The-exam-nearly-every-employee-will-fail_SQIt’s time for resolutions 2015. Thou shall do this, thou shall do that. We thought it would be a good resolution for sysadmins to educate users about security and risk. So, we said, what if we had to set a basic security exam paper for users – surely they’d know what they should do and what they should not. Past experience has taught us, though, that sysadmins will hear angels singing before their users pass the exam. We put together 10 easy questions and the answers we suspect most users would give – to the horror of the any sysadmin tasked with correcting the papers.

1. How do you go about choosing passwords?

Passwords should be easy to remember. Lengthy passwords are easily forgotten and that means locked accounts every month or so (I don’t think IT appreciate unlocking my account every time). Date of birth, mother’s maiden surname and patterns like qawsedref are simple, easy to remember and secure – no stranger knows my DOB. If the company imposes what they call ‘strong’ passwords – which are nothing but jumbled characters – you can write them down on a piece of paper and stick it to the bottom of the screen or PC tower. One password is good enough for most of your accounts too. Makes life easier when you have cookies enabled, so you’re logged in automatically to Gmail, Facebook and personal dating sites. One password to access them and open them all.

2. Recommend four things you should do with a company-owned device.

It’s your device now. If it’s going to be in your possession 24/7, then you can claim ‘ownership’ (the company is still bound to provide support – that’s when it becomes company-owned).

Don’t restrict yourself to checking work email on the device. Kids and other family members should be able to use it too. That 1TB hard disk on the laptop is way too much storage for work files alone.

Download a game or two. If you feel the urge to play you can always connect to the office Wi-Fi and take a break for some fun.

If you’re told to encrypt the data, make sure you keep the key readily available to decrypt the data if need be. Keeping a copy of the key in the laptop bag is a good idea.

3. Define a suitable amount of time for non-work-related browsing at work.

It’s good to take a break every now and then at work. Five minutes here and there won’t break the company or lower productivity. Regular breaks from your daily chores help keep your brain fresh. These breaks are important because you have the right to check on your Facebook friends; get the latest news from the world of fashion, sports, motoring and cooking. Take the time you need just don’t make it too evident to the others… they might be jealous.

4. What is considered to be reasonable Internet activity during office hours?

The best things in life are free. So true, bandwidth at the office is a good example. What’s wrong with streaming playlists on YouTube or Spotify? After all you are still working hard. Sometimes the system does slow down to a trickle but blame that on the network setup. It’s not my fault. There are some great sites out there and you always manage to find the latest releases well in advance. We’re told to be careful what we download but I really don’t understand why it’s such a big issue.

5. Outline the procedure an employee should follow with regard to company data?

Users are encouraged to back up their work files as often as possible, preferably using one of the many third-party online storage services. Sync with your phone too so that you’ll have an additional backup if need be and you can check that contract when you don’t have the laptop with you. The more copies you keep the better.

6. Be careful when using third-party storage services like Dropbox, Box, OneDrive, etc. True or false?

False. There’s nothing wrong with storing company data with these online services. The company should be happy that you can continue accessing documents when you’re on the road and not stop working. It’s also good to keep a copy of important documents that you use. You never know how useful they could become if the company goes bust or you decide to leave. Those customer lists are worth their weight in gold. No one will ever notice.

7. What action should you take if you receive emails from sources you don’t know?

Every email should be opened because it may be an important one related to the business. Some emails from Nigerians are silly and those from friends who have been mugged and need money should be trashed. With other emails you need to be more careful and check the links as well. Even if not related to work, emails can contain great offers on downloads and so on. Checking them out is not a big deal anyway. It is also recommended that your inbox is not too big. Deleting emails often is good practice. Just keep those that are important.

8. What are security policies and are they important?

Security policies are lengthy documents detailing what should or should not be done with company stuff. Created by admins for admins and the occasional manager, they usually are good as monitor stands or dust-gatherers in the store room. Policies are a waste of time, and so many restrictions prevent employees from doing their job effectively. With a large workload every day, they don’t have the time to read policy updates. Not with their manager complaining that productivity is down. Companies need to decide: work or productivity? Policies are useless and a waste of time.

9. Should you connect to unsecured wireless points when out of the office? Explain why.

Yes absolutely. Free is good and the company expects employees to work when they are on the road. Free wireless enables you to connect while you’re having coffee or commuting on the train. It’s a must-have in hotels and airports. Find an open network and connect. All you need is a strong signal. Some may show pop ups and request data; it only takes a minute to provide the details or to download the sponsor’s video. It’s safe to do so. It boosts productivity and you can work on those important documents with ease anywhere and anytime.

10. What is the Internet of Things?

This is everyone’s right to connect their devices to the internet especially at work. Every employee should be able to connect their phones, laptops, tablets and so on to the office network. It enables employees to be more efficient, they can synchronize company data across all devices and for those who are geeks, check their security cameras at home or regulate the heating so that they’ll find the house warm after work.

Marker’s comments: Fail. It’s going to be a tough year again for sysadmins. Brace yourselves.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.