General discussion

  • Creator
    Topic
  • #2189506

    Employees don’t care if the business fails

    Locked

    by Jay Garmon ·

    TechRepublic own blogger extraordinaire HutchTech fired off this missive recently, which got me wondering whether everyone agrees that employees willfully ignore security precautions at work because they don’t fear consequences.

    “I recently came across this Trend Micro report in a SANS newsletter which claims that employees take more risk on the net at work because they believe their IT department will protect them. While this might be what they said in the survey, the real answer is far more sinister: employees don’t care if the business fails.

    “Let’s face it, if you knew you wouldn’t have been caught pulling the fire alarm at school so that you could postpone that math test would you have done it? The same moral dilemma faces those who use their PCs at work. Employees (particularly in larger corporations) don’t see the real harm of network downtime–it’s just a paid break. And if they don’t see people getting fired for abuse (I’m not talking about porn here, but shopping, blogging, gambling, etc., etc.) what risk do they really take in abusing their Internet access? Besides, if you do happen to infect the network with the latest worm you’re just a poor, little end-user and you’re really, really sorry. And how many IT departments are actually going to track the thing down once the fire’s been put out? Not many–the standard e-mail reminder to be more careful will have to suffice (oh, and remember to attach a copy of the corporate e-mail/Internet policy).

    “While I am not excited about Apple, Microsoft, et al taking a stronger oversight role when it comes to workstation and network security, businesses (particularly smaller ones) really do need help against their own worst enemy–themselves. Remember: Ignorance, my friends, is not innocence.”

    – Hutch
    http://techrepublic.com.com/5254-6257-0.html?forumID=99&threadID=176583&messageID=1850845&id=2899447

    I’m curious as to who agrees with the esteemed Hutch, and if anyone has ever handed out (or received) serious punishment for security violations at work.

All Comments

  • Author
    Replies
    • #3057056

      Disagree and Yes

      by jamesrl ·

      In reply to Employees don’t care if the business fails

      I have stood in front of hundreds of employees (at a previous employer) and talked about ITs monitoring of net usage, the why and a little bit of the how. Most of them were fine with it – judging by the questions at least.

      At companies where people work hard, there is resentment for those who don’t. Thus when it takes them longer to download that new patch they need, they resent those chewing up bandwidth for downloading that new song or desktop animation etc.

      And I have seen people fired, for using the company net for their own private business venture, for excessive non-porn surfing, and other events. I’ve been the one holding post-mortems on disasters like virus invasions that shut down the file servers.

      Maybe I am wrong, but I doubt I am the only one.

      James

      • #3062975

        More public enforcement is needed

        by it security guy ·

        In reply to Disagree and Yes

        I agree with you. I have performed a few investigations and heard reports of others that were from abuse. There needs to be more public enforcement so those who choose to ignore the security policies, will not have any leg to stand on when they are caught.

        Ways to warn people:
        1. Send out a global announcement to be followed by a global email stating the latest problem was caused by users who doenloaded malicious software to the network. Those users were identified, notified and will be monitored for future violations. Anyone who disregards the security policies and is responsible for security breaches or network problems will also be placed on this list. A second violation of policy will results in a written and verbal reprimand along with suspension of either internet and/or network use. If there is a third, the employee will be subject to termination.
        2. Follow up on the previous suggestion and make sure the enitre company is made aware of the violations and any employee who is terminated.
        3. Develop a Rules of Behavior/Acceptible Use Policy that every employee signs and every new hire signs every year. The policy wil state what is acceptible, what is not and the consequences for non-compliance with all company policies. (This could be considered a legally binding contract, so no one can say they didn’t know about the policy)
        4. Get by-in from top management and make sure they agree they rules also apply to them. (show monetary costs for breaking the rules)

        • #3062727

          Mostly agree

          by jamesrl ·

          In reply to More public enforcement is needed

          The company where I had that experience made every employee sign an Acceptable Use Policy, and made it part of the new employee checklist – no signature, no network logon.

          We also held IT security awareness days, with presntations, contests etc. I spoke to a total of about 600 people, out of a total population of 3500, not bad for a “voluntary” event.

          It wasn’t allowed to communicate the reasons for termination – privacy laws and so on. We did often joke about having a wall of shame, but we couldn’t implement it of course. We did let people know when we had outages due to virus attacks, which could have been prevented by improved awareness.

          Fortunately we had total buy in from senior management, but it had a lot to do with the industry we were in.

          James

    • #3057035

      What goes around comes around

      by dc guy ·

      In reply to Employees don’t care if the business fails

      It’s hard to deny the perception these days that most American companies don’t care much about their employees. How many of us didn’t catch the attitude implicit in our being turned from “personnel” into “human resources,” which is something akin to pencils and toilet paper?

      People repay disloyalty with disloyalty.

      My company treats us very well and bends over backwards to avoid dismissing employees; outsourcing is rare. As a result we have many co-workers with twenty- and even thirty-year pins.

      Need I state that we do care very much about the success of our business?

      And is it a surprise that we’re a stone’s throw away from being the leader in our industry?

      • #3061462

        Biting Feeding Hands

        by bfilmfan ·

        In reply to What goes around comes around

        Considering the disdain that most management at organizations show for their staff, it doesn’t suprise me that people view a network outage as a break.

        A lot of companies talk tough about internet policies, but rarely do they enforce them and almost never on upper management and officers of the company, who are some of the worst at inviting virus infections and porn spam worms in.

    • #3057003

      Far too simplistic

      by amcol ·

      In reply to Employees don’t care if the business fails

      The problem with this “argument” is the same as any that are taken out of context…there may be more than a shred of truth to it but it’s only a very small part of a much larger story.

      Are there people who don’t care about their companies? Of course, just like there are people who (incredibly) don’t care about their own families, or their fellow humans, or even themselves. My company treats me unfairly, there’s no bidirectional loyalty, I can get outsourced/fired/RIF’ed/laid off/excessed at the drop of a hat, nothing I do really matters in the long run anyway, I’m just a small cog in a great big wheel, why should I care about the company when no one else does, there are other people who are doing such a great job I don’t have to care about the company, my manager’s a dork, my department head’s a dork, the CEO is a dork, my boss doesn’t treat me as well as my mommy used to, I’m lazy, I’m tired, I’d rather be playing video games, nobody likes me everybody hates me I’m gonna go eat worms. There are any number of excuses, take your pick.

      You’re in a rowboat with other people. Everyone’s survival depends on everyone else. The boat springs a leak, right at your feet. Do you stick your finger in the hole? Do you hope someone else will? Do you believe the boat won’t sink no matter what? Do you avoid sticking your finger in the hole because the others might laugh at the way you’re doing it? Are you afraid if you plug the hole with your finger a shark will bite it off?

      Human behavior is so complex there are no simplistic answers. The reasons you do something in any given situation are different from the reasons I do something in the same situation, whether the action I take is the same or different from yours. You and I work for the same company. I work hard because I’m a hard worker. You work hard because you care about corporate results. The guy in the next office works hard because he wants to make more money and gain higher position. Whatever, we’re all working hard.

      Frankly, I find the notion that people take chances with downloading viruses and abusing their web privileges due to some belief that “IT will take care of it” rather flattering. Our customers are quick to blame us when things go wrong…where is all this professional self-loathing coming from that we have to negatively rationalize why folks have some trust in us?

      • #3063546

        Far too complicated

        by mr l ·

        In reply to Far too simplistic

        The problem with this “arguement” is the same as any other that relies on obsfucation and rhetoric in place of logic and clearly defined talking points.

        Corporate culture “has” become more and more impersonal, as easily verified by the declining average years of service in the majority of firms. That being the case; it is likely that there is not a general feeling of “I won’t abuse the network because I may negatively impact the company I work for.”

        Unless there are consequences, and those consequences are applied even-handedly, people will use the network pretty much as they see fit. Relying on “good citizenship” and loyalty to the company to drive behaviours is idealistic and most likely doomed.

        I manage the messaging and desktop environments in a large (12+ billion)corporation, and I am under no illusion that associate loyalty will keep my networks safe and functional.

        Clear policies, widely distributed and fairly enforced, are the only reliable solution.

        • #3063474

          Well thought out.

          by praetorpal ·

          In reply to Far too complicated

          I believe Mr L. has a good grasp of the big picture.

          Do employees really want to bite the hand that feeds? Probably not.

          Are they fully aware of the consequences of their actions and are they made accountable for them. Probably not. But they are not responsible for paying for them like they are at home.

          Poor IT architecture (remember 6 dumbest mistakes of computer security), manifesting lack of internal controls for concepts like least privilige, combined with poor policy development, implementation and enforcement all contribute to these behaviors.

          If employees are spending half their time doing non-related work on the computer, why are their managers not giving them more to do?

          Why rely on a boy-scout promise to enforce policies. How naive! Get some access controls with teeth, so that employees do not have the privilege to download rogue programs, screensavers or whatever. They are at work to work, not play.

        • #3063257

          Brilliant Idea

          by cool_iceman9 ·

          In reply to Well thought out.

          Definitely I agree, instead of setting up each workstation’s security and filtering software and access controls that might not work well due to some misconfigurations, why not install a centralised access controls wherein users connect to you first before surfing the net. hehehe… I control the flow of information..

          By observing these practice, risks I think maybe mitigated. I really hate to admit that some users tend to ask you minor questions that seems not related to their official work. For example; hey dude how can we download this and that?, and those dumb questions, without knowing the attachments contains a virus or a spam. And if anything happens bad to their workstation/s caused by the infection or outbreak, All I Can Say; is; “THAT IS WHAT YOU GET FOR SURFING THE NET”.

          It seems like that users are being spoonfed, and no learning at all. I think before i can grant them access, all i can say is, the I.T. Department will not be responsible for any losses caused by surfing the net. heheheh, i apologize to you guys if there’s any fragmented sentences i have commited.

        • #3063456

          Disagree

          by elder griffon ·

          In reply to Far too complicated

          I didn’t appear to me that amcol was saying that loyalty could be relied upon to prevent user abuse of resources. I thought he was saying, merely, that it is an exaggeration to suggest that all good behavior is the result of consistently applied punishments. More generally, I think he was suggesting that even if it is sound practical policy to assume that users will do any abusive thing they can get away with, it is surely a grand exaggeration to suggest that this is true because they literally lack any desire to act for the good of the company.

          I think one can make a very great and damaging mistake by promulgating policies that inadvertently convey the message that employees cannot be trusted or should not value responsible behavior for its own sake rather than a means to avoid punishment. Security, of course, has to be based on the idea of capability, not intention: you must forfend the damage users could possibly do, if allowed, rather than merely that you feel they are likely to do. But, I believe one can seriously hurt morale by unintentionally broadcasting the idea that the most conscientious senior employee has given no reason to be trusted. It doesn’t matter that this may, in fact, be an abstract principle of your defenses. To publicly endorse an implied contempt for users’ ability to act responsibly may itself discourage responsible behavior.

        • #3063371

          Very interesting turn

          by amcol ·

          In reply to Disagree

          Frankly, each of the previous three posts (as intriguing as they are) address issues other than what the original poster raised and aren’t on point to my response.

          The IT department has authority and responsibility to implement security policies that protect the technical assets of the organization. That’s a given, and to do otherwise is an abrogation of that responsibility. There are certainly levels of protection that must be applied in such a way as to be situationally appropriate. I may in fact be able to completely lock down access to my network in such a way that authorized users have to provide all ten fingerprints, a retinal scan, a blood sample and an oral swab for DNA matching in order to gain entry, but unless I represent the White House and am in charge of protecting the launch codes a somewhat less restrictive policy may be more consistent with operational efficiency. These are decisions all organizations must make.

          There are acts of commission and acts of omission. Employee A is angry at his/her organization for whatever reason and decides to wreak havoc by irreparably trashing the financial transaction log. Employee B is somewhat less than entirely tech savvy and while he/she has heard about some of the potentially nasty consequences of unsafe net surfing he/she figures “someone” in the IT department will “take care of it”. Neither is a candidate for employee of the month, but the manner in which each is dealt with should clearly be different.

          Security policies are intended to restrict and protect but should not be viewed as opportunities to punish. In that regard I agree with Elder Griffon…good behavior comes from positive motivation, not negative. People tend to respond to the carrot more so than the stick, meaning it’s a lot easier to motivate on the basis of a reward than on the basis of a beating.

          However…all of this is beside the point. The original issue, to which I was responding, is if it’s true (and it is) that there are people who don’t care about the success of their companies it’s far too superficial to pull one possible reason for that out of context and generalize from there. There are all sorts of reasons for corporate indifference, and good companies have formal programs in place to recognize the symptoms and cure the disease.

        • #3063162

          Not “quite” on point, either…

          by mr l ·

          In reply to Very interesting turn

          >>
          TechRepublic own blogger extraordinaire HutchTech fired off this missive recently, which got me wondering whether everyone agrees that employees willfully ignore security precautions at work because they don’t fear consequences.
          >>

          That is, in fact, the thrust of the OP. The point was not “…if it’s true (and it is) that there are people who don’t care about the success of their companies…”. Speaking to Hutch’s assertions is not answering Trivia Geek…discussing employee behaviours as they relate to policies and their enforcement (consequences)is.

          People are not inherently honorable, moral (however you define that), ethical, or law abiding ( I realize that’s probably not a popular comment, but there you have it…). These things are learned/taught, and (I’ll try very hard not to take this into the realm of positive vs negative feedback in learning behaviours…we all have our favorite stance, take your pick) enforced through consequence.

          Bottom line: Employees DO willfully ignore security precautions at work because they don’t fear consequences. This does not make them bad…this makes them human. Rules without reliably, equitably enforced consequences are useless; worse than useless..they usually wind up doing more harm than if there was no rule to begin with.

        • #3072061

          on point but ….

          by avid ·

          In reply to Not “quite” on point, either…

          While i do agree that employees in general will ignore security precautions, i must disagree with the orginal post that their reason for this is not fearing consequences. i believe they do it because they simply are not given enough reasons to care if their company succeeds. most people are paid just enough to convince them to show up to work. and that is what they do. they show up. they will not give their best efforts and protect the network just to make sure the execs meet some quota which will increase their already inflated salaries and bonuses. the average user does not care about downtime because it will not affect their income. they know that uptime will not increase their income so why bother with precautions. i believe they feel that ignoring acceptable use is a way of getting some of the money that they feel they they deserve from the company, even if it is money they can not deposit into their accounts.

        • #3063166

          Well said…but…

          by mr l ·

          In reply to Disagree

          …do you leave your car unlocked at the mall?

          We don’t lock our cars to stop the determined professional thief, we lock them as deterents to the casual criminal or would-be joyrider. In other words, we lock our cars and houses to encourage continued honest behavior.

          It’s much the same thing with corporate acceptable use policies. Those determined to break them will. We create these policies to promote acceptable behavior and provide guidelines…to honest people.

          Nowhere did I say that our associates were dishonest, unreliable, or untrustworthy. I said that reliance on those things to keep my business safe was an unacceptable risk position to take.

          Cheers

        • #3063092

          A threat is a threat…

          by praetorpal ·

          In reply to Disagree

          …whether it is something as unintentional as a virus or worm in a screensaver, or whether it is an insider breach that steals intellectual property. They are both a threat to the survival of the company. If a trojan that keylogs is the malware that plants itself on your network, than the damage can be severe. I read recently that 90% of companies that have a serious publicized data breach go bankrupt within a year. Where does intention come into play here? Read these forums. Many contributors here lambast “senior” management as among the worst offenders. There are even some on this thread.

          Sorry going off the original topic here, but this tangent IS an offshoot of the original post.

          The most serious and costly cyber breaches are from inside intrusions. Everyone has a price. How does the enterprise protect against the DBA that has gone off the beam, has gambling debts, addictions etc. Companies require people, people have weaknesses. The difference is the insider definitely does not care about the company.

          The best article I have seen on this is the following. As a DBA, Elder should read it.

          The Threat From Within
          http://www.itarchitect.com/shared/article/showArticle.jhtml?articleId=166400792&classroom=

          My point is that whether it is innocent behavior or intentional IP theft, the damage can be just as huge.

          After reading that article, are you really sure that you would place security as a secondary consideration to possibly offending your employees?

          The solution that I would propose would protect against both innocent distractions that might cause various degrees of disruption, and serious cyber breaches that definitely would.

          If you go to work at a new company and all you have access to are the files and system calls that allow one to do one’s work, than you will not know what you are missing, and you can leave your playtime to after hours at home, where any damage you inflict will be only on yourself, and you will foot the bill.

          Just because a total dirth of enterprise internal controls has been the accepted norm in the past does not mean that we should accept that now.

        • #3062744
          Avatar photo

          But the problem remains and if anything is worse

          by hal 9000 ·

          In reply to A threat is a threat…

          With the Home User with a VPN into the corporate Network. These machines never have the proper level of security and hardly ever run Mal ware or AV Scans even if those products are up to date.

          Today for instance I spent the better part of the day teaching one small business owner how to use his I Tunes program which wasn’t even within 6 months of being up to date. Now this guy regularly downloads music from peer to peer groups and gets infections by the bucket full. The first job that I did was to run several Mal ware scans and remove all the nasties which had accumulated since the last time I was there all of 2 weeks ago! I had reset the Mal ware scanners to run between 11.00 AM and 2 PM when he was mostly out of the office and every one of them had been shut down while running each and every day!

          Now he is fairly computer illiterate so I see this as a learning curve which he wants to do as I can not get him interested in any real work on the computer and he has only recently started to collect his own E-Mails previously he had his secretary collecting these printing off what she though was important and handing him hard copies so he could then dictate a response and his secretary send off a responding E-Mail.

          Finally after much telling him just how slow his computer actually was he has agreed ed to let me upgrade it quite a bit a bigger CPU and a lot more RAM but not because he wants the extra speed but because the PCMCIA Video Tuner that I’ve been instructed to buy him requires it.

          I then go to his home and do exactly the same thing on his home computer as he has a VPN directly into the companies Server and if I didn’t constantly monitor his home unit he would have the server infected in no time at all. Since he is now collecting his own E-Mail he needs to login to the Companies Server to get his E-Mail which is not something that I designed but inherited the mess from a previous so called “Professional!”

          Since I’ve been working there I’ve managed to drag then kicking and screaming into some sort of semblance of secure computer usage as previously they had 1 phone line shared by 3 workers and the secretaries for an Internet connection. Their main concern about changing the then setup was that they would have to change their existing E-Mail Addresses so they resisted even though they where incorrect. Since they have switched to ADSL I have now got a router between the outside world and their server which previously only had a Dial-up Modem directly connected.

          This is a perfect case of where the staff at this company are caring the owner in making money for the business and while he is quite bright on the business side of things he really has no idea of how the business actually runs all he does is buy the stuff and his staff somehow manage to sell it or he is told that they are getting queries about a piece of equipment and he finds one that will suit the needs of the customer. He still relies on paper and has a whole swag of the stuff lying around about the only consideration to modernizing the business is his Cell Phone which he lives on.

          Now that he has the I Pod he is at least beginning to learn how to use the computer at both his home and work. Next I’m going to have to show him how to Rip a CD to MP3 format so he doesn’t need to constantly be downloading songs. It’s all one baby step at a time.

          Col ]:)

    • #3056943

      Many factors

      by loydster ·

      In reply to Employees don’t care if the business fails

      This is not just a matter of people not caring if their company goes awry. I think logically, if anyone thought about it, whether they work hard or not, they would want their company to do well, so that they can continue to make a living.

      When someone comes in to work, and sits down at their computer, they have the ability to work, or the ability to waste time, ‘browsin the net’. No one can tell whether you are being a productive person, or whether you are just wasting time. This can be tempting to many people. It’s easy to put of work for a few minutes to check your email. Then just follow a few links your friends sent you. Then check the weather report for that hurricane that is right around the corner. Then it’s 5pm, and another day has been spent pursuing ‘trivial pursuits’.
      It can be hard to self regulate when no one can tell what you are doing.

      I don’t think it is intentional, but can be more of an addiction. If someone was to step completely out of thier social life in order to stay home and on the internet, they would be labeled an addict. This is not an excuse, however. Shooting up heroin wouldn’t be allowed after either. Just another impulse to be controlled. And we humans are good at that?

      The internet is still brand new to a human marketplace that has been forming for thousands of years. We have at our desks the equivalent to the Library of Alexandria, only with more information, and more distractions.

      I also believe this is will become a moot point. Eventually, we IT folks will have the ability to regulate internet use with more ease and accuracy. As more and more people are aware of the attraction of the internet, and more in touch with how it can damage production, we will be called on more and more to control our infernal devices.

      Well, at least we are in charge of ourselves. Only I am monitoring myself as I post this from work. 🙂

    • #3061411

      “Not my job” = “not my problem”

      by jdclyde ·

      In reply to Employees don’t care if the business fails

      Keeping a system working is not seen as a concern for most end users unless something happens that shows THEY are to blame for the problems.

      I don’t think it isn’t that they care if the business fails, as they are not concerned with the business succeding. Their job is to enter xyz into this database, not anything else.

      I had a particular user, and her system was crashing all the time in a certain program that she didn’t “like”. After reloads of the software, checking out the hardware, and then swapping out that PC and the problem would still happen (but not when a tech was on-site to see) we made a report of the 20+ users that use that system, and she is the only one to have this problem. Also showed what was done to resolve her problem and that we had completely elliminated a chance of software or hardware. When her AND her boss saw this report, she mysteriously stopped having this “issue”. Hmmmmm.

      • #3061931

        Unfortunately

        by robroynj ·

        In reply to “Not my job” = “not my problem”

        I think most people still don’t think about the activities on the internet as having any effect on the business that employs them. It is their search not the companies. I know it seems very obvious to us but I’ve been at many offices with different staffs and the common assertion is that end users still are surprised by the existence of worms, viruses, spyware on their computer and even more surprised that the sites they went to invited this malware into the system.

        End users are worried about getting caught but seem to have very little idea of the harm their actions can bring to a company. Most of these policies are seen as HR policies and not IT policies.

        The biggest way to minimize these activities is to remove office walls and laptops. I’m not suggesting this is something a business can do but I’ve found that the privacy encourages this kind of behavior and may be why some people are citing managers as the ususal guilty parties.

        My company used to be great to its employees and is now much more about the short term bottom line and I’ve seen no chance at all in the behavior employees.

    • #3061928

      what a bunch of crap

      by ou jipi je ·

      In reply to Employees don’t care if the business fails

      Is the mentioned porn, shopping, blogging, gambling etc. against the company policy? If so, why are these not restricted, to users? (for example proxies, signing active x controls, whatever)

      An innocent user installs a worm? Did the innocent user received a PC that is configured to permit user to do so?

      What we might be discussing here are badly defined corporate policies in areas of LAN computing and LAN security.

      Employees don’t care? Well…if you are not doing your job…why should they?

      • #3061926

        I agree to a point…

        by alan.duncan ·

        In reply to what a bunch of crap

        Fair enough the majority of end users don’t realise the risks of malware, but what about those people known to the IT department that do know (i.e. management, bright employees etc.)?

        If they get a worm or cookie on their system and it causes a system-wide failiure, would they get jumped on any harder than the not-so-in-the-know employee?

        I’ll agree that the IT department should take more stringent precautions with setting up user permissions, but they should do it in a responsible manner (unlike the company i work for that try to block you opening Windows Defragmentor).

        If they actually worked with the employees i.e. made them feel like the company valued their opinions, then i think that this problem would eventually settle down to a negligible problem.

        • #3061919

          alan

          by ou jipi je ·

          In reply to I agree to a point…

          For example, your Windows defragmentor might be disabled because administrators defragment all the drives remotely every weekend.

          Or it could be simply disabled because systems administrators are responsible for data/ uptime of your machine.

          Meaning, If your important work is “lost” due to misterious ways of Micro$oft Windows defragmenter, I suppose you would coplaint to your system administrators or manager right?

          I give you that there are borders to restrictions. Understanding why restrictions take place however allows you to accept them much easier.

          I don’t think avyone is _set_ to monitor what _you do_ the whole day, no one wants to _restrict you_ from doing something you are not suppose to be doing, what you do is your call.

          Supporting however environment like that might show costly. If there are 500 tickets a month because user is browsing a site and downloads a worm, something needs to be done. You can either fire 500 users, or restrict them from going to the restricted site. Your pick.

          It is about reducing costs associated with IT services and not about you. Get over it.

    • #3061920

      Usability vs Security

      by court it ·

      In reply to Employees don’t care if the business fails

      the basic part of this problem is that both end users and their IT “support” (remember, we’re supposed to support them in what they’re doing)forget that network/computer/lan security is a two-way street between usability and security. Want your PC (or network) to be totally secure? Turn it off. That’s the only way. If it’s on, and connected to another resource, it’s at risk. If you’re doing anything with the system, it’s at risk. Users aren’t paid to make that equation any riskier than it needs to be. The IT staff is paid to keep the users from blowing up the system, and then put it back together when they do. IT departments are paid to run the Red Queen’s Race. Imagine for a moment a world where there was no spam, no viruses, no malware. Where applications never locked up, users never deleted the public folders “by mistake”, where the CEO’s nephew never came to vist and downloaded the lastest game that takes over file server. Then imagine why they’d pay IT departments if there was nothing to do but install the occaisional upgrade. You’d have one guy sitting in a cramped cubicle somewhere doing the network along with the departmental newsletter if everything ran perfectly. End users shouldn’t go out of their way, intentionaly or not, to put the network at risk. But let’s face it, most of our jobs are predicated upon the fact that something’s going to go wrong, and at the most inopportune time. Every IT person works for Murphy, whether they like it or not.

    • #3063559

      When you really look @ it !

      by j.g.camp ·

      In reply to Employees don’t care if the business fails

      The payscale that many get is 1/2 of what you need to have a real life anyway. Employers are lucky if you show up for 20 of the 40 hours you are hired for. In this world we see gas prices, food, homes and virtually everything else priced for a profit margin, yet labor is managed poverty in comparison. A starter home is $ 300K these days where I live, the mortgages alone on that is up to $ 2,000 a month, depending upon the downpay. Well $ 40K a year is roughly $ 2,000 a month take home. So there is your incentive for you, there is no profit incentive to work for these companies. You get what you pay for. Labor isn’t stupid ! You can rest assured, if I’m going to be disappointed in life, I’m not going to be the only one that’s going to be disappointed when all is said and done. It’s a matter of putting an attainable carrot out there. Don’t blame employees for not getting to excited about earning 1/2 of what they need to self actualize in their lifetimes, while being expected to give the best 5 days of their lives. Being left 1/2 way where you need to be only means you need to find some other way to get 1/2 way to where you need to be. The message is, lower expectations doesn’t only apply to labor, it’s an across the board thing.

      • #3063550

        Poor attitude

        by droll ·

        In reply to When you really look @ it !

        You are your own worst problem.

        I will guarantee you that you will never succeed with that attitude. It obviously permeates your persona and I’m sure that others around you know how you feel.

        We would all like to make more money, but that just isn’t the way life works. Sitting and moaning about it and blaming ?The Man? or any one beside yourself is self-defeating. You must earn your keep within the prevailing wage/labor structure. If you attack you job with gusto, and are successful in your efforts, you will be rewarded. It may be a promotion, a raise, or even a pat on the back. If you are stuck in an environment you don?t like, do your best to get out. Sadly, with your attitude, you won?t be getting many offers, so waddle in your misery and leave the rest of us alone.

        • #3063539

          OH Really

          by techie31 ·

          In reply to Poor attitude

          I readthe replies here and am surprised at what read. Some come across with tude that the company put all these nice toys here for us to play with. Others come across with they deserve what ever happens to them. i have always thought that it is m job to keep a network up and running. A network has two parts stupid machines that ony do what we tell them. while we can fix the machines the human factor is the most likly to create the problem. all i can is suck it princess or get a job where you sit in a room and play solitare

        • #3063507

          Reply To: Employees don’t care if the business fails

          by j.g.camp ·

          In reply to Poor attitude

          Hey a candid reply was solicited, I gave it.

          “We would all like to make more money, but that just isn’t the way life works.”

          Unacceptable, by today’s standards and what you indicate my attitude should be, anyone accepting this from an employer is lowering their expectations. I wonder if my landlord would live with that from me, even the power and cable company. They don’t want to hear excuses from us, well, we don’t want to hear this garbage from them. Like I said, they want my 5 best days, evenings and weekends, $ 40K ain’t gonna cut it ! and no amount of flag waving, star spangled banner playing in the background is going to motivate me, especially when the price of a home, energy, food and so on has been jacked up on all of us and the only thing the employer has is a COLA that doesn’t cover inflation. And I haven’t even started going off on sitting in traffic both ways to take care of the business’s problems. Because that’s what we’re talking here, the business’s problems.

          As for blaming the man, no, I don’t blame him. I’m a businessman, the company and it’s owner’s have problems (yes, again their problems, not mine), pay me a real world income to solve their problems. Isn’t that what the ownership is getting first and trickling down the concept of “1/2 way” to the rest of us ? If you don’t approach being an employee with profitability in mind, you’ll be in trouble financially. I went to college to earn more, not to become enlightened. I can do that on my own time. And don’t hand me any nonsense about making America great, that’s been shipped off to India and China for dare I say it, profitability.

        • #3063464

          Great!!

          by frazierw ·

          In reply to Reply To: Employees don’t care if the business fails

          I could not have said that any better!!!

        • #3063458

          second that

          by mindilator9 ·

          In reply to Great!!

          well said. how dare anyone tell me i need to be happy with the bs wages that don’t come close to matching our cost of living, nor the importance and skill of our jobs. that is the true defeatist attitude. complacency is a mental disease.

        • #3063374

          Doesn’t suprise me …

          by dusan.ignjatovic@emersonn ·

          In reply to second that

          Don’t let that “Poor attitude” post get to you. A look at the profile of the person posting that comment will explain alot.

        • #3063128

          I see your point,

          by j.g.camp ·

          In reply to Doesn’t suprise me …

          Yeah, the profile fits !

        • #3063122

          No, not you …

          by dusan.ignjatovic@emersonn ·

          In reply to Doesn’t suprise me …

          I was referring to the profile of the person who wrote the reply entitled “Poor attitude …” If you check out that profile you’ll realize why he thinks a “pat on the back” is somehow more valuable than a raise.

        • #3071994

          poor attitude ?

          by avid ·

          In reply to Poor attitude

          i agree with his post and his attitude. the fat cat execs who have no concept of what we do to keep their salary increasing expect us to give a sh#* about the network? if you his position is off base, perhaps you should walk in his shoes for a while. and don’t tell me that you have earned what you have gotten. the truth is you are an exec. you get paid more if we work harder for less money.

    • #3063514

      Two Separate Issues

      by haamid-3 ·

      In reply to Employees don’t care if the business fails

      I think we are trying to apply a single solution to separate issues. Abuse of resources has nothing to do with employee loyalty/happiness. I think it’s wrong to assume an employee(s) has a lack of respect for IT or the company simply because they surf the net of download/transfer excessively large and personal files. This is where IT can make a differernce; It’s called “Educating.” I can sit in my office or cubicle all day and send out newsletters,write policies, and send emails about resource abuse. But what really works is if I spend some of that time going to the departments and introducing myself to the employees and talking with them about the desktop usage, network resources, and the types of behavoirs that cause network downtime. Especially in the areas where I have repeated abuse. This attaches a face to the monitoring. While this can be time consuming, so is spending hours, days, weeks, and months fixing and refixing problems caused by resource abuse. Most employees that I have come in contact with and exposed to the IT side of things never had a clue about the issues we face. From thier prospective, that little box in front of them is just like that little box a home. And since most Americans spend the majority of their lives at work maybe even when they are at home the previous is even more true.

      • #3063390

        You said a mouthful there

        by dc guy ·

        In reply to Two Separate Issues

        “And since most Americans spend the majority of their lives at work…”

        We spend more of our waking lives here than on any other activity. More than our FAMILIES! Sharing sleep time might count for something, but not much when husbands, wives, and children don’t go to bed and get up at the same time and don’t share domestic rituals.

        This is where we spend our lives and we expect to be able to live here. That means everything from not having our insurance agent’s website blocked to not stripping off the photos of our grandchildren from family e-mail.

      • #3062949

        The clues

        by mbrunner@customerselects.com ·

        In reply to Two Separate Issues

        This is true. There is little education in most businesses, especially around policy. Mosre often than not, you get an email sith a link to the Intranet site, saying “Here, read this.”

        What is lacking is education and CONTROLS. It’s great to say to John Q. Employee, “Don’t surf those nasty sites, those joke sites, or those sites that may contain malware.” It’s another altogether to monitor, report and DISALLOW that activity, either through targeted education or technical means.

        If a problem is worth the time and effort to write a policy for in order to try and alter behaviour, (almost impossible) it is probably worth the time and effort to examine contol options. One of the alternatives found has got to be equal or less than the cost of doing nothing (everything has a cost).

        There are published figures for just about every threat out there to help calculate ROI…

        Another 2? posting. Collect the whole set!
        Mark

    • #3063509

      What is your environment?

      by livendien la ·

      In reply to Employees don’t care if the business fails

      Some folks were I work do not care much whether the company posts a profit or not… but the vast majority of us do care. We have the long years at the same place to prove it.
      I never have to police people’s surfing habits, but at the same time I have the PCs clamped down very tight… I only have access to downloads, updates, and installation. Do they go to sites that are objectionable? Yes, of course some do… do they open e-mail that is from someone they do not know? Never…. to be honest I am surprised that how savy they are… even when the get a questionable e-mail … where the payload has been stripped away… they ask me to check it out. All in all if you treat them with respect… you get the same back.

    • #3063440

      Would you care to bet on that?

      by htos1 ·

      In reply to Employees don’t care if the business fails

      As the “old guy” in my areas of IT(I started in ’77),Homey don’t play that!At work,that’s what you’re doing.I don’t mind someone using the network during the lunch hour,or even when we set up a gaming portal for the weekend.9 to 5,however is mine and focus is paramount.Besides,we do a lot of workstations for journalists here,which requires being on your toes for them.(and yes,even they want a “favor” on the side sometimes-notably Kazaa,BT,etc.Which torques my ***)They have to get someone else to do that on their corporate lans-I do get that one occasionally.

    • #3063329

      Business don’t care about employees

      by magictom ·

      In reply to Employees don’t care if the business fails

      The title of the reply is self explanatory

      MagicTom

    • #3063287
      Avatar photo

      Well as I now only work small business

      by hal 9000 ·

      In reply to Employees don’t care if the business fails

      I’ve found the exact opposite, it is the workers who want things to go well so they continue to get a pay packet at the end of the week/fortnight/month or whatever.

      However the management on the other hand is a different story at one place I actually had a manager come and complain to me that the work pop ups where getting in the way of his porn browsing and he wanted them disabled. Theses where instant messages from staff and other requests for something that he had to make the decisions on.
      Then when you get to the Family Business they are a nightmare as the owners children are welcome to come in after hours and treat the network as a giant play toy that was put there for their exclusive use. At one place they couldn’t get a game to install because they kept getting a Virus Warning and stopped the installation of that game so they turned off the AV products and loaded the game. Of course next day every computer on the network was infected so badly that they all needed reloading as by that time they had become so infected that it was useless to try to clean them up.

      Or in another place they just deleted an account and reset it after they had finished playing their games it didn’t matter a dam to them that there where orders for several Million $ sitting in the In Box waiting for action.

      While I walked away from big business quite a few years ago it now seems that what was once the preserve of the CEO’s and upper management is now common place in small business as well and they only start to worry about their usage policies when things go wrong and it costs them money to have fixed.

      While there are some workers who abuse the systems most don’t and they are allowed to do a bit of browsing send the odd IM and whatever else is required particularly if there is family problems involved.

      Unlike the original poster I would be saying that most employee’s do want the company to succeed or at the very least remain profitable so they can continue to get paid but unfortunately I can not say the same thing about Upper Management who from my observations appear to be getting carried by their staff.

      Col ]:)

    • #3063280

      what about company loyalty to employees??

      by mindilator9 ·

      In reply to Employees don’t care if the business fails

      Why should we care if the business fails or succeeds if the business doesn’t care if we fail or succeed? Success to an individual means attaining happiness in life, but all a business sees in success is whether the individual produces above his/her quota, whatever that is perceived to be. How many companies sit down with each employee and ask “What are your personal goals in life and what can Brand X company do to help you achieve them in exchange for 40+ hrs/wk of your time and skills?” I don’t even have to google it to tell you it’s very rare. The reality is, with such rampant company-to-employee disloyalty in our culture, every American is wondering when their time to go is. How long will I have this job? Will they warn me before I’m laid off? Just how much effort is worth putting into this megacorp that could just replace me on a whim? If people had a sense that they could make something of their time at one company, then you would see a lot more people care if that company failed or not. Profit sharing pension plans are another motivator. Again, so long as the employee actually feels like they could stay long enough to collect it. Let’s face it. Corporations treat their employees like machines, so it’s no wonder the employees couldn’t care less if the company fails. They were probably at monster.com anyway looking for a new job before their name comes up in the Downsizing Lottery. Nobody’s cost of living allowance comes close to actually meeting the cost of living. Address these issues, and you will see your employees start to care about your company.

    • #3063042

      Attitudes and Platitudes

      by mbrunner@customerselects.com ·

      In reply to Employees don’t care if the business fails

      This issue begs 3 seperate concerns as I see it. Loyalty, expectations and policy.

      If companies want to encourage loyalty, they will.

      It is my opinion that most do not. There are far too many resources for them to pick from for them to worry about treating their employees well. In return for their efforts, employees get a paycheck.

      Companies, let’s face it, are in the business of being in business, and generating revenue for their shareholders, owners, partners, etc. When something cuts into the bottom line, the business looks at the cost of leaving it, changing it, or replacing it.

      As a result, staff and contractors show little if any loyalty to the companies that employ them. They will come in, do their work, hopefully meeting or exceeding expectations, and go home. Nothing wrong with that.

      If the company has a problem with this type of work ethic or behaviour, it should be examining it for what it is, and why it is present in their organization. Then, gauge the costs of repairing it, replacing it and leaving it alone.

      If a business sets its employees up for success by investing in their education, by challenging them to do new things, or improve old things, by providing additional incentives and benefits, their strategy becomes one of long term benefit. If they choose to simply offer what every other employer offers, let the workers educate themselves, hire consultants to play the subject matter experts in the exciting work, then they will likely get what they paid for. Their expectations should be reflective of their investment.

      In a tough economy, few corporate tears are shed for those who are percieved as not performing to expectation. No matter what the economy, people will not cry for a business that fails because its talent pool dried up due non-reciprical relationships.

      As for policies, these are the rules of operation within the organization. Many are written to simply show management or auditors that security or liability is taken seriously in order to be seen as compliant to some rule of law or regulation. Metrics are rarely considered, reporting is sparse, and enforcement is not defined. In my opinion, IT shouldn’t be policing the network. IT Security shouldn’t either. They should be measuring and reporting on compliance, and submitting reports to HR for action.

      Cheers!
      Mark

    • #3062974

      Follow Though

      by aaron a baker ·

      In reply to Employees don’t care if the business fails

      The thing to do is “Follow Through”, no matter how long it takes, nail down whomever started the problem and then hang him/her out to dry for one and all to see.
      When you consider the downtime, the research that goes into finding the thing, the work that isn’t being done, this isn’t as outrageous as it seems. Make an example of these cretins and do it publicly. On top of that, as you hand them thier hats while kicking them out the door, remind them that it’s now a matter of permanent record so that if the question of Moral Character is ever brought up, this will show up. After a few of these, slack ass employees and the like minded would start to care very much as to whether or not a company succeeds. They might even go as far as find ways of preventing it from happening. But as long as the firm just sits there with thier hands under thier butts, it will go on. Companies have nobody else to blame but themselves for lack of guts to see it through to the bitter end.
      You don’t have to high and mighty to honest and dedicated. 🙂
      Regards
      Aaron

    • #3061011

      Yes and I’ve fired someone…

      by taylor.emery ·

      In reply to Employees don’t care if the business fails

      I’ve found this to be true on several occasions and when I hire a new employee they sign a copy of the employee handbook and a separate IT User Policy and Compliance document which states if they do this, that , the other, they will be terminated. No questions, fights, HR Managers involved.

      It works quite well to deter mal-usuage.

      I’ve let go 2 people in the past 3 years for this and our internet bandwidth fees have dropped 35% in the past 3 years since I implimented this policy and got corporate backup.

      • #3060109

        I have Too!

        by paul d. masley ·

        In reply to Yes and I’ve fired someone…

        I too, have had to fire someone for violating our company policy for use of company computers and the network. I did not want to, the employee had been warned too many times. Enough was enough, the time had come. After this termination, I noticed that for some strange reason, the network settled down, downtime disappeared, bandwith increased drastically and virus and trojan attacks almsot vanished. The owner of the company made a comment about the drop in bandwidth charges also. Sometimes it takes making an example of one to straighten out the rest.

    • #3072022

      I can’t believe what I’m reading . . .

      by realme ·

      In reply to Employees don’t care if the business fails

      I can’t believe so many “managers” feel this way. My feeling is that it is not that the employees don’t care, it is that they have not been educated about the monetary ramifications of their unauthorized use. Sure, it might slow the network down, or cause some I.T. folks some headaches, or maybe even take down a server, but no one has ever translated this into dollars for them or explained that if the server is down, someone else may lose a sale, lose the data that would have enabled them to make a sale, etc, etc. But has anyone ever really told them that all this translates to the company profits and ultimately their paychecks and maybe future raises/bonuses. I doubt it. At the same time, companies need to realize [understand] that when your employees are “trapped” in the office from 8-5, Mon-Fri, there is a certain amount of personal business that MUST be transacted from the office (because of other business’s operating hours) and using the internet at work may be one of the few ways they can do that. Additionally, I work for an organization that allows non-professional computer/internet use during lunch and breaks and at least the users in my department (I am departmental support) understand that there are risks involved in web surfing (I make sure they are educated).

      • #3073894
        Avatar photo

        Actually last week I had to install something

        by hal 9000 ·

        In reply to I can’t believe what I’m reading . . .

        On a end users computer and it turned into a real pain to do I had it locked down so tight that even logged in as Admin I still had problems downloading the required item. Granted installing was no problem and the end user thought that the program was great but just getting the thing to download was a real pain. 🙁

        Col ]:)

    • #2495316

      Employees don’t care if business fails

      by ssumahh ·

      In reply to Employees don’t care if the business fails

      No.1 but some are accidental

Viewing 18 reply threads