General discussion

Locked

IS Manager needs to Trust Network Admin

By scoury ·
I'm am the IS/IT Manager and today I looked on the Network Administrator's pc and found he has many email profiles loaded, including mine and the CEO, Legal, HR, senior staff and on and on. Apparently he has been reading everyone's email. This is quite a **** to me since I need to trust this guy. I would like to know how other companies deal with this issue. Of course he needs the network passwords to do his job but how do I keep him from doing more? We are 200 users with 2 IT on staff.
If I discuss this with the legal department and it gets around to upper management how would they ever trust the inner workings of my department?

This conversation is currently closed to new comments.

27 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by les69 In reply to IS Manager needs to Trust ...

Ask them about it. There are a number of valid reasons for the profiles to be there. IE a mail recovery or he may have had to remove mail that someone sent accidentally. Be tactful about it. There could be a good reason.

Collapse -

How can he trust you?

by NetTek In reply to

I agree with the other posts in that there may be legitimate reasons why other profiles exists on his computer. Additionally, where I work we make it very clear to all staff that E-mail should not be considered a secure form of communications. In fact, it states in our Policies and Procedures that if you do not want someone else other than your intended recipient to know the subject matter, DON'T send it via email.

I also find it ironic that you're concerned with his actions when YOU WERE LOOKING AT HIS E-MAIL! How can he trust you?

Collapse -

by scoury In reply to How can he trust you?

There are no legitimate reasons why he would have profiles on his system. It is an understanding within the department and stated as such in our email polity. I had to log onto his system as administrator for another reason and only saw profile files loaded there with date etc. So, no, I was not and would not access in his email without valid reason. It is clear what he was doing was unethical. Obvious you are sensitive to him but would you want a system admin who you can?t trust?

Collapse -

Do the Right Thing - CYA

by jklein In reply to

What e-mail client are you using? I would change my password and that of everyone else asap.

If you are incharge of this department you got to alert top management. If you **** the whistle on this guy management will trust you.

If something sensitive gets out there could be some serious ramifications, the legal type. Image if one of the CEOs e-mails got out regarding the stock price. Your boy could be selling info on the side. You dont know but you will be holding the bag if something does go wrong.

You need to fire this guy ASAP. He is messing with you putting food on the table, and the CEOs big bonus. That aint cool. Men have died for less. He dug his own grave, no need for you to join him.

Collapse -

I agree

by schapman In reply to Do the Right Thing - CYA

I agree totally. Your staff are the extra arms and legs that you cant grow yourself. No point having an extra arm that has a mind of its own and is quietly stabbing you in the back. As the IT Manager here, the buck stops with me. My staff do something wrong, I wear the consequences just as much as they do. You have an obligation to your employer and their staff (your customers) to undertake the maintenance of the system with the utmost ethical and moral behaviour.

Collapse -

If you're so sure...

by NetTek In reply to

You said you need to trust him, but it is obvious that your discovery leads you to believe that he is unethical. Ask yourself a question: "Can I ever trust him again?" It seems that you are sure that there are no legitimate reasons for those profiles to be on his PC. You're also sure that this guy is reading the E-mail of top executives which is against your company's policy. And if also doubt wether you can trust him again, then what is the issue? You're his boss, and he violated company policy. Go to your boss or the HR department for a recommended course of action and wash you hands of it.

Collapse -

groupwise

by Discordian In reply to IS Manager needs to Trust ...

quite a dilemma indeed, and there is a lot of reasons for people not to trust the department. but, many times this type of behaviour comes from higher up, and sometimes it is simply just a massive abuse of the tools used to do one's job.

my experience has been quite the opposite, i want to respect the privacy of others because i want them to respect my privacy. thus, my dilemma usually comes about when i am ordered to break into email accounts by the cio of my company. this sets dangerous precedents in my mind and makes me wonder if i should monitor the accounts of those who order me to monitor the accounts of others in a purely ethical sense.

to save aggrivation, i would suggest that you work towards making a very detailed policy about email usage, the level of privacy that should be expected while using company resources, the level of monitoring that is "typical", and the procedure of command that must be followed in order to approve the monitoring of an account. also, you must make known the penalties for being caught breaking these rules at any level, especially for those who can monitor things. see, the problem is that i have no policy to follow and thus this leaves the system open to abuse, either by technical staff, or by executives and managers who have purely political motivations.

maybe by stating a policy this will stop the behavior. at the least, when you de confront the person if he or she does not stop, you can rely on stated policy at that time.

good luck

Collapse -

btw

by Discordian In reply to groupwise

the reason i titled my post groupwise is because that's the email system i like to use since it's a rather difficult proposal to monitor the accounts of others and this makes people feel a bit safer. it also allows me to filter out purely political requests to monitor accounts by explaining the cost in man-hours and equipment to do so. this usually makes executives back off unless they are very sure that there is a very good reason that someone's account must be broken into.

it's also resistant to the security and virus issues some other email systems have, but that is another story entirely. good luck again!

Collapse -

Justification/Legality

by cward In reply to btw

So, if you have an email policy that includes privacy issues, does that justify/legalize monitoring employees' mail? What if you don't have a policy? Does the absence of policy make it illegal to snoop?

Policy or not, my first response to this situation would be to ask the net admin why he/she has the collection of user profiles. I've been administering networks for many years and never had a reason to install multiple user profiles on my machine, even for roubleshooting. Maybe I'm paranoid, but this situation is fishier than a 25-pound trout.

Collapse -

i agree

by Discordian In reply to Justification/Legality

i never had the need to do this either, even for troubleshooting, nor have i ever needed to view another email account for that reason either, in any way.

i also agree that the arguments for viewing email accounts of other employees are often, ifnot always, unjustified, at least by my experience. yet, within the confines of corporate environments today there are few places that you can work were there is not some level of monitoring used and in such cases you are better off establishing a policy that lets everyone know where they stand and what level of privacy to expect.

my mindset is that, given corporate mindsets of the day, to always expect that every email or site you visit or call you make is monitored and to act accordingly. if you have something to send that you don't want management to see, then send it from home.

it's an unfortunate truth today, no matter what your or my feelings about privacy or big brother happens to be. remember what i said, when i'm ordered to break into an account that i disapprove of such requests, but to keep one's job you must do what you are told, at best you can argue against it and explain how it's usually a bad idea to do so in many ways.

Back to IT Employment Forum
27 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums