Question

Locked

How do I deal with porn surfer?

By storch ·
Howdy,

I am a rather inexperienced IT person. I got the job partly by default and partly because of my interest.

In my organization, not once, not ever are computer problems the users' fault. It's always the computer, the software, or our network. At least that's their story and they are sticking to it.

After recently being beat up verbally but one of these users I was in the process of determining his problem. In looking around, in his browser history I found a large number of porn sites visited in the last few days. I haven't finished full malware and virus scans yet but I suspect that I will find some nasty little critters. (Yes we have coporate virus scanning installled but it doesn't always catch everything.)

You know, it's not that people visiting porn sites bother me on moral grounds. I don't care. What bothers me is all the junk that gets downloaded and becomes a problem for me. Actually this is the first time this has come up at work (I've untangled some friends' machines.)so I don't have any sort of porn filters in place nor am I yet familiar with them.

I didn't think and certainly the management doesn't think porn is an issue. They don't even imagine anyone here would visit such sites.

The person who is visiting the porn sites is very well respected here and actually he does seem like quite a nice person. So I want to know, do you think I should just confront the guilty party about it? Tell my boss? Tell HR? I don't want to get him in trouble but I don't want to have to keep cleaning up after him. If I approach him directly, how do I tell him diplomatically that, at least part of his computer glitches were caused by his own careless surfing?

Sorry for my na?vet?. I am learning as I am going. Thanks for your help.

storch

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

For starters - as soon as you can -

by neilb@uk In reply to How do I deal with porn s ...

without naming names or even indicating that you know anyone specific is doing anything, write your boss a report suggesting that you feel uncontrolled Internet access may become an issue and get management/HR to set a formal company policy immediately and get it down in writing. Suggest some monitoring tools and procedures (if you feel up to it) but get involved as it's your system and your reputation. Without a set policy, you'll find it difficult to stop what will become a real problem. They WILL continue to blame you and your systems when the malware shags their systems senseless.

Neil

Hopefully, the rest of the guys and gals will chip in with some more suggestions.

Collapse -

The indirect approach

by JamesRL In reply to How do I deal with porn s ...

Assuming you have a company anti-virus/anti-spyware suite, you should make sure its installed.

I would comment to the user that in the course of installing it (or updating it) you found an unusually large number of viruses. Warn him in general terms about nasty sites like free downloads, porn etc. Let him know that if it happens again you might have to do more investigation.

This assumes that you don't have an official policy. If you feel the need to acquire a filter, approach that with management in non specific terms - problems with viruses, bad sites, need to filter etc.

If you were in a high security business that ought to have strict policies and procedures in place, your role would be entirely different.

You need to walk softly.

James

Collapse -

You need.....

by gadgetgirl In reply to How do I deal with porn s ...

1. An overarching ISMS - Information Security Management System (sort of an umbrella policy framework)

2. Set policies within the organisation to DEFINITIVELY tell the users what they can/can't do

3. An HR Policy which includes a disciplinary section on IT & S infractions.

Take a google on ISO 27001 and you'll get the idea. (If you need help quickly, pm me)


As for the immediate problem - take and keep screen shots for future reference. The last thing you want is for YOU to be accused of going on these sites whilst fixing the pc. Remember, when it comes to security, CYA at ALL times.

If there are no current policies in place (and if not, why not?) the most you can do is to explain to the user - no matter who he is - that this isn't the type of site you'd expect to see on a works machine. If you want, you can lull him into a false sense of security, and tell him that you don't think it was him who was looking. That will give you a road in to a confidentiality and security mini lecture on locking screens and not sharing passwords......

Once you've got his pc sorted, take screen shots again, to prove that you have left him with a "clean" machine. Then, in the future, if it happens again before the policies are in place, he can't accuse you of adding those sites whilst you were fixing the machine.

If policies ARE in place, then you need to inform your manager and HR of what you've found - again, use your screen shots as evidence.

As you're in the US, you have differing laws from us, here in the UK. You need to have an awareness of these laws, and what you can and can't do as regarding digital evidence collection. Here, we would take the screenshots "in tandem" i.e. with a witness, and would also routinely report the finding of porn sites via the HR disciplinary routes.

Also, after cleaning the machine, we would go back after approx. 3 months to ensure the same infraction hadn't been committed, using the EU Privacy and Monitoring Directive as our right of access.

The best person to get in touch with regarding the legal side of IS on this site would, I think, be TiggerTwo..... if she doesn't pick this one up over the weekend, I suggest you pm her. (She doesn't bite, she's a lovely woman!)

Hope this helps - if you need any further info, feel free to pm me (I don't bite either..... I just nibble.... )

(If you're wondering where all this comes from, I've been in IS for years, currently working in IS and Investigations for the NHS in the UK)

GG

Neil - yes, you knew I'd pick this one up from the PFMC, didn't you?!

Collapse -

PFMC - Exactly that!

by neilb@uk In reply to You need.....

It doesn't sound like there's any policy and getting management to set that would really be my first move (as well as documenting) so that the particular offender could be stopped. My reading suggests that the porn-surfer is otherwise OK and just stopping him would be enough rather than getting him canned.

Collapse -

Neil - disagree

by gadgetgirl In reply to PFMC - Exactly that!

if he's porn surfing what else is he doing?

And, is he doing it at work?

If he isn't stopped, will he, in time, get curious about "other types" of porn?

(don't forget - I've seen it all - and I DO mean all.....) (Did I tell you the one about the frozen duck?)

This is why I re-monitor offenders. (Also on the basis of the being the only one in here with the professional indemnity cover to view possible child porn)

If they think they can get away with one thing, they'll try others. Trust me. Verbally remonstrated (I know you know what I mean!) one girl in the last job for downloading an unlicensed program - six months later, sacked her for moderating a bloomin' chat site.......

GG

Collapse -

porn and the world around us

by jdclyde In reply to Neil - disagree

First, different people think different things are porn. Some think the swimsuit edition is porn, while others read your page3 without a second thought.

Not all viewers move on to "other types".

Hope you have never needed to apply your "indemnity cover".

The last pc that got trashed because of a porn surfer, I turned the content filter in IE on, with a password. Not much else I was able to do at this time.

Collapse -

jd - funny you should say that.....

by gadgetgirl In reply to porn and the world around ...

had to press the indemnity cover button last Tuesday.....

(which is why the pm to you is still half written, in draft!)



GG

Collapse -

Got to watch who would get canned here

by jdclyde In reply to PFMC - Exactly that!

Remember that the "offender" is an established worker, while our little tech here is the newb on the block. If management doesn't have a problem with this, who's side do you think they will take on this? By-by tech.

As a tech, you only have as much authority as you are given.

Collapse -

Could easily be both

by JamesRL In reply to Got to watch who would ge ...

The offender could get canned, but the tech could get canned for the way its been handled as well.

James

Collapse -

Get your boss to identify this as an issue

by jdclyde In reply to How do I deal with porn s ...

If your boss and their bosses do not see this as an issue, then the only thing you will secure is your own termination.

As for it being the fault of the computer, document everything whenever you work on a system.

EX:
Symptoms - system locking up / crashing.
Diagnosis - found virus x,y,z.

Take a screen shot of the history.
Another thing to do is pull up the history in front of the user and say "Hmm, that would be where your virus came from".

How to avoid more viruses? Get the users to stop using Internet Explorer. You would not believe how much of a difference it has made in my switch to FireFox from IE.

Keep in mind, you have no authority other than what your boss gives you, and if they don't think this is an issue, all you can do is CYA and clean up the mess, sit down, and shut up. If you don't like that, start putting out your resume.

Good luck.

Back to Malware Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums