General discussion


Employees don't care if the business fails

By Jay Garmon Contributor ·
TechRepublic own blogger extraordinaire HutchTech fired off this missive recently, which got me wondering whether everyone agrees that employees willfully ignore security precautions at work because they don't fear consequences.

"I recently came across this Trend Micro report in a SANS newsletter which claims that employees take more risk on the net at work because they believe their IT department will protect them. While this might be what they said in the survey, the real answer is far more sinister: employees don't care if the business fails.

"Let's face it, if you knew you wouldn't have been caught pulling the fire alarm at school so that you could postpone that math test would you have done it? The same moral dilemma faces those who use their PCs at work. Employees (particularly in larger corporations) don't see the real harm of network downtime--it's just a paid break. And if they don't see people getting fired for abuse (I'm not talking about porn here, but shopping, blogging, gambling, etc., etc.) what risk do they really take in abusing their Internet access? Besides, if you do happen to infect the network with the latest worm you're just a poor, little end-user and you're really, really sorry. And how many IT departments are actually going to track the thing down once the fire's been put out? Not many--the standard e-mail reminder to be more careful will have to suffice (oh, and remember to attach a copy of the corporate e-mail/Internet policy).

"While I am not excited about Apple, Microsoft, et al taking a stronger oversight role when it comes to workstation and network security, businesses (particularly smaller ones) really do need help against their own worst enemy--themselves. Remember: Ignorance, my friends, is not innocence."

- Hutch

I'm curious as to who agrees with the esteemed Hutch, and if anyone has ever handed out (or received) serious punishment for security violations at work.

This conversation is currently closed to new comments.

48 total posts (Page 4 of 5)   Prev   02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

I see your point,

by In reply to Doesn't suprise me ...

Yeah, the profile fits !

Collapse -

No, not you ...

by dusan.ignjatovic@emersonn In reply to Doesn't suprise me ...

I was referring to the profile of the person who wrote the reply entitled "Poor attitude ..." If you check out that profile you'll realize why he thinks a "pat on the back" is somehow more valuable than a raise.

Collapse -

poor attitude ?

by avid In reply to Poor attitude

i agree with his post and his attitude. the fat cat execs who have no concept of what we do to keep their salary increasing expect us to give a sh#* about the network? if you his position is off base, perhaps you should walk in his shoes for a while. and don't tell me that you have earned what you have gotten. the truth is you are an exec. you get paid more if we work harder for less money.

Collapse -

Two Separate Issues

by haamid-3 In reply to Employees don't care if t ...

I think we are trying to apply a single solution to separate issues. Abuse of resources has nothing to do with employee loyalty/happiness. I think it's wrong to assume an employee(s) has a lack of respect for IT or the company simply because they surf the net of download/transfer excessively large and personal files. This is where IT can make a differernce; It's called "Educating." I can sit in my office or cubicle all day and send out newsletters,write policies, and send emails about resource abuse. But what really works is if I spend some of that time going to the departments and introducing myself to the employees and talking with them about the desktop usage, network resources, and the types of behavoirs that cause network downtime. Especially in the areas where I have repeated abuse. This attaches a face to the monitoring. While this can be time consuming, so is spending hours, days, weeks, and months fixing and refixing problems caused by resource abuse. Most employees that I have come in contact with and exposed to the IT side of things never had a clue about the issues we face. From thier prospective, that little box in front of them is just like that little box a home. And since most Americans spend the majority of their lives at work maybe even when they are at home the previous is even more true.

Collapse -

You said a mouthful there

by DC Guy In reply to Two Separate Issues

"And since most Americans spend the majority of their lives at work..."

We spend more of our waking lives here than on any other activity. More than our FAMILIES! Sharing sleep time might count for something, but not much when husbands, wives, and children don't go to bed and get up at the same time and don't share domestic rituals.

This is where we spend our lives and we expect to be able to live here. That means everything from not having our insurance agent's website blocked to not stripping off the photos of our grandchildren from family e-mail.

Collapse -

The clues

by f-3873986 In reply to Two Separate Issues

This is true. There is little education in most businesses, especially around policy. Mosre often than not, you get an email sith a link to the Intranet site, saying "Here, read this."

What is lacking is education and CONTROLS. It's great to say to John Q. Employee, "Don't surf those nasty sites, those joke sites, or those sites that may contain malware." It's another altogether to monitor, report and DISALLOW that activity, either through targeted education or technical means.

If a problem is worth the time and effort to write a policy for in order to try and alter behaviour, (almost impossible) it is probably worth the time and effort to examine contol options. One of the alternatives found has got to be equal or less than the cost of doing nothing (everything has a cost).

There are published figures for just about every threat out there to help calculate ROI...

Another 2? posting. Collect the whole set!

Collapse -

What is your environment?

by LiveNDieN LA In reply to Employees don't care if t ...

Some folks were I work do not care much whether the company posts a profit or not... but the vast majority of us do care. We have the long years at the same place to prove it.
I never have to police people's surfing habits, but at the same time I have the PCs clamped down very tight... I only have access to downloads, updates, and installation. Do they go to sites that are objectionable? Yes, of course some do... do they open e-mail that is from someone they do not know? Never.... to be honest I am surprised that how savy they are... even when the get a questionable e-mail ... where the payload has been stripped away... they ask me to check it out. All in all if you treat them with respect... you get the same back.

Collapse -

Would you care to bet on that?

by Htos1 In reply to Employees don't care if t ...

As the "old guy" in my areas of IT(I started in '77),Homey don't play that!At work,that's what you're doing.I don't mind someone using the network during the lunch hour,or even when we set up a gaming portal for the weekend.9 to 5,however is mine and focus is paramount.Besides,we do a lot of workstations for journalists here,which requires being on your toes for them.(and yes,even they want a "favor" on the side sometimes-notably Kazaa,BT,etc.Which torques my ***)They have to get someone else to do that on their corporate lans-I do get that one occasionally.

Collapse -

Business don't care about employees

by MagicTom In reply to Employees don't care if t ...

The title of the reply is self explanatory


Collapse -

Well as I now only work small business

by HAL 9000 Moderator In reply to Employees don't care if t ...

I've found the exact opposite, it is the workers who want things to go well so they continue to get a pay packet at the end of the week/fortnight/month or whatever.

However the management on the other hand is a different story at one place I actually had a manager come and complain to me that the work pop ups where getting in the way of his porn browsing and he wanted them disabled. Theses where instant messages from staff and other requests for something that he had to make the decisions on.
Then when you get to the Family Business they are a nightmare as the owners children are welcome to come in after hours and treat the network as a giant play toy that was put there for their exclusive use. At one place they couldn't get a game to install because they kept getting a Virus Warning and stopped the installation of that game so they turned off the AV products and loaded the game. Of course next day every computer on the network was infected so badly that they all needed reloading as by that time they had become so infected that it was useless to try to clean them up.

Or in another place they just deleted an account and reset it after they had finished playing their games it didn't matter a dam to them that there where orders for several Million $ sitting in the In Box waiting for action.

While I walked away from big business quite a few years ago it now seems that what was once the preserve of the CEO's and upper management is now common place in small business as well and they only start to worry about their usage policies when things go wrong and it costs them money to have fixed.

While there are some workers who abuse the systems most don't and they are allowed to do a bit of browsing send the odd IM and whatever else is required particularly if there is family problems involved.

Unlike the original poster I would be saying that most employee's do want the company to succeed or at the very least remain profitable so they can continue to get paid but unfortunately I can not say the same thing about Upper Management who from my observations appear to be getting carried by their staff.

Col ]:)

Back to Security Forum
48 total posts (Page 4 of 5)   Prev   02 | 03 | 04 | 05   Next

Related Discussions

Related Forums