Slashdot Mirror
When Big Brother Watches IT
bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"
If an HR department can install and manage software that interfaces with a companies email without IT knowing about, that company has bigger security concerns. If IT manages it, IT can circumvent it.
"I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues?"
Not commenting on whether monitoring employee emails is right or wrong, but why would somebody use their corporate email account to deal with relationship or family issues? In a world where companies can and often will read their employees' emails, that anyone would use their work email for anything personal seems short-sited. Sign up for one of the free web-based mail accounts.
That's why I never send personal email on the company's system. I also don't keep any personal files on the company supplied computer nor do web browsing on it. It's a hassle sometimes, especially when I need to carry around my personal laptop. And, in reverse, I never do "work" on my personal computers. While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk. In general, I think it's also a good way to keep my personal life separate from work. I learned that years ago during some stress reduction workshops I participated in.
You became a liability. There were others inline for your job that weren't a liability. It wasn't that they didn't care about you personally, its just the reality of business. "Caring" doesn't pay the bills.
---- Booth was a patriot ----
...do yourself and your admin a favor and get rid of him/her. He/she won't like working for someone who doesn't trust him/her, and you won't like constantly being suspicious.
I've given that advice to all my clients over the years. You can extend the concept to the rest of your IT and/or security team. That doesn't mean you shouldn't take precautions, have checks and balances in place, etc, but fundamentally, if there isn't a high level of trust, deal with the lack of trust, either by discussing it until there is an understanding and trust, or by ending the relationship.
Secretive monitoring is not the way to handle a lack of trust. The only exception is when there is already probable cause to believe a crime has been committed, then, in some cases, monitoring to gather proof may or may not be necessary or appropriate.
make imaginary.friends COUNT=100 VISIBLE=false
If us bosses don't monitor the minions, how then should we know when they're onto our kickback schemes and other fraudulent privileges they are not entitled to know of us having?
And those other people are also a liability because they may not be able to do the job. Even if they can do the job it'd take them 2-3 months to get up to full efficiency at doing their job.
Furthermore, every other employee, including the replacement, now knows that the company will fire them at the drop of a hat. In other words, they now have a signal that they may want to start sending out resumes before it happens to them. The fired person's social network will now also know that the employer is an asshole and to steer clear if possible.
So yes, caring does pay the bills if a company cares about anything but the short term balance sheet (not even short term productivity).
Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.
In my experience, as you move up the chain of command, any formalized controls become more stringent – not less. In my case, every level I move up in the company I have to disclose more, with the CEO having to disclose the most.
On the other hand, I have found misalignment increases. CEO’s don’t (normally) need to commit outright fraud – there is a host of grey areas to exploit.
The corporate jet is a classic example. It helps the CEO meet with clients, survey the business, saves time, etc. All of time & money will be well disclosed in the annual reports. If the CEO uses it for personal reasons, he has to pay it out of pocket. So everything is above board. Yet, who do a disproportionate number of CEO schedule official trips to Aspin during skiing season and during the summer?
Isn't the real problem that yet another non-scientific unproven analytic tool is going to be deployed in an attempt to discern what people are really thinking? There may be lots of reasons why someone's language changes, including events in their personal lives that have no relationship to work as long as they continue to carry out their duties competently. Imagine being called to the bosses office or HR to "explain" why your behavior has changed when you may not have realized the change yourself, and it has nothing to do with work. Failure to provide a satisfactory explanation will result in greater suspicion of your intentions, especially if the system that detected your behavioral "abnormalities" was sold with the understanding that it really could spot bad eggs before they cracked.
Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.
This flies in the face of reality. In the real world, some top managers develop such an inflated sense of entitlement that they believe they are worth far more than what they legitimately earn, deserve whatever they can take and that they will never get caught when they break the law.
Aside from the fact that what you're saying shows a total lack of humanity, it's also wrong.
If I saw another employee I worked with being treated that way, believe me, I'm looking for a new job the moment I get off work that day. And then all of the training, experience, etc., that they've paid me well to develop, walks right out the door.
That aside, loyalty is meant to be reciprocal. As long as a company is "paying the bills" adequately, a little decency for those undergoing tough times and have spent years of their lives helping to build the company is not exactly uncalled for. I have worked several places that coworkers were more than happy to pick up some slack for someone in a tough situation, especially since it was well understood they could accept the same in return. That type of environment is far more productive than one where everyone spends half the day looking over their shoulder.
"It's just business" is not an excuse for unconscionable behavior, and it's been used that way for far too long.
To fight the war on terror, stop being afraid.
" why hurt a company that is paying you millions of dollars a year?"
Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?
Why is any IT employee in their right minds sending our personal communications from their work computer? Come on - that's like common sense 101 stuff there, or at least, take some precautions...VPN, GPG, smartphone...
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
Um, because? Seriously, you make it sound like it's a well considered and rational action of self-destruction to become a gambling addict and to start embezzling money. Sure, there are rationalized steps in the process to reduce the risk of getting caught, but one presumes that all employees are only really there to earn a paycheck, getting caught means criminal charges and/or being blacklisted from most companies, and that while people do tend to expand their spending to meet their paycheck, the less the paycheck overall is, the less savings you have and hence the more you really need that job. When you're talking about a million dollars a year, well that's equivalent to 20 years of $50,000/year*, which leaves a lot of room to not really care about a company.
How many CEOs, after having ran one business into the ground, have been hired up again to be CEO at another company? I guess that might be because as much as "top management positions aren't that common", it also holds people with top management position experience aren't that common; and why not hire someone with experience, even if it's mostly bad, rather than risk a person with no experience? Really, unless the CEO is stupid enough to be caught outright embezzling money, they're probably in the clear; and considering how much stuff can seemingly be written often as a "business expense" or "perk", it could take quite a lot. That's not to say, of course, it doesn't happen and people haven't been caught/punished; but, the CEO and other top management positions are in the best position of burying evidence, and vague accusations without proof might be enough to force a resignation but maybe not enough to prevent them being rehired elsewhere. After all, if your CEO was robbing you blind, would you like the world to know? And wouldn't you like it best if after they resigned they were rehired by a competitor who you can secretly hope they'll embezzle from as well?
*Yea, I know, because of progressive taxation it's probably closer to 3/4ths that, but then the discussion was "millions of dollars", so feel free to scale up that round figure of a million dollars to compensate--I'm sure the CEO would.
Eurohacker European paranoia, gun rights, and h
have to repay fraudulently taken $$$
That's so sweet: You think directors embezzle their employer!
No, directors give generous contracts to their friends and get kick-backs. They do anything, which frequently involves some method of down-sizing, to increase the share price, then sell their part of the company. They leave after costing the company millions and get a payout of millions more.
Every accounting/management textbook talks about the need to align the director's greed with the company's growth. Yet, the golden parachute does the exact opposite.