Most IT Pros Have Seen Embarrassing Information About Their Colleagues

An anonymous reader writes: Often working in isolation, IT teams are still considered to be supporting players in many workplaces, yet the responsibility being placed on them is huge. In the event of a cyber attack, network outage or other major issue, they will typically drop everything to fix the problem at hand. Almost all the respondents (95%) to a new AlienVault survey said that they have fixed a user or executive's personal computer issue during their work hours. In addition, over three-quarters (77%) said that they had seen and kept secret potentially embarrassing information relating to their colleagues' or executives' use of company-owned IT resources.

I work in IT. I am a professional

[clickclickdrone]

As such, if I come across anything illegal, I report it. If it's unsuitable for a work environment or a risk, I have a quiet word, Anything else, I ignore it, none of my business.

Re:Managers are dumbasses

[Daemonik]

That's a pretty stupid comment. Their customer saw the flash drive full of porn, there's no going back from that and saying "Oh, this is just Bill's personal thumb drive, we the company don't support this". Why did Bill have his wank drive at work in the first place? Is he in the server room marking the servers as his like some animal?

Don't bring porn to work. Don't share it at work. It's not that difficult a task.

Re:Managers are dumbasses

[Dins]

Yeah, I've never grasped the stupidity of some people. There's no excuse for this, especially in IT. I mean, do you NOT have an internet connected PC or other device at home? Maybe back in the 90s some didn't, but for the past 15 years there's absolutely no excuse. And if you really feel the need to surreptitiously rub one out at work, there's always your personal phone.

Sure, I occasionally use my corporate laptop to send the odd personal e-mail but that's allowed in our IT policy, and every time I do it I quietly ask myself would it be devastating to my career or personal life if the contents of that e-mail were made public. If the answer is yes, I don't send it. This isn't rocket surgery.

Preserve the 3monkeys ethic

[TheRealHocusLocus]

It's become a harsh world for the thee monkeys. I'm referring to the monkeys Mizaru "see no evil", Kikazaru "speak no evil" and Iwazaru "speak no evil". In the days of written letters there were seldom times when one was professionally compelled to witness the private thoughts of others. Now we have mailboxes and photos and browsing histories scattered on disks. Every popular program that manages information wants to slap it all up in your face as soon as possible.

The 3monkeys problem doesn't relate to knowing or discovering passwords, unlocking access. You're perfectly free to flaunt your prowess as a fixer or safe-cracking locksmith. Good 3M compels you remain unaware of the contents of the safe after you have opened it.. After a successful IT job are you in a position to honestly say not a single photo (or thumbnail) was displayed, not a snippet of private text was displayed, even for a moment? If not,then (perhaps) there are ways to refine the technique.

As a PC tech I started to imagine it as sort of a game, where you lose points if you see anything private. When forced to run programs to see if they were functional, I'd de-focus my eyes and could see that something was there, good enough. When cleaning viruses or upgrading I preferred to invite the customer in to run all the necessary programs to ensure their data was there.

In the Internet age it went massive. Someone is always root on machines that store hundreds of thousands of mailboxes. I started a Freenet and have run two ISPs and I have never peeked into anyone else's email unless directed to with immediate consent. Even then rarely, and not without a bit of nausea. Why? Because It is just too damned easy... in the same sense that pulling a trigger is easy. So early on I have programmed myself that way. If you pick up a gun you won't hold it by the trigger. As an administrator, I won't pick up your account by its email.

In the early days of mailboxes, Sendmail and queues when solving problems meant shuffling mail around sometimes rewriting portions of headers, it was a simple as using grep and using well-tested scripts to avoid seeing content. Many things were block and line-oriented ASCII. Not so easy today, when everyone loves to embed their favorite database solution.

Imagine that you have been called in to de-virus and recover data on a PC. You have been offered handsome pay for your work, but as you work you realize there are two men standing behind you with telltale bulges in their suits. They are watching you and the screen in front of you very intently. You sense that there's something on that PC that could put you in a bad way, should they catch a glimpse of it. Could you complete the job without... incident?

Developers of software that manages people's secrets should always consider the plight of the 3monkeys IT worker. This could mean a command-line utility, as prevalent as a standard uninstall procedure (ahem!), that is guaranteed to sift through and verify all functional areas of the program and its data store, and in the end give only total statistics of content --- enough to see that you have not reverted to an empty database. It would be good to provide this utility.

Some day, someone's life may be at stake.