122) | more than 4 years ago | (#32008518)

For some use cases, there's nothing wrong with that. If the bad guys are sitting at your desk, the've got physical access...

Re:You ask a good question (1)

Rivalz (1431453) | more than 4 years ago | (#32008486)

Very true but video tutorials and a knowledge base go a long way to helping ease various issues that arise from untrained staff.
If management doesn't want to spend time and money seeing that it's staff is trained or knowledgeable in those issues then they should expect more issues.

What I do is I provide basic and advanced training manuals in the break rooms for staff to read while they are eating or bored.
It doesn't help much but it helps a little bit.

Re:You ask a good question (0)

Anonymous Coward | more than 4 years ago | (#32008552)

Exactly. If you want computer security compentent employee, add it to your job application requirements although you might have some trouble filling the roles, or they may ask for more money, as it has more requirements.
The role of IT is to educate and protect users and networks from viruses, malware, and even themselves. If your IT company is not pro-actively securing your network then find one that can.

do these two things (-1)

Anonymous Coward | more than 4 years ago | (#32008246)

- tell them to use firefox only (ie not to use internet explorer)
- if they are using trend micro, bin it and tell them to use AVG or Avast.

and a good question for _them_ to ask any IT person they are going to hire is:
    - what web browser do you use?
      wrong answer = internet explorer.

  if they answer something other than internet explorer,
    - why?
      correct answer = because internet explorer is rubbish which makes it
      practically impossible for even the most technically gifted, aware
      users to avoid getting infections.
      (or something like that).

  ask them what antivirus product they recommend.
    - if they recommend trend micro or any symantec or norton products,
        then they have no f* idea - don't hire them.
    - if they say something like "i use this xxx free antivirus product"
        then that's good.
    - if they recommend some other products like mccaffey or kapersky
        well I don't know much about them so I dunno, but if you ask them
        why and they say 'because trend micro is a piece of rubbish' then
        they probably do know their stuff. At least this shows that they
        are discriminating in their choices.

buy a Mac (1)

Gothmolly (148874) | more than 4 years ago | (#32008258)

Seriously - with real and useful UAC, it will prevent most of this crap.

That's all well and good... (2, Funny)

Like2Byte (542992) | more than 4 years ago | (#32008260)

but you can't fix stupid.

Step 1 (4, Insightful)

hey! (33014) | more than 4 years ago | (#32008308)

Hire *good* people.

Step 2: work on developing their skills.

You see, what you're asking is like "how do I handle all the fame and adulation after I become a rock star?" The hard part is finding good people. If you can find 'em, they're worth training because they're *trainable*.

So if you've got somebody who can do a great job and adds to the team, but doesn't know what the hell phishing is, don't worry about that. You can teach a good hire what phishing is. You can't teach a bad hire who knows what phishing is to be a good employee.

Simple Solution (1)

solid_liq (720160) | more than 4 years ago | (#32008356)

The solution to this is simple:

1. Make sure you have an Enterprise licensed AV installed. The per-client cost is low, and the updates will be centrally managed by the server. If your network is too small for this to be cost effective, then just have Norton AV (or your favorite respected AV) on every machine in the network.

2. Don't give your employees local admin privs. This one change has, in my experience, made all the difference in the world for many small businesses.

This is much cheaper than paying the labor for having an IT person come in and clean up all the messes.

Phish them OFFLINE! (2, Interesting)

bronney (638318) | more than 4 years ago | (#32008370)

To test if they're too noobie for the job, design a form on paper that phishes their info. Personal info, more private that your regular form at Burger King. If they fall for it, kindly show them the door. Hire the ones that alert you of the problem.

Basic competency (1)

tombeard (126886) | more than 4 years ago | (#32008386)

If they know how to navigate the file system, file manager or whatever, they know enough. Otherwise no.

KISS (1)

JeffSh (71237) | more than 4 years ago | (#32008408)

Keep it simple, stupid, as they say. Remove local administrator and the person using the computer will find it impossible to fuck it up no matter how hard they try.

Good Business Sense? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32008428)

Lets say I'm in the sales business. Hiring this 1 guy will make me $1,000,000 profit per year. Except he's a total moron with computers. Lets say he needs a full time IT person to make sure he does everything right. That person's wages might be $100,000 per year. That's still $900,000 profit per year.

How about the incompetent barely managing to justify their own job people? Maybe these people need to be squeezed as the article suggests some remedial courses to be brought up to standards to reduce costs to the corp.

But I disagree with both. I think we in IT should be implementing systems that eliminate the risks associated with phishing and malware. Principle of least privilege already accounts for the people being knowledge for things software cant fix.

Step back and look at the big picture. (3, Funny)

Proudrooster (580120) | more than 4 years ago | (#32008430)

Kind sir, computers are "fad". A mere inconsequential passing fancy. Computers are either used as tools of amusement (aka Windows, the formerly best $80 Solitaire game money could buy) and for destruction of the world (aka, hypertrading systems on Wall Street and cruise missile guidance systems).

Why does a small business need computers? Think about how much more efficient you could be without all of those mumbo-jumbo computers and all the click-happy workers amusing themselves while back-doors and trojans compromise your network and data (on company time of course).

Carbon paper, filing cabinets, and shredders. This is the path to an efficient small business. You may even want to question why your small business needs so many phone lines. Sorry I could not be more helpful, but just step back and ask yourself, "is all this technology really necessary?" I think you will agree, it is a fad that simply over-complicates everything.

Applicable to higher-level jobs as well (2, Interesting)

drfreak (303147) | more than 4 years ago | (#32008504)

Myself, I'm mostly a self-taught computer geek. Many of you are also or are at least aware of acquaintances or friends who get by being self-taught, I've always been a firm believer in competency tests vs. degrees.

Work experience is another consideration, as I would test the competency of either a grad or a long-running self-taught previous employee somewhere else. The applicant's general knowledge may be good and well documented, but how are they able to specialize when the need arises?

I was able to ge promoted upwards to the career I have now based on the merits of my passion to learn -on the job or not- as well as well as my ability to apply new ideas quickly. Not everyone is as lucky whether they have the skills or not. which is why I believe a lot of budding IT professionals and/or programmers would get in the door a lot easier with a competency test. On the flipside, maybe less losers would get in the door too.You never know, it could happen. :)

Not a test... (1)

Vu1turEMaN (1270774) | more than 4 years ago | (#32008510)

Think of the school system. You do not test someone prior to teaching them.

Install an antivirus that locks down their computers: tracking changes in everything except for My Documents and their desktop. Registry changes should also be rare...they shouldn't be installing anything.

Done.

Re:Not a test... (1)

drfreak (303147) | more than 4 years ago | (#32008540)

You do not test someone prior to teaching them.

Actually, that is exactly what most schools do. How do you know what level of class to enroll someone in without knowing what they are already well-versed in?

From a military perspective (0)

Anonymous Coward | more than 4 years ago | (#32008598)

I work in a military hospital where I'm required to complete many computer based training modules before I'm even allowed to begin to do my job. This means somewhere around 70 military tests along with several others including network security need to be completed within a short amount of time. This isn't even counting the classes and training for hospital based computing and procedures for patients. The results are people blowing through them as quickly as possible and new employees and staff passing the answers around for the tougher ones to get their orientates through the process as quickly as possible. No one will legitimately look at any required tests such as these as important as the person who made them required nor will they be motivated enough to care why they should even understand the reason for taking them. The only way to motivate people to do the right thing is through fear of doing the wrong things. IE all computer communications are monitored and you could potentially be punished for visiting the wrong websites and or accidentally infecting your computer with a virus, or giving a reward for doing things the right way IE a day off if your department goes incident free for a quarter.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>