I am trying to implement strong network security policies and practices. Sometimes, however, the employees and even management don?t understand why I want to be so strict about things.
?But we know our people. We trust them. We?d never have problems like that.?
Well, that is going to change because over the next few years our little ?family? will be growing beyond its 20-some employees and two locations.
I want to put together some ?scenarios? that could happen. I?ll give you two examples below and then ask if anyone else wants to add real instances they know of that I could incorporate into my case files.
#1 ? This is true and happened to us several years ago.
We did not have a network in place. Each employee had a PC with a dial-up connection. ?Bob? worked in the branch as assistant manager. Everyone liked Bob. He worked hard, did a good job at what he did, motivated employees, strived for customer service and had a wonderful sense of humor.
Then one day Bob was fired. Not sure why. Rumor has it he made one too many ?suggestive? remarks about a customer?s backside anatomy. Anyway, one of the women in the office was promoted to Bob?s job. A couple weeks later she called me. I had just transitioned from a job in marketing to the new IT department. ?Could you look at Bob?s computer next time you come here? It pops up with these pictures on the hour every hour and I find them annoying.?
I visited the office a few days later and looked at the computer. It was chock full of porn. He had installed a program that popped up a lady of choice every half hour to remind you to visit the web site for more. Needless to say, I pulled the PC, took it back, reported it to the powers that be and then wiped away the hard drive. I was then able to get approval on a ?no porn? policy when web browsing.
#2 ? This occurred at the company a friend of mine (Judy) works for.
A super-star employee, John, was caught embezzling funds from a client in order to meet some financial needs he was having on some day-trading he was doing during company time. Long story short, the client sued the company and the company was required to turn over email records associated with the client from all employees who worked the account. A lot of personal emails of one employee, Mary, were included in these records (intentionally or unintentionally, I?m not sure). These emails are to friends or family in which she talks about the “cute guys” the client employs but also shares her on-going problems with drug addiction, her sexual misadventures with men she meets online (while at work) and detailed progress she is making with her therapist.
Okay, so what sorts of things have happened in your company that necessitate the need for policies/procedures?
