Before You Fire the Company Geek
An anonymous reader writes "A new 'insider threat' survey by the US Secret Service and Carnegie Mellon University finds that 82 percent of people who hack their company 'exhibited unusual behavior in the workplace prior to carrying out their activities.' A somewhat amusing writeup at washingtonpost.com points to a bunch of more interesting gems hidden deep in the study, including: 'Almost all - 96 pecent - of the insiders were men, and 30 percent of them had previously been arrested, including arrests for violent offenses (18 percent), alcohol or drug-related offenses (11 percent), and non-financial-fraud related theft offenses (11 percent).' The blog post also notes that 86 percent held technical positions at the companies: '...if you're going to fire someone (particularly company geeks who have the motive, means and access to inflict pain on your computer systems) make double sure you cut off their e-mail and network access at the same time you hand them their walking papers.'
- 96 pecent - of the insiders were men
:)
- The insiders ranged in age from 17 to 60 years (mean age = 32 years)
OSTG user statistics (Including Slashdot).
- 97% of OSTG readers are men
- average age is 29
Too bad OSTG doesn't have crime statstics for Slashdot readers
I think we should have this for our next poll!
Worst arrest of your lifetime:
1. Never. I'm a law abiding citizen.
2. Never. I run away.
3. A few misdemenors
4. Violent offense
5. Alcohol or drug-related offenses
6. Non-financial-fraud related theft offenses
7. I'm writing this from death row.
8. I stole the money, burned down the office and now live on a beach in Fiji with my red stapler.
94% of Repubs and 21% of Dems voted to renew the Patriot Act
The smart geek will keep an emergency back up admin account around. While it may sound like he's planning something evil with it (AKA fuck with me and I fuck you over, which it could be used for). He could also be making sure theres always a back up if things goto hell and someone tries gains access and tries to take out all the admin accounts.
It's like keeping a spare house key hidden in the garden or getting a second set of keys cut for your car and keeping them in a safe place.
I like muppets.
So 41.16 were acting wierd, 41.65 had grievances?
And 100% researchers show signs of random rounding up or down based on mood even within a single study.
If programs would be read like poetry, most programmers would be Vogons.
Not that I have ever been in that position of course :)
-=DaveHowe=-
This sounds suspiciously like something that happened to my uncle when he got near retirement age. Some companies will (aparently) fire employees getting near retirement age so they don't have to pay the pension (or similar retirement plan). They say it is something else so they can have some reason to try to cover their asses legally. (Firing based on age is illegal).
Not sure if this was the case, but it seems similar.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Well, laws don't always make sense. In this case, it's not illegal to give a bad reference per se, but there are laws establishing the liability of involved third parties for lost business, employment, contracts, or the reasonable expection of such.
Had a realization about unintentionally creating a situation like that at my previous job.
All the department's partitions on the AFS and DFS servers were charged to my account--they had no way of assigning space to a group. It was 4:30 PM before a long weekend. Very few people were left in IT.
I suddenly realized what would happen to all the batch jobs when everything belonging to my account was locked out.
My manager was able to find someone in IT who could suspend the automatic lockout until they could reassign all the filesystem resources...
Well... just look at Bayes Rule:
.82 (so, P(A|B) = .82). The probability of observing retaliatory hacking in individuals who commit unusual behavior is not .82 ( P(B|A) =/= .82 ). It's .82 * the probability of retaliatory hacks generally / the probability of unusual behavior generally.
P(A|B) = P(B|A) * P(A) / P(B)
The fallacy at hand assumes instead that:
P(A|B) =/= P(B|A)
The probability of observing unusual behavior in individuals who commit retalitatory hacking is
There are lives at stake here!
LOL I had the same thing happen. I had 2 weeks vacation so I gave them a 4 week notice when I was offered almost double current salary elsewhere. They sent me home and I had a nice paid month long vacation. Ahhhhh.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
My wife works for [insert biggest pharma company in the world here], and has for about 6 years. I used to work for them as well for 5-6 years myself. They were good when I was in, then things got "International", and I resigned quick before the walls started coming down.
In my wife's department (Cancer Biology), there are people who have been there for literally decades. They're so entrenched, they know every system, process, procedure ever made there. If you want to know an answer to some complicated question, these people will know it... and if they don't, they definately know who WILL know.
One person in particular had been there for 34 years, 11 months.. and they were going around looking for ways to "cut costs" in her department.
When you retire at 35-years or more into $PHARMA, you get a nice fat severance. Something like $100k/year for every year there + your stock earnings and benefits cashed out, which amounted to over $1M for this person. That's $100k * 35 + $1M (that's over $4.5M total to retire upon).
They fired him...
...30 days before his 35-year anniversary with the company. He got $60k total as a severance. They didn't want to have to pay out his retirement and severance, so they let him go 4 weeks before he would have earned it. If he had known, he probably could have used up 4 weeks of his vacation to eat up the time instead, but he never saw it coming. Nobody did.
... after putting in 35 years with the company .
This kind of stuff sickens me.
The "geek" is getting smarter about the utterly vicious American management class all the time, hence he's catching on that documentation undermines his job security. If you want the job done, don't dare fire that guy Reggie in the back room ... since he's the guy keeping the servers running. It's all in his head. Remove him, and you remove the pillars underneath your datacomm.
And I've gotta say: FINE BY ME. Americans have trained their foreign replacements and have packed up their equipment for shipment overseas TO MANY FUCKING TIMES. It's long since time to assert the Power of the Worker.
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
At a previous job, I was the only tech staff member who knew how to clear the transaction logs on MS SQL Server. It's not hard to do, but the network admin couldn't even be bothered to do backups more than once or twice a year, which was part of the SQL Transaction log problem.
When users started getting "transaction log is full" errors and they turned to me to have it fixed.
Once the error occurred while I was on vacation, and the server remained down for three days and a weekend until I got back. I was accused of hacking the system. I pointed out that I was in the Middle of New Mexico at the time, about a mile underground. Accusations of setting up a logic bomb (Not the phrases they used, but I'll skip the 20 minutes they needed to describe the concept) flew around for a while.
In the end, the company owner grudgingly admitted that it was probably a maintenance issue, and them reprimanded me for not "trunting the trees" before I left on vacation.
So for the remainder of my time there I just made sure to do a full backup and shrink the transaction logs every Friday. Automated backups were not an option, as there was never enough drive space for more than one or two backups, so I had to move the old ones to a USB 1.1 drive first.
And no, system level automation of such rudimentary tasks was not an option. Don't ask. It's a whole other story.
So I had no reason to hack the system. All I had to do was leave. Of course I documented everything, but I knew no one would bother reading any of it. This is the company that described programmers as "Glorified Typists."
I made sure to not even visit their web site after I quit.
I did however have social contact with a few of the non-it staff members. Seems there were a slew of problems with the servers, specifically with a cryptic error about a transaction log that no one in the company could understand.
In the end they paid a consulting firm to come in and fix the problem, which I'm assuming meant finally automating the backup process and transaction log shrinking.
"Live Free or Die." Don't like it? Then keep out of the USA
If I had to spend time documenting all the exceptions that exist in my company today, I'd never get anything done. This documentation thing is a case of overblown expectations, particularly since corporations are counting on replacing ANY worker when they start acquiring too much seniority (hence obtaining unearned stuff like longer vacations, sick time, profit sharing -- fuck, all the things that should be reserved for EXECUTIVES!). Documentation is just their way of getting rid of you as they are planning to do in each and every corporate boardroom across America today.
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
Any IT professional should expect this type of treatment. It is not discourteous, it is professional and appropriate. People who get their feathers ruffled because of this type of thing should check their egos.
Since when is expecting courtesy having an ego?
Sure, if somebody threatens a coworker they should be escorted out by armed guards. Everybody expects that, and it is should be done for the safety of everybody else if for no other reason.
Otherwise, treating employees as if you don't trust them tells them that you don't trust them. It speaks volumes.
"Professional" does not mean impersonal, or treating employees as if they are nothing more than capital.
The funny thing is that companies could accomplish most of the security-related goals without destroying the morale of everybody who is left. How about this scenario:
1. Employee is called to his boss's office.
2. Boss explains that he has to be let go. Boss has HR present, but HR is presented as being present in case employee has questions, and generally lets the boss (who has a personal relationship) do the talking.
3. Boss takes employee back to desk for "emotional support" and to help him with anything he needs to carry out. Rest of group gets to say goodbye. It is a sad day, but there is some sense of closure. Everybody gets to say goodbye.
4. Atmosphere is designed to communicate that employee is not persona-non-grata, and that his coworkers shoud feel free to pass on job openings, and generally feel free to maintain contact. Boss can be a part of this as well.
5. Employee is walked to the gate, and helped with boxes to the car by boss for emotional support.
6. Boss tells employee to call him if he needs anything before waving goodbye.
The employee has been supervised the whole time, and doesn't have an opportunity to cause mischeif. Yet, the entire time he is treated personably, and would be somewhat inclined to accept an offer to rejoin the company.
Companies often underestimate the impacts that terminations have on the people who remain behind. Seeing their coworkers treated with dignity will go a long way towards discouraging people from jumping off the sinking ship.
Nobody expects to have free reign inside a company they have just been terminated from. On the other hand, you can at least be nice about it...