Like, how does the local mom and pop correctly evaluate a person's IT chops?
Usually by price and unfortunately both mom and pop like a bargain - I've seen this play out more times than I would like.
Also how do you evaluate, say, a landscaper's chops? Or any other kind of contractor's for that matter? By doing research beforehand, checking what kind of reputation that person has etc.
Low-effort or lack of research gives you bad services, for which you pay in losses like these.
In construction and landscaping work those companies are usually licensed, bonded and insured. If they fuck up the work there's obvious financial recourse. Also, the measure of them fucking up is generally a lot clearer for physical labor and for mom and pop businesses, getting construction work inspected by a 3rd party is usually more straightforward and cheaper.
In software, financial recourse generally means you have to jump straight to lawsuits. There's no licensing for who's qualified to build a website, developers don't have to escrow funds or carry malpractice insurance in case they make a mistake, a development business should have insurance in place but there's not always easy or affordable ways to assign fault in most IT situations if you want to pursue them. Software and IT forensics are prohibitively costly and usually mean a lot of money has to be on the line which rule out mom and pop businesses entirely. IT and software mistakes also usually take longer to rear their heads, and people in IT and software also aren't known for sticking around for decades. How do you sue an LLC that dissolved 5 years ago?
If someone does a shitty job in home improvement stuff it's usually not visible for years down the line. And good luck with your recourse by then. I've never heard of a homeowner getting recourse unless it's insanely obviously bad right away. The vast majority end up just living with the defects or hiring someone else to do the job again.
I don't how it is in the US, but in my country an audit that would reveal such an obvious lack of security costs no more than the equivalent of a single minimum salary - usually much less. On top of that several companies that offer such services are widely known because their media presence is mostly articles about vulnerabilities in routers, phones, operating systems etc.
I hail from a post-communist country so I assumed the culture in the US is more developed in this regard.
I'm not sure what your country's going rates are but for the US, a small business might budget a few thousand dollars total for their website. A minimal security audit that would catch missing or stupid security would basically double their expenses. Unless they truly needed some custom feature they'd take one look at a security auditor's quotes and then go sign up for Wix or Squarespace immediately. It's not that the services don't exist, its just that they're expensive and typical non-technology business websites don't really need that much put into them.
Usually by price and unfortunately both mom and pop like a bargain - I've seen this play out more times than I would like.
Also how do you evaluate, say, a landscaper's chops? Or any other kind of contractor's for that matter? By doing research beforehand, checking what kind of reputation that person has etc.
Low-effort or lack of research gives you bad services, for which you pay in losses like these.