General discussion

Locked

CEO surfs porn

By mllwyd ·
I'm the IT manager of a mid-sized company. We have a policy about what employees are not allowed to view on the web, and we have a web filtering appliance in place to keep people from going to inappropriate web sites.

The problem is that the CEO thinks it is fun to try to "beat" the web filtering software. He spends his free time trying to go to porn sites. Sometimes he gets through, at which point he downloads images and movies and viruses.

My staff has caught him in the act of accessing porn sites, has had to deal with the viruses that he gets from surfing porn sites, etc. My boss, the CIO, has spoken to the CEO about this a couple of times, explaining to him the real dangers to the company of his behavior. He always promises to stop, but never does.

Does anyone have any suggestions on how to handle this situation?

This conversation is currently closed to new comments.

280 total posts (Page 1 of 28)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

CEO Should Be Fired

by Too Old For IT In reply to CEO surfs porn

The CEO should be fired for violating company IT policy. With the job market the way it is, it should be no problem to replace him/her with someone who can do the CEO function.

Collapse -

If public company -- you are right, if private...good luck with that one!

by TomSal In reply to CEO Should Be Fired

Morally/ethically I'm right with you on that sentiment of firing the CEO...but now let's be honest with ourselves, based on our professional experiences....you and I both know unless the company is public the CEO is as close to untouchable as you can get.

So unfortunately in most private businesses unless for some strange reason their is a position above CEO (Chairman/Owner perhaps?) the CEO is the top dog and as such right or wrong will get away with practically anything short of breaking the law (and even sometimes then too).

Collapse -

Mirrors

by iris.harris In reply to If public company -- you ...

This is a raw situation at best. However, I agree with an earlier comment. If the CEO can work around your security settings, then YOU and your network staff are a bigger problem. Maybe he is testing you and looks like you are failing.

Collapse -

not so sure about that

by apotheon In reply to Mirrors

Any CEO that is intentionally circumventing company IT security to "test" the IT department is not a CEO that should keep his job. While it's possible (remotely) that this is really what he's doing, he should be aware that doing so puts the entire network infrastructure of the corporation at risk. That is the next best thing to industrial sabotage.

There's no excuse for the network admin team to fail to do their jobs, though. System maintenance needs to be maintained as scrupulously as possible, all vulnerabilities and breaches documented, and higher-ups in direct chain of command informed through the proper channels of communication within the company.

Nobody in the IT department should be trying to get the CEO fired, but nobody should be covering up for him either. The key here is to do your job to the best of your ability. You can inform the CEO of network security policy, but it's not an IT manager's job to handle discipline for any other non-IT personnel who break the rules. Why would the CEO be subject to IT's attempts at maintaining discipline?

There are proper channels for such things. Pass it up the line. Keep the immediate supervisor updated. Eventually, it will get to someone whose job it is to present this information to someone over the CEO's head (chairman, owner, et cetera). That's all there is to it.

Collapse -

Eggshell Security

by erich1010 In reply to not so sure about that

Yes, the CEO is an asshole and is doing his best to circumvent security and should probably be fired and potentially is creating a hostile work environment and shouldn't be using company computers for personal use.

So what?

From the point of view of the IT department, none of that matters.

The problem with most companies is that they create eggshells around their networks to protect it from the outside and complain when someone on the inside plays around with the soft innards.

There are ways to deal with this which, frankly, should have been implemented in any case.

1) Move his profile information (desktop, registry, other settings) and data to a network drive. (Keep profile info separate from data)
2) Remove all data from his local machine except the operating system and application executables
3) Give him a user account on the local machine and remove admin access to his own machine. Give him read-only access to local drives. (Except, possibly a temp directory, but make sure it is deleted after every logoff.)
4) Limit his access to his profile information to setting wallpaper and changing skins. Limit his access to data to that which he needs to do his work.
5) Install software that automatically checks network and local drives for viruses, and keep signature files up to date. (Quaranteen infected files)
6) Keep backups of all profile information and data on network drives.
7) Regularly check audit logs and report abuses
Implement e-mail filters that check for viruses and spam.
9) Track patches and keep all software up to date. Implement a system for automatically updating workstation software.
10) Keep firewall rules and filters up to date. You might also implement personal firewalls on each workstation, to further prevent propagation of any malware.

This will do a fairly good job of protecting users from their own folly. If your user cannot change software on his machine or mess with registry settings, it will be difficult for a virus or worm to infect it. If it does get infected, the local machine can be swapped out and previous uncontaminated profile restored. And with you in control of what's happening inside your network, you'll be able to respond more quickly to adverse changes.

Collapse -

Re:

by vltiii In reply to Eggshell Security

Excellent response!

Collapse -

agreed

by apotheon In reply to Eggshell Security

I'm not sure why you posted this sort of thing as a response to me, as though you were saying something that contradicted me. We seem to be in agreement, in principle.

Some of your practical suggestions must be evaluated based on the situation, however, and not all may be applicable in this case.

Collapse -

Ok but what if he IS the owner too?

by TomSal In reply to not so sure about that

In our company, there is not one higher than the CEO within the company..the CEO is the founder and majority owner (the President, the ceo's "friend" owns a stake in the company but its only like 10% to the CEO's 90%).

I think this is the case with most small-midsize companies that are privately owned.

Because of this, it makes me laugh at many of the posts here saying just fire the CEO, or oh no someone needs to shut him down...please...I'm not saying do nothing, but you have to be EXTREMELY tactful and you must be a documentation freak (this also covers your own arse) in a situation when the CEO is also the owner!

Collapse -

Re:

by vltiii In reply to Ok but what if he IS the ...

If the CEO is the owner you still have options. You can do you due dilligence in trying to get the CEO to conform. If that fails then you have the option of looking for work elsewhere. Ultimately, if you stay and the CEO's behavior continues, by negation you accept that behavior.

Collapse -

LOL

by awfernald In reply to Ok but what if he IS the ...

If it's HIS company, and HIS money that pays you, then obviously he can do what he wants with HIS time.

You have to do your best to "protect" the network and computing resources, however, if you have "advised" him about taking risks, and you have pointed out the economic impact of those risks, and you have analyzed and informed him of the potential impact to his WHOLE COMPANY if something gets out of his computer into the network by accident due to his refusal to "play it safe", then all you need to do is simply accept that he is a porn addict, and let him play his own game.

Back to IT Employment Forum
280 total posts (Page 1 of 28)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums