1. Win a Broadcaster or one of 3 Teles! The annual Supporting Member Giveaway is on. To enter Click Here. To see all the prizes and full details Click Here. To view the thread about the giveaway Click Here.

A lesson in modern work place before it's too late.

Discussion in 'Bad Dog Cafe' started by imwjl, Oct 29, 2020.

  1. imwjl

    imwjl Poster Extraordinaire

    Posts:
    8,964
    Joined:
    Mar 21, 2007
    Location:
    My mom's basement.
    Something that might be missed here is how most of the control has nothing to do with personal values or freedom. It's about managing attack vectors. I don't know the environment @getbent and others manage but after a few settings determined by owners and HR, I respond to patterns and events that cut risk.

    People try to make things political but I cannot help it if sites or content from some people's interests create more security events. We're probably like many organizations that rely on a few vendors for things. I'd need significant vendor response for some types of incidents. In my seat the blocking part of big brother is way more about managing attack vectors and business continuity than stepping on anyone's freedom.
     
    Tommy Biggs, fretWalkr and Anacharsis like this.
  2. Anacharsis

    Anacharsis Tele-Holic Ad Free Member

    Posts:
    702
    Joined:
    May 12, 2019
    Location:
    United States
    CIO/CISO for a small firm here. Think of it this way:

    The computer is company property. The servers, if they have them, are company property. The email account is registered to the company's domain, and paid for by the company. The office network is company property. Company/organization IT has access to it all, because in many cases, they are responsible for it all.

    Simply put: If you don't want them seeing something, don't do it using their stuff. Computers are cheap. Buy one for yourself. Use your computer, your email account (preferably encrypted), and your home network (or even tethering off your phone - just not the office network). This is true in the public and nonprofit sectors as well. I've read about a scandal that ended careers because of evidence of bad activity found in chains of emails at the city water department, or in files stored on university computers.
     
    Last edited: Oct 31, 2020
  3. Anacharsis

    Anacharsis Tele-Holic Ad Free Member

    Posts:
    702
    Joined:
    May 12, 2019
    Location:
    United States
    Also true. I'm not looking at your freaking taxes if you put them on the office computer. I don't care what browsing you are doing, so long as you aren't going places prone to be attack vectors. But no, your use of an office computer is not in any way private. Of course it isn't.
     
    Colo Springs E and imwjl like this.
  4. Anacharsis

    Anacharsis Tele-Holic Ad Free Member

    Posts:
    702
    Joined:
    May 12, 2019
    Location:
    United States
    He'd be better off paying for an encrypted tunnel like ProtonVPN or using the Tor browser, if he's really worried.
     
  5. drumtime

    drumtime Tele-Holic

    Age:
    69
    Posts:
    832
    Joined:
    Mar 17, 2018
    Location:
    the mountains of Virginia
    The IT guys where I used to work said they were reluctant to report people for a lot of types of computer misuse because they really needed people to trust them enough to feel safe reporting problems that could be security threats. Dealing with attacks on the system was a large, ongoing part of their job.
     
    Tommy Biggs likes this.
  6. Drew617

    Drew617 Tele-Meister

    Posts:
    229
    Joined:
    Mar 4, 2014
    Location:
    North Shore, Mass.
    This, local or maybe regional depending on culture and structure. I'm the management nowadays and sorta bristle at the usual (management doesn't get it, is treacherous, is greedy) crap although I do understand it. I think it's usually a function of immaturity and limited perspective.

    On the other hand I've deliberately chosen to work for small and medium sized orgs, to avoid situations where the management really doesn't get it, is treacherous, or is greedy. I get to be mostly in charge of my own mission and success, and get to avoid some of the worst bureaucratic features of bigger companies. Possible that I'm foregoing some salary with that choice, but that's okay. It's also possible that I'd still be a wrench turner if I tried to develop my career in bigger organizations.

    As compliance and auditing goes, I've worked for a long time in support of finserv, life sciences and healthcare. All significantly regulated, and compliance has been my specialty for a while. Not sure what to say, or that I am terribly sympathetic. If you didn't think all that training, policy, signed acknowledgments really applied to you, well...

    Even the plain old AUP that is (should be) in effect almost everywhere should kill any expectation of privacy or propriety on company information systems. It is sad/hilarious how often I still encounter people who are indignant about something with "their" computer, mailbox, whatever. Uh, that is the company's computer, and those are the company's information systems. That should have been obvious, and if not it was spoon fed to you by policy anyway.

    I think this is true in most jobs or life situations: Develop trust. Can't do it too often, but in my experience it's very useful to fall on your sword when warranted. Apologize sincerely and concisely, make no excuses, offer a plan to fix whatever it was and then execute it. Do not lie. I'll have disappointed you momentarily, but we'll all feel better about it tomorrow, and you will trust me.
     
    Last edited: Oct 31, 2020
    Toto'sDad likes this.
  7. Toto'sDad

    Toto'sDad Telefied Ad Free Member

    Posts:
    47,498
    Joined:
    Jun 21, 2011
    Location:
    Bakersfield
    The situation I found myself in was one of being employed by a national company that required continued success every moment of every day. The rules were simple, produce MORE and you'll have a job. When you're called to travel, do so with enthusiasm. When required to drink, drink heartily and it's even better if you can brag at great length about your latest big deal.

    I was recruited from a job I loved to one I hated. When the offer of big money was dangled before me, I snapped it up like a rising trout! I made more money my first week than I'd previously made in a month. I found out quickly that money isn't everything.

    One day I got up and drove to Santa Monica and bought myself a Druke chess board. When I got back in town, I dropped off my company vehicle, called my wife to come and get me, and that was that. The rumor was that if you ever quit the company you'd starve to death. Well, I survived, and that was a lifetime ago. I didn't die, and did probably about as well as if I'd stayed with THE company.
     
    Drew617 likes this.
  8. fretWalkr

    fretWalkr Tele-Meister

    Posts:
    363
    Joined:
    Apr 10, 2019
    Location:
    DFW
    Attack vectors is right on. There are different level of security concerns depending on the business. At one point I worked for a consulting company that did government work requiring a security clearance. It was locked down tight and monitored.
    One person I had worked with was a naturalized citizen. He was let go because he was spending copious amounts of time on a military site from his home country. After I heard that I remembered some lunch time conversations with him that gave me a chill. The company made the right call.

    One person got a slap on the wrist for letting an unauthorized person use her work laptop. That was discovered when her husband started accessing porn sites. The company and the government both ran regular security audits on the network access. In that environment, that's just a no brainer. It's not for everyone. But if you take the job you accept the environment or you don't last.
     
  9. Drew617

    Drew617 Tele-Meister

    Posts:
    229
    Joined:
    Mar 4, 2014
    Location:
    North Shore, Mass.
    Yeah, for what it's worth that sounds like the wrong culture and right call. Glad it was available to you and that it worked out.

    It's a bummer to have to manage performance by metrics at all, but to some degree it's necessary and present everywhere even if called another name. I do what I can to limit that for my own team, and try to remind the company not to consider metrics over real results that are physically in front of us.

    We are consultants and bill our time directly to clients. Even then, we know that our profitability has much more to do with other factors than it does with someone billing 75% vs 90% of his time, especially when we know that person is providing other indirect value. If we have to start squeezing an already efficient, effective team for incrementally more productivity, something else and something bigger is already wrong.

    Funny, years ago I worked for a company that had a presence on both coasts, and had an epiphany about that place in Santa Monica. I got frustrated and decided to screw off for an afternoon, had a drink at Ivy (not my typical style) and plopped my ass in the sand to watch the ocean for a several hours.
     
    Toto'sDad likes this.
IMPORTANT: Treat everyone here with respect, no matter how difficult!
No sex, drug, political, religion or hate discussion permitted here.