Slashdot Mirror
One-Third of Employees Violate Company IT Policies
BaCa writes with a link indicating that a survey of white collar US workers shows that something like a third of all employees break IT policies. Of those, almost a sixth actually used P2P technologies from their work PCs. Overall, the survey indicates workers aren't overly concerned about any kind of security: "The telephone survey found that 65% of white-collar professionals are either not very concerned or not concerned at all about their privacy when using a workplace computer. A surprising 63% are not very concerned or are not concerned at all about the security of their information while at work. Additionally, most employees have the misconception that these behaviors pose little to no risk to their companies."
I'm guessing a more accurate headline would be: One-Third of Employees Admit to Violating Company IT Policies
The rest just didn't let on - because there is no way the number is that low. Or they didn't outright lie, they just didn't even know they had violated company policies.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
only a third?
Bullshit. Maybe 1/3 are dumb enough to cop to it.
Perhaps you've got it backwards and only 1/3 don't violate IT policies. And even that sounds light.
I think most of us could've told them that without all of the silly research.
Seriously though, for most people, unless they know there's a risk of being fired if they don't comply, chances are that they're not going to care about corporate IT policies. Most companies don't actual police them, so what benefit do they have in following them?
While people should be responsible enough to do what their job requires, it falls back on the corporate IT folks to make sure their policies are enforced.
For every company that I've worked, there has always been a "proper use" policy for PC usage. None of them allow the web e-mail, StumbleUpon, Slashdot, Digg, and/or Reddit time that nearly ALL coworkers I've seen use (with me, I use all of them most of the day. They should give me work that I've been requesting. Small tasks do nothing to fill 8ish hours.)
TODO - Insert Creative/Witty Signature
Of those, almost a sixth actually used P2P technologies from their work PCs.
In other news, one sixth of one third of all IT admins are stupid enough to not block P2P traffic on their networks.
There are a lot of really stupid IT policies out there that, in the name of security, in fact merely hinder getting work done. I am not talking about P2P. Giving a developer a workstation with a user account with no administrator privileges on Windows is among them.
When Policies are set by PHB's and you need to bypass them to get work done then that is something that should be fixed. Also another thing is password rules that make people write there pass word down on paper are worse then passwords that don't have as many limits on them.
Insert self-referential sig here.
by executives to make unrealistic deadlines which they decided without IT input.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
I think it's more like 1 out of 100 of employees actually obey company IT policies. The more management or IT that you are the more that you are liable to freely break IT policies as well.
Blacklists=>Proxies
Traffic filters=>TOR
etc. etc.
But the real problems are still caused by moron employees who double click on an attachment they got via email. Just happened again last week. The problem isn't people who don't adhere to policies, it's employees who don't have a clue.
And what's wrong with reading Slashdot while you're slacking off with a coffee for a couple of minutes? I'd consider an employer a slave driver if they have a problem with that.
thegodmovie.com - watch it
I would find it more interesting to know what policies are being broken, and what percentage of those are either extremely lame or actually downright dangerous to the company (I have a friend who is required to use IE and Outlook for example).
I'm an American. I love this country and the freedoms that we used to have.
Most policies are written for a very focused set of activities by a group of people that have no idea how others do their jobs. In many cases they also have no clue on how to do IT either as that layer is busy working. So like absurd laws they generally get the respect they deserve and compliance follows. For example I worked at a company that limited printing so bad that to print out work related documents one of our support people had to bring his laptop to our laser printer and jack in, his did not let him print from the partition he had the work on (it needed to be there because of the IT setup) Further he could have emailed it but they would bill his department by the KB. After that do you really think he cared about thier rules?
> Additionally, most employees have the misconception that these behaviors pose little to no risk to their companies."
Most employees have the misconception that the highly paid tech guys who run the networks and administer the PCs are capable of ensuring the whole system is secure. The inconvenience many people encounter getting their work done, what with locked down PCs, blocked sites and patronizing policies, they imagine, surely means that any site I can visit, or email I send/receive, is ok. Otherwise, why bother?
Pick something you can remember. The simplest way to have mixed case, alpha numeric password with punctuation, is a sentence that you can remember. "Today, a coffee cost $1.99 + TAX!" Secure, simple to remember, and passes all the validation you want to throw at it.
Gibble: Descriptive of an emotional state in which one's mind is scrabbling for some purchase on reality
Since 1/3 is for all employees, I'm venturing the % is over 90% for IT employees behind the cypher locks. And anyone reading this from work sure is.
NON-geek Linux user since 1998
They say "actually" like it's so unbelievable.
I regularly use bittorrent to download work-related files at work. And it's not against IT policy at all. Imagine that.
Kilgore Trout, is that patRIOTically you?
Living With a Nerd
And what about the rules saying that you have to change your pass word and you can't use part of your last few passwords.
with the privacy of their employees. Case in point, mine provides my Social Security number to third parties, against my express direction, with absolutely no business need, and in direct violation of their own written privacy policy.
"National Security is the chief cause of national insecurity." - Celine's First Law
...there's a very relaxed IT policy.
Browse whenever you want, take whatever software you want home, check your email if you want, everyone's their own local admin, no audits.
However, if you get caught with illegal software, miss a deadline because of blatant time-wasting, then you get fired (for continuous abuse). People work not because of policy, but because they want to do well and enjoy what they're doing.
I happen to also work in one of the biggest names in IT too....not some small company. The policy works very well, as is evident from the company's success and the fact people rarely leave. That and brain-implants, anyhow.
throw new NoSignatureException();
Easy. Add inflation to his sentence.
In my experience, the "IT policies" of a company are generally so restrictively worded that they'll catch almost any individual at some point in time for a "policy violation." They are rarely enforced as a matter of practice or true benefit to the company's security and IT performance, but provide excellent leverage against employees who are under the hot lights for unfireable offenses. Simply whip out that pattern of browsing Myspace, whip out the IT policy, and have them sign their resignation letter right there.
Hey Taco! Looks like you're using the "infinite monkeys and typewriters" scheme to generate Ask Slashdots again...
How is checking your e-mail, downloading software or using P2P software "risky"? The number 1 rule for all corporate networks is that you lock down your network, at home the most someone could really do is install a bot and make you send out spam messages. At work, your machine should at least have a network-wide firewall, up-to-date antivirus if its a Windows machine, and an under-privileged account if its Windows or Linux. But if everyone switched to Linux, none of it would really be a problem. But seriously, it poses little to no risk to a properly configured machine, nearly non-existent if your not using Windows. Because checking your E-Mail, web based through Firefox or Through POP with Thunderbird (or anything thats not outlook) as long as you don't download any binaries, your safe. As for spyware, just use Firefox, that takes care of most "drive-by-downloads" that IE has and those are the number 1 cause of malware. As for P2P as long as you have a decent firewall and don't download anything of questionable legality, the most it does is use up bandwidth which most ordinary workers won't even feel and most smaller ISPs allow you infinite bandwidth.
There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
It is bad, first because as mentioned, that number is low. Second because they violate them because they CAN. IT security is nearly as futile as the war on drugs. Its current incarnation does nothing to reduce the demand, nor does it adequately address the problem.
In the workplace, the employer (owner of the IT infrastructure) has a duty to inform employees how the tool(s) are to be used and what is mis-use. Additionally, the stick and carrot method is not appropriate. If you catch your child using your favorite pair of pliers to hammer a nail to hang a picture, you do not scold them and tell them to not hang pictures. You provide them with a proper hammer and some education on how to use it properly as well as assistance in hanging the picture, along with perhaps a discussion of what is appropriate kind of picture to hang on the wall of their room.
Employers are faced with a new world regarding these IT tools, and to ignore the natural desires of people is to ignore their own security. I fully endorse the policy of allowing some things, such as Internet radio, or checking news sites. If that uses too much bandwidth, funnel such traffic through a proxy to a bandwidth limited connection. Separate your company traffic from benefit traffic. Lock all connections down with security and virus scanning etc. but do not use the stick and carrot... it does NOT work, will not work, cannot work.
Support NYCountryLawyer RIAA vs People
Two years ago I received an email from IT informing me that I was using the application Firefox and that a "major security vulnerability" had been discovered. They told me I had to use Internet Explorer as it was "much more secure".
Whether or not IE was actually more secure on our network isn't really the point, but I still had a great laugh out of it. I simply updated Firefox and that took care of that, never heard from them again about it.
Reviewing just the first hour of video games.
Shouldn't the headline be (in fewer words):
"Consider the employees stupid enough about security that they describe, to a stranger on the phone, the ways that they make their company networks less secure. 1/3 of them also violate corporate IT policy."
The real WTF is that *anyone* answered those questions on the phone.
what is wrong here? Rules or people?
Whenever rules are broken, something of the two is off.
Remedies are not always adequate and can lead to more trouble.
And is that the phrase for the for the dental plan password, the diversity training registration password, or the office supply purchasing password? Or an older phrase for one of them, as each one needs to be changed (out of sync!) 6 times a year.
What I'm listening to now on Pandora...
I'm not supposed to post on internet forums.
-Dave
One of the places that I worked as a contractor was rife with this type of abuse. I mentioned to one of the users that they were the cause of the problems; the response staggered me;
"Its your job to keep the computers safe, not mine."
Alas logic held no sway on their minds.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
You still have a job?
I prefer Flambe as apposed flamebait.
I recall before a lot of companies had terms of network use, a few employees where I worked had been downloading games from warez servers because the company network was significantly faster than anything available at the time. I knew even the network admin was violating this. I very much felt like reporting it, but as an entry-level employee on their first job, 1) I would feel guilty with getting someone fired; 2) I didn't feel like testing management by reporting this and see myself get fired; 3) I didn't really understand the policy and didn't know what to do.
I'll make clear that I wouldn't let this go today.
My point in all this is, some people starting at the company may be aware of activities the admins themselves or other staff are performing which management may not be. My first job was relatively simple and well paid, I have had no beefs with the company. But our Acceptable-use policy book was some 20-30 pages long. This was about 10 years ago. I would rather have had a 1 page document, sign at bottom: I will not download virsues or warez, share company information or NDAs to outsiders, etc on company time. If I know another employee is doing so, please report anonymously to. Violators will be disciplined or fired.
Really, does it really need to be any longer than this or more complicated? It simplifies reporting and makes the issue and repercussions clear. Get the 20 page document too if you must. But the one-pager should be clear to *all* employees regardless of law degree. But help make it clear too, that if you mistype a domain and get a porn site, you shouldn't have to hide it and feel like someone is about to can you (e.g. whitehouse.com vs whitehouse.gov).
I can't believe it. Next someone will say that 65% of Slashdot users like p0rn. Insane!
Enlightenment is a pipe dream. So where's the pipe?
Seems like a violation of security policy to take an unsolicited call asking questions about security for a purported "Survey". Did any participant actually check the credentials of the person conducting the survey before giving answers about the security of their enterprise?
So anyone who answers to the survey (not just the 1/3 who said yes) is in violation of policy.
One third of IT employees were fired this week... which third? well... any third will do.
Live according to the Categorical Imperative. If the Categorical Imperative tells you not to live by it... ignore it
you'd be happy if 1/3 of your company's employees knew that there was an IT policy. Heck, if they even knew what the IT department WAS.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
Oh come on. I have to type it every 20 minutes because I cannot get putty to save things in the registry to aid automated login. I keep it short and stupid, like the security regime.
Passwords like ASDF12#$ and Welcome22@@ are easy on my wrists.
nosig today
Bullshit! Way more than two thirds of companies don't have IT policies to violate!
And that is the answer that most people miss. I would say that frequently, even if an employee wanted to follow policy, they could not because their jobs actually require them to violate the policies.
;)
This is not limited to IT policy though. At 2 of the last 3 jobs my wife had, she would be told by her manager that they didn't care how she got a new copy of documents dated three days early, but that she better do it. It was obviously an instruction to not only violate policy, but the law. Of course the firings for following policy generally could be described as "encouraging to quit". These kinds of instructions are common outside of IT, so I can't understand why anyone would expect IT to be any different. Oh, that's right, it's on a computer.
"And what about the rules saying that you have to change your pass word and you can't use part of your last few passwords."
typically to stop people from using "password1, password12, password123" or "password1, password2, password3"?
Hmm, I think reading /. violates my employer's IT Policies. :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
You can't remember more than one password? And honestly, isn't it easier to remember several phrase than several cryptic password like "41!ap*17ARK"?
I'm just suggesting, a simple solution to strong passwords that are also easy to remember.
As a side note, if there are three systems, keep the passwords the same, while they may get out of sync, you should only need to remember a couple at a time.
If IT hasn't bothered to integrate the systems to use a single login, they aren't going to bother checking that each system uses a different password.
Gibble: Descriptive of an emotional state in which one's mind is scrabbling for some purchase on reality
*YOU* are in the wrong. This is true if *YOU* are not paying for the hardware. This is true if you do not pay the support staff. It is not up to an employee to dictate what services a companies IT department will support -- that's up to management (hopefully with IT input -- but certainly not final say-so).
We have limited budgets. I don't want to require that my staff knows eudora AND pine AND OE AND outlook AND thunderbird AND xyz AND abc AND fillintheblank. By making everyone use the same email client (or limited set of clients), you reduce training costs and quite frankly, you eliminate the user shooting themselves in the foot. YES there are some users who are quite able to troubleshoot for themselves. BUT, try telling Bob the luddite he can't use thunderbird (something he may have never used, but likes the way it looks) when Lennie The Linux Master two desks down is running pine!
Simple solutions for companies who don't want silly and frequent helpdesk calls: Keep the workstations as uniform as possible within the scope of work any given employee is required to complete. Feel free to start your own business if the company rules don't appeal to you.
you work for Microsoft? ;)
For example the last place I worked at, the official line was "no personal use" but it was deemed OK to download a few mp3s or a Fedora ISO image here and there, thansfer your photos to flickr etc, but they stomped down hard on the guy who used approx 1/3 of the network bandwidth to download DVDs for his home viewing (and to give to his buddies etc). Printing a few tens of pages here and there for personal use was OK, but they stomped the the person who did a 5000 page print run for their club newsletter.
It comes down to "reasonable force".
Engineering is the art of compromise.
100% breaking IT policy is more accurate estimate ;-)
Never set stupid policy and none want to break it!
- Arwen, I'm your father, Agent Smith.
- Well, you're just Smith, but my father is Aerosmith!
The title now is : "One-Third of Employees Violate Company IT Policies"
I think it should be instead : "Only One-Third of Employees Admitted of Violating Company IT Policies, The Rest Wants to Keep Their Job by Lying to Them-selfs"
Read and Comment at my BLOG
!!!
Not so much a code per se.
Arrr!
-- Tigger warning: This post may contain tiggers! --
I'm pretty damn sure you spend more time hand-holding middle-level executives using outlook than people like me with fetchmail and evolution. If you want to reduce helpdesk calls, get rid of the suits. Make all the policies you want, the suits will still muck everything up.
We have such policies, too, but ours is "reasonable personal use is permitted", provided it doesn't interfere with your job performance, network security, etc. Basically I keep an SSH session open to home all day and check my mail every hour or two, pay bills over lunch, etc. Oh yeah, and Slashdot...
I am not sure what is wrong with P2P. I use it to distribute the VMware images on my site with the blessing of my employer, since it actually saves bandwidth.
The problem is, companies are cheap. Developers should have their own network that they can do whatever they bloody like with (IT dept. hands-off), and it should be isolated from the corporate network. But that means they need two machines, one with their corp email & IM and office tools & the like, and one that they actually develop on in their own sandbox...
There are rules, like the 70mph speed limit or no surfing Slashdot, which are usually ignored unless someone needs a reason to fire you.
Then there are RULES, like not killing people and not using office computers to plot the overthrow of corporate executives, that will get you fired no matter what.
Most people are smart enough to know rules from RULES. Those that don't get the corporate Darwin award.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Some people forget their username even if it is their first name a space and their surname. You really can't blame password policy on the people that write it down, in these days of ATM cards people should be able to remember short passwords. What annoys me the most in this area is people that choose long complex passwords and stick a bit of paper with that password to their laptop.
Actually, no. The 'suits' are quite used to outlook and have no problems with it at all. My guys rarely get calls from anyone but fresh meat (new suit's new position). Most of the 'staff' use an internal company webmail client -- nothing to set up for them. Just click the icon on the desktop and enter username/password.
In 8 years, I've had ONE suit give my staff problems outlook -- and it was a new AR exec who had zero experience in AR *AND*, quite frankly, I believe never used a computer in their life. But they didn't make it past their 3 months anyway...
I'm also the first to admit that *MY* staff uses whatever email clients they want. (pine, OE and Outlook (me -- sigh... I know, but calendar sync/BES is too damn important at my level)). Our policies read something to the effect:
"...cannot use, install, download, copy unapproved applications without prior written approval from the General Manager or the IT Director"
They aren't violating policies, because I approve it. Unfair? Perhaps -- in a communistic-everyone-is-the-same kind of way. But that doesn't sit well with my libertarian sensibilities.
I'm of a mind that bureaucracy only functions when the majority find ways to circumvent it. Dumbing down computer usage to the lowest common denominator of mindless users is seen by most as an annoyance to be worked around. Though of course, this leads to the cycle of those finding ways around stricter and stricter policies which slows real work and communication to a crawl.
Some policies make sense. Others... not so much. Reading web mail? Not a big deal. Clicking on the 'You've received a card link?' 'ere's a bonehead for ya.
Just tell Bob the luddite that Thunderbird causes athletes foot.
I would have thought it was much higher. IT policies everywhere I've seen are regarded like speeding limits; absolutely meaningless, except when somebody official is watching you.
The typical response by IT is to make the policies more restrictive and impractical, which, of course, makes adherence to them even less likely.
And in other news
And while they won't admit it, 74% of all IT staff routinely violate the rules they force the rest of the staff to live under
Not that I would do such a thing, but....I've heard stories... :)
Ron Gage - Westland, MI
What annoys me the most in this area is people that choose long complex passwords and stick a bit of paper with that password to their laptop
That's why "Dinner at 8 - Call Janice" is such a great password. Hidden in plain sight.
That's what PSK's are for. Look into using PuttyGen (or whatever it is) and make a key that your remote systems recognize.
My blog. Good stuff (when I remember to update it). Read it.
If you are reading this thread at work, you're probably violating the policy as well. Has anybody actually read the employee handbooks given out on your first day of work? I have never worked for a company where IT stuff did not violate policies to a greater degree. Sure, soccer mom / accountant Jane may look at the news site or shop at gap.com during work hours, but Billy, the director or IT, can run as many P2P applications from the QA lab. I have constantly heard IT engineers bragging about yet another wonderful Quake 3 lunch. It is nothing wrong to have some fun at work, but ordering extra-beefy hardware only for specific individuals so they can play Quake may not sit right with a CFO. What about all that licensed software that magically ends up being installed at home? The about box reads that it is licensed to Some Company while it is being used for personal purposes. Things like this happen all the time. Hell, I had a co-worker who did not mind browsing pr0n and personals online at work. He even bragged about it. Noticed how I stated things in the past tense :)
Stupid policies make people break the laws. Just like teenagers love liquoring up despite the fact that it is illegal, white collar professionals like their news sites and forums. There is nothing you can do about it. In fact, if I were a boss, I would encourage people to relax and take breaks once in a while. I seriously see no harm if Johnny-work-all-night-to-meet-deadline takes 10 minutes and reads his Slashdot. As long as work is getting done, who gives a shit about what people do when they have a spare minute.
>> You still have a job?
yes actually. they were losing out on a lot of enterprise level sales because their code was win32 only. I fixed that and several 5-digit deals later the VP's get the idea that hey maybe there is more to the computing world than windows.
i fondly recall witnessing a VP tell the IT department flat out "you will support VPN for mac and linux". that was awesome.
Mod parent up! First guy in the thread that knows what he's talking about ...
You know you don't even need Squid to do that? OpenSSH will do a SOCKS5 tunnel quite happily.
My blog. Good stuff (when I remember to update it). Read it.
no, i have a responsibility to the shareholders to point out everything that is wrong so that somebody has the opportunity to make it better. if i just shut my mouth and just let IT (or anyone else in the company) create arbitrary, self-serving policies that limit my performance, that's cowardly.
obviously i have to play ball, but this is what works for me:
1. identify the limiting factor of whatever project or task you are on. if it's something you can fix, do it. if you need IT co-operation, ask for it. if you don't get it, escalate to the nearest common VP. repeat until VP realizes that IT is a "blocker" or "gating our performance".
2. ask project management to track unix/linux sales growth. when they realize that 15% of their income is not beholden to windows they will gladly spend 15% of their time trying out LAMP, OoO, looking for opportunities, chatting with their fellow PM's at other companies about linux, etc.
3. you will never get a windows-centric IT department off of AD and exchange so don't even try. honestly that *is* their kingdom and respecting their decision about their tools makes it easier for them to respect your decisions in your kingdom.
4. sieze opportunities to show off the performance of unix/linux systems. obviously nfs isn't any better than cifs but apache can do things IIS can't. if you live in a geek-based company, show off that new iphone or ipod--guess what there is a mach kernel and a ton of posix code in there.
(This is just for dealing with anti-linux policies. If you surf for porn or download p2p music you're on your own. While such policies may be arbitrarily enforced, the root issue of their illegality is well-founded and should be respected by employees.)
I've seen that level at defense contractors. If you have any classified data you pretty much have to lock down everything to the point that nothing new/interesting can be accomplished.
Bizarre thing is that you get some of the managers drunk and they spill their guts about every detail, and guess how hard it is to get a manager at a defense contractor drunk...
I *won't* remember more than one password for work! The IT guys get 1 secure password, all the rest get written down in an obvious place. If they can't figure out how to sync passwords, it's not my problem (and if my current IT dept can manage password sync, retarded monkeys can do it).
Socialism: a lie told by totalitarians and believed by fools.
Working for a big company with huge IT department. Our policy: 1. Workstations don't have internet access by default. There is separate cybercafe for internet access. 2. No administrative privileges are given unless you are software engineer or clearly explained why you need it and was given a permission. 3. Email is the only thing that can get to workstations from the internet, but its use is strictly work-related. Very helpful if you need some doc from internet. The policy is pretty strict, but it's fine with me since cybercafe use is unrestricted to reasonable extent. On the good side, I don't recall anybody having infected machine since I started working for the company. Moreover, less than 10% of people get any junk mail - punishment for abusing corporate email accounts. I am admin on my machine, but it was never infected and I have never had any junk mail.
Now this is, what, the 5th time I read this question in this discussion?
:-) ).
My boss would NEVER, I repeat NEVER fire me for breaking companies IT policy! What kind of screwed up world are we living in here??? We are looking for additional developers CONSTANTLY and are just NOT ABLE TO FIND GOOD PEOPLE! We are a well respected company, currently counting some 700 employees, developing embedded software and hardware in a highly interesting and "sexy" field. Nevertheless, the vast majority of developers, who come to us for job interviews, are just plain WORTHLESS. I know it, because for the last 9 months, I've been involved in the hiring process. And we are not asking for that high a qualification either! You're intelligent? You have *some* experience or at least some kind of a degree? You show initiative? You don't stink? You're in! If you turn out to be too stupid to be a developer, there are always enough project manager/sales assistant/whatever positions in the company to get rid of you anyway (I'm 80% developer/20% project manager, I know what I'm talking about here
If anybody would come even NEAR my boss with the idea to fire a good developer for breaking IT policies, he would be running away with his tail between his legs so fast that he wouldn't even know what hit him.
Of course breaking IT policy is not seen as good or acceptable behavior, and it is also being actively discouraged. However, it would NEVER, except in a case of an obviously intended malicious action, lead to a good developer being fired.
BTW, the company I'm talking about is a European one. Maybe that's the difference.
God working at your company would suck ass. I would spend all my free time finding another job.
I knew there was a reason for inbound and outbound NAT rules and packet filters!
:)
Come on admins!!!!!! If they can't do it then they won't do it
Freedom is fragile and must be protected. To sacrifice it, even as a temporary measure, is to betray it.
That would be wonderful if policies are created to be followed, they are not. I own a company, I've sat with my lawyers coming up with policies, they have very little to do with how I really want my employees to act, and a lot more to do with minimizing litigation risk. You have to actually fight to get your lawyer to allow your employees to use company equipment for appropriate personal activities. The bigger the company the more lawyers to fight.
Everyone knows this, thus why people really don't pay attention to such policies. When you get your oil changed, you sign a four page contract, do you read it? No, it's silly.
There is actually a protesting tactic used by truckers. It's a kind of strike. They start following all company and highway rules, precisely. They do this until their demands from the company are met. Strangely, companies yield fairly quickly; it's ironic that you can punish your employer by following their rules.
If I have the luck to get Lennie The Linux Master, who has the know-how to install pine and to hook it to your exchange server, to work for my company, I'd sure as hell want to make him happy enough to stay with the company and do the good work. Frankly, whom does he get in the way? I'm sure your average lazy IT guy (who only seems to be able to support outlook, according to your own words, which makes him 100x less worth to the company than the Leenie) will never in his life get the support request from Lennie regarding pine.
Let's not forget why the companies have the IT departments: because they are the necessary evil. Not because they are some demi-gods in the need of a bunch of sheeps to guard through the rough waters of multiple e-Mail clients.
Sorry if I sound sarcastic, but your post really pissed me off. Let's just try to respect each other for a change, instead of forcing our beliefs down the collective throats of the "other side". BOFH was kind of funny at the time it was written, but it's just plain outdated nowadays.
and that's the problem. Lets say your non-technical boss sees you using Thunderbird and asked you about it. You tell him that it's better then Outlook, faster, more secure, etc (and yes, I think it is for home use). He knows how good you are, and he trusts you so he installs it. He breaks it, or he can't get to the Global Address Book, or something.
Explain to me why I am now holding his hand troubleshooting Thunderbird? You convinced him, you support him. But I'm sure you have better things to do then train your boss on the software you sold him on. And who is going to explain to his boss why your boss didn't get an email in time since his client was down? Oh wait, that's me because it's my job to support the machines we have in place. So now my ass just got chewed out by a VP because you felt that following the company standard was just not good enough for you.
Hey, you may be right. You may be able to support yourself and not have to call helpdesk when something goes wrong. But who supports all the people that you influenced to follow you that are not as able to support themselves? Who is going to pay for the extra training to get the helpdesk up to speed with all the installed software? It will have to come out of the IT budget, but that means that other training gets sacrificed since we do have a limited budget. Hmmm...train on Thunderbird, or train on disaster recovery???? Obviously train on disaster recovery, but now we can't support Thunderbird and the idiot executive that listened to you and installed it. So now we look bad.
Do you see the problem now? It's not you. It who listens to you and the unforeseen consequences.
Now, if that makes sense to anyone, could you please explain it to me? I think I've confused myself.
Schwab
Editor, A1-AAA AmeriCaptions
In other news, some users violate silly IT polices. I've seen passwords that had to be 8 characters or more, have at least two numbers, two capital letters, and two special characters. Rotate your passwords every 45 days, and no repeating. No real words in your password. Now, have close to a dozen accounts, and no two passwords can be the same. How many people do you think didn't write down their passwords?
The company imposed some really screwed up policies on desktop configuration but they had a liberal telecommuting policy. So everyone did their serious work at home. They shoved their (IT mandated) Windows systems aside, used Linux and other FOSS applications, surfed the web, downloaded tunes, played WoW or whatever. As long as they got their work done, management was happy.
Strangely enough, the company was also heavily into a process standardization kick. I don;t think they ever confronted the fact that the work that was getting done could never have been accomplished with the 'IT Standard' tool suite. Too bad. A more open policy at work would allow them to capture best practices.
Have gnu, will travel.
Our IT staff takes the "one size fits all" mentality. They have no idea what we do, they pick a box for everyone and say here you go with really no way to get anything different without insanely difficult processes.
Our team for example is a bunch of systems architects. We design and put the specs together for customer hardware & software solutions. We are all "IT people" who's role at our company isn't in IT. Thus we get the blow off. Nevermind we could do many of the jobs our IT folks do. We aren't in that role and are reminded of that all the time.
Well there happens to be a number of tools we need that aren't part of the standard image. So we load them. IT have an issue? Tough. I don't personally care, nor does the rest of the team. Even better when they try to blame us for the systems being slow. LOL Yea that's right. Nevermind the load of monitoring code they run. A full machine inventory EVERY DAY?!? WTF is that?
But hey that's what you get with an IT department full of Windoze geeks who don't know squat about enterprise IT. They do however know they're totally cool because they know how to deploy yet another useless policy. It comes down to IT being a service entity or a policy governance body. I ran my IT shop as a service, and I think that is how it should be.
These admins that talk about "my system" "my network" should be smacked. It is "the company's system" and "the company's network" you idiot.
Now, thankfully we're starting to make some progress whereby we actually get systems that can handle what we need to throw at them, IT be damned.
Ok rant off, time for bed.
Me: Sorry, we can't both know your password, so I changed it.
User: To what?
Me: If I told you, then we'd both know it wouldn't we? yuk yuk yuk
User: [grumbling] Okay, I'll change it, but I won't tell you this time.
Me: Okay, it's temporary though, and will force you to change it when you log in, ready?
User: *sigh* ready.
Me: [mumble: random, okay] a;@#aslkdfQQQ$@$#%faWerrr@!!a;lskd1.
Nobody, but nobody leaves their password as the one I give them. Few tell me twice.
Back in my day when we chiseled our bits into stone and sent them by mule train from village to village...
Don't have any IT policies at all. The tighter you grip, the faster the sand will slip through from between your fingers.
Free your mind.
These comments make me realize just how much I deserve a raise.
Probably a good 3 policies from IT management, HR, and Executives combined. I implement the rest of them as I see fit and as time permits since I do all the desktop support, helpdesk, phones, systems admin, and network admin. Its not that hard to turn on a nice webmail scanner at the perimeter, start new users off as PC admins and slowly restrict access as they do stupid things, implement layered spam controls, filter HTTP content a variety of ways, use centrally admin'd AV and prevent users from changing the pre-defined settings on their desktop.
Heck, this is just from browsing at +5... I'd hate to read what the unmodded comments say.
Protector of Capitalist views,
Meorah
And that, my friend, is why any new "collaborative" network authenticated software must pass the "security integrates with LDAP" or "integrated single sign-on available" test before I recommend/buy it. In 6 months, I reduced end user passwords from 6 to 3, and if anybody had bothered to ask me before buying some lame package, it would still be at 3 instead of back up to 4. I want it down to 2 within another year. (LDAP and ACD phone system)
As for synching passwords, that doesn't work so well when one password is on a 42 day reset, one is on a 90 day reset, and one is on a 60 day reset.
Protector of Capitalist views,
Meorah
About 100$ of employees using networked computers at work use an old P2P protocol called TCP/IP ...
However, in most cases doing so is not in violation of IT policy, except perhaps technically if the people who recorded the policy in documents did not realize that the company's network infrastructure is actually based on P2P protocols.
I have a copy of my work email redirected to my fastmail.fm account.
I only access it using webmail/firefox.
The usual way people do it is using Outlook that is of course running over a Windows admin account. So what's safer: using a webmail service that defangs html before displaying it or using a client that's happy to do anything requested by an email message in an environment that allows it to alter the OS (and set so by the IT staff)? Not to mention that the usual mode of work is to receive MS Office documents from outside and open them (in an admin account, of course).
If I was in IT I would "call" all the users and perform the "survey" noting who it was that says they violate the policies.
I know. But you need an extra executable and that is not allowed. I cannot even see the c: drive. I tried really hard.
nosig today
Thanks for the support, but don't worry too much about the moderation. My experience is that even my most inane comments get moderated positively, so it's somewhat refreshing to be modded down. Anyway, your explanation of the problem is much better than my attempt at humor.
Finally! A year of moderation! Ready for 2019?
I really want to see where they got their data and what their sample size. I could believe a lot violate IT Policies, but I have SERIOUS doubts that 1/6th uses P2P services. I don't buy it. In fact I've never worked with a client or for a company/university etc that had that problem. I call Shinanigans!
I wonder how much of this is: "I don't care".
I expect employees give their employer in equal measure. Companies seem totally out of touch with customer satisfaction (cough Comcast). Something as simple as answering the phone or giving the customer what they paid for is beyond their comprehension. I can't believe these same companies suddenly get it when it comes to treating their employees with dignity.
They see executives getting multiple millions in bonuses but their raise is capped at 1.6%. Then this same company wants their employee to be vigilant, always keeping the companies best interests at heart? Protect us and keep us from harm? Not likely.
Sure, some of it is ignorance on the part of the employee. But, what I see most is employee interference. Or, better stated, employees seem to care about the company's network in equal measure with how the company treats them.
I see both extremes. I can directly correlate how much network damage there's going to be that's caused by employees with how my client treats them. The worse my client treats their employees, the more money I make.
-[d]-
I work in a state government office (less details the better). We unfortunately have very poor IT. Most of it is outsourced to someone else, but we still have some in house IT staff. * IT problems must be run through the typical uneducated phone staff, who rummage through a notebook with common errors and solutions. Needless to say this just a delay in getting real help. * I have Admin rights to my WinXP machine, as I suspect most of the workers here do as well. * We have been infected statewide by viri on a couple occassions, and it seems most attacks originate within the main state office through e-mails and not with the majority of the peons out in the field.(that would be me). * I have violated the IT polices since I started 9 years ago. I have done this to make my machine more secure. I run firefox with script block and adblock for all browsing (except for state online apps that will only accept IE.(we still use IE 6). * I regulary run Spybot S&D(against IT policy) to remove anything that gets through.(which has been virtually reduced to nothing since I started using Firefox). * I run firefox, thunderbird and other applications from a USB key to insure that damage will be contained and that my history (browsing /. and the like will not be known).
* I have found that e-mail will not allow sending of exe, com, bat and zip files, however, simply changing the extension will allow it to be sent. Yet they ban us from using webmail ( I do so anyway).
There is more things to list, but I need to get back to work...:p
*
You tell Bob that Lennie was hired because he knows how to do these things and to mind his own business from now on. You tell Lennie that you officially support Outlook or whatever and that you can't and won't help him with anything else. Grow a spine and let Bob and Lennie know what's expected of them and leave it at that.
If you can't do that, then the problem is that you suck at management and compensate by inflicting a uniform mediocrity. If you read Harrison Bergeron as a kid, did you find it scary or exciting?
Dewey, what part of this looks like authorities should be involved?
I don't use the company computer to read /. or check my email. :P
That's what I bring in my personal laptop for.
I also don't hook it up to the corporate network but to a spare ADSL link via Wi-Fi.
Ya it's a way bigger breach of the company policy but the company network is no less safe than people taking their work laptops home.
Start your own business and tell him your self.Yeah... that's it. It has nothing to do with limited resources available to a given company. Or that the scope of work for company X doesn't REQUIRE anything but basic email for the majority of users. Or that systems are locked down because of State and/or government regulations and require DOCUMENTATION for everything installed on them AND if/how it interacts with previously installed software, AND documented validation checking AFTER software was installed (which again is a huge increases in cost overhead).
You nailed it buddy. I suck at management because we don't want to spend the time/resources required to let anybody install/use whatever fits their fancy. I'll nip off and shoot myself now. Don't worry. I'll be very humane.
*OR*, I've got a better idea: STFU on speaking authoritatively on topics you know next to nothing about. It's not about USER ABILITY. It's about USER NEEDS with regards to their JOB FUNCTION with COSTS calculated in. That's the companys call. Not mine. Absolutely not yours.Because businesses are the same as society... yeah, right. Or that you have the right to do what ever you want with and/or to your employer's hardware, money, and co-workers? What a GREAT Bergeron analogy you made!
When we were embroiled in a patent dispute a while back, I convinced my boss that Slashdot was a forum for discussing patent issues. So now I can read it whenever I want. Oddly, I still tend to do my Slashdotting during lunch.
I'm an IT advisor. Our company is growing by leaps and bounds and our employees are happy and productive. The company's call seems to be that I'm better at the job than you are.
Dewey, what part of this looks like authorities should be involved?
And the rest are probably reading from class (like me).
some of this though, has a lot to do with a non-enlightened IT dept.- a company that I previously worked for actually had it's entire IT dept on the other side of the country, so if there was a problem they literally would call a contractor to come out for the day and fix things- if there was a quarterly shortfall they wouldn't hire the contractor and boom- office is effectively shut down for a month or two. Also all of our network traffic was soo filtered that we couldn't update any of our software, and the IT was so stupid that they would only allow updates by the hired contractor, as well as reformatting/reimaging machines (they couldn't be added to the domain)- after about 6 months of outages and following the rules, we just put a keylogger on one of the laptops to get the admin password when the contractor came in and got the passcode (from a disgruntled former site manager) to the server room where we could go in and set up a proxy machine to directly download our software updates and use network admin to deploy it.
6 months after I quit the company it was absorbed by a competitor and the first thing they did was dump the entire IT staff.
My company's IT Security dept. has what must amount to thousands of policies. But by far their favorite policy is the one that says "We can make up any policies we want, even after the fact". Really, the only secure system is the one that is completely unusable. Clever IT security folk know that, and create policies to implement unusability.
Thunderbird is an exclusive alternative to training for disaster recovery?
You're not making any sense.
I'm sorry your department has limited resources, but it may surprise you to realize that so does mine.
You are better at your job for YOUR company that *I* am at doing the same job for YOUR company -- perhaps. If they let your users install whatever they want, great. Either they don't care about the increase in costs are they haven't sat down and calculated it. Perhaps your company doesn't have such restrictive rules/procedures such as CAP/CLIA. Or perhaps your company does but enjoys having staff spend all their time (and money) testing and retesting software, results produced, compairing to instrumentation results -- etc etc etc. AND then documenting all that. Signing off on it -- making sure all the material is reviewed semi-annually by your medical director. All so that the user can drop in and use whatever software they want.
I bet if you ran our company the way you describe you would be fired after your first CAP inspection. That's if you place was still in business and wasn't forced to shut it's doors before your pink-slip could be printed.
Again, I will state: It's not about USER ABILITY. It's about USER NEEDS with regards to their JOB FUNCTION with COSTS calculated in. That's the companys call. Not mine. Absolutely not yours.
At our shop, it was ruled that IT will keep base images as uniform as possible to reduce costs -- in support, risk management, and ensuring compliance. And my job is to run our IT department the way the COMPANY wants -- not yours. I just happen to completely agree with our GM in this case.
Since our company has grown by more than 10x over the last 5 years, we've had articles written about our process managment (many of which I authored myself) and never scored less than a 98.9 on any inspection, I'd have to say that I'm pretty damn good at my job, your snide remarks notwithstanding.
Lawsuits are expensive.
I just finished a business law class where I had a mute court presentation on Ellerth vs Burlington industries. The case involves alleged sexual harrasement with no proof or complaints when Ellerth quit work. She won on the lawsuit?? Why? It was a hostile work environment and the fact that she did not need proof to sue and win is scary.
THe point is the lawyers know this and yes browsing on myspace with sexual preferences listed is creating a hostile work environment. Its the new thing lawyers love because they hardly need any proof to win. My example was just one but its good to have lawyers on your side as you grow big so does your pockets that people want to pick via litigation. Banning third party software to be in compliance with Oxley if your dont have a license and p2p mixed with non business websites can save millions in lost court costs.
I hate lawyers too by the way but we can't fight the system and we need to follow it.
http://saveie6.com/
Novel Edirectory is supperior and takes far less bandwith with hardly any replication issues.
Sadly once your in AD your stuck.
http://saveie6.com/