Forgot your password?
typodupeerror
Businesses

Getting Company Owners To Follow Their Own Rules? 387

Posted by kdawson
from the not-what-i-do dept.
techmage writes "Recently we had an issue at our small company that resulted in the loss of a lot of important data. To prevent it from happening again, we created a company-wide policy that all computers would return to IT to have their contents backed up, and the computers would be formatted and reloaded for the next user. Consistently the owners of the company break this and other policies we set up to prevent data loss, theft, etc. How do I get through to the bosses that when they break with the policies, they are potentially shooting the company in the foot?"
This discussion has been archived. No new comments can be posted.

Getting Company Owners To Follow Their Own Rules?

Comments Filter:
  • by munrom (853142) on Tuesday January 26, 2010 @12:37AM (#30900254)
    Explain the risks, if they choose to ignore it document that they have not returned the laptop to be backed up so that they can't try and blame you if it goes wrong and data loss does occur.
    • by Fujisawa Sensei (207127) on Tuesday January 26, 2010 @01:02AM (#30900440) Journal

      Explain the risks, if they choose to ignore it document that they have not returned the laptop to be backed up so that they can't try and blame you if it goes wrong and data loss does occur.

      Have no fear, I have an asshole cousin who used to own a company. Anytime something went wrong he made sure to blame somebody else.

      So it doesn't matter what you document, or how hard you try convince them that you're trying to protect their company; if something goes wrong, you're probably fucked. But keep those notes as due diligence, in case they really try to screw you for their fuckups. And keep your resume up to date.

      • by PitaBred (632671) <slashdot AT pitabred DOT dyndns DOT org> on Tuesday January 26, 2010 @01:18AM (#30900548) Homepage

        If you have that stuff documented, they can't screw you out of unemployment.

        • by dangitman (862676) on Tuesday January 26, 2010 @01:38AM (#30900670)

          If you have that stuff documented, they can't screw you out of unemployment.

          Wanna bet?

        • by RobertM1968 (951074) on Tuesday January 26, 2010 @02:33AM (#30900914) Homepage Journal

          If you have that stuff documented, they can't screw you out of unemployment.

          Sure they can... even if one is perfect, I am sure there are citable reasons one would have trouble defending against in an unemployment benefits battle. And if the person is not perfect, well, then, there's grounds for termination without unemployment. "Gee, that's the third time you were late... I dont care that it was only 37 seconds, or only the 3rd time in 10 years... the employee rules state that on the 3rd time, we can terminate you. This has nothing to do with that whole lost data fiasco that you documented was my fault."

          Seen it happen. Fortunately never to me... though, I also never filed for unemployment...

          • by afidel (530433) on Tuesday January 26, 2010 @03:29AM (#30901184)
            Meh, only 5% of unemployment cases get denied due to misconduct discharges. Misconduct is
            Generally "misconduct" involves an act of willful disregard of the employer's interests or a deliberate violation of the employer's rules or an intentional and substantial disregard of the employee's duty to the employer.

            If you subpoena the employers timekeeping records and they only show you being late 3 times in 10 years then their appeal of your benefits will get denied.
            • by Anonymous Coward on Tuesday January 26, 2010 @09:31AM (#30903110)

              I fully agree. Employers don't generally win unemployment compensation hearings, even when they are correct. In many cases, the employer has a policy to appeal ANY unemployment claim, just to set up a few additional hoops for the employee to jump through. Most of the time, the employers don't even show up for the hearing. As a result, the state labor department deals with a LOT of junk appeals. Even when the employer shows up, the burden of proof is upon THEM and most of the time, they aren't up to the task.

              I know of a guy who was thrown out during some kind of bizarre purge. The company had a change in management and this guy was clearly not part of the plan. So the company tried to cobble together some sort of justification. However, their schedule for firing him did not allow for collecting enough excuses. The purge worked in such a way that the guy's boss had already been let go, so actual facts of the employee's performance were in short supply. What little they had was wrong.

              So of course, the employer appeals the unemployment claim. The hearing is held and the employer is absent. After losing by default, THEN the employer appeals to re-open the case. The employee's witnesses are subpoenaed and the day of the second hearing arrives. By this time, the employer has engaged some kind of unemployment compensation management firm to try and win the case. Upon seeing the employee's counter claim and witness list, the consultant tells the judge, "Upon review, this case does not rise to the standard necessary to establish termination for cause. We withdraw our appeal."

              Considering how routine these shenanigans are, is it any wonder the employers usually lose?

          • by Xest (935314) on Tuesday January 26, 2010 @06:59AM (#30902120)

            I'm not sure about elsewhere, but in the UK, you'd have good grounds for an employment tribunal. Specifically you'd be looking for an unfair dismissal (if sacked) or constructive dismissal (if you were forced to quite) case. For what it's worth, most companies don't even seem to bother fighting these now if they are in fact justified, purely because they have come to accept that you can't treat employees like that. They will most likely just settle with you if you find yourself in this situation.

            Companies can't just sack people, and even making up excuses doesn't work for them if the employee chooses to fight it. They have to be able to justify why you were sacked, whilst you're right that being late 3 times may be justification, it is not justification if others have also been late 3 times and yet only you have been sacked. If you had been late 3 times, constantly under-performend and so forth then they could again justify this, but they would need to prove you've under-performed, this might include bringing up past appraisals and so forth, but this is why it's a good idea to make sure you agree with your appraisal outcomes.

            The key is that the company has to be able to show that you were worse than other employees, and that if you were worse, it's not because you'd been treated differently and set up to fail.

            I believe the US has slightly less employee protections than this, but this is certainly the case in Europe. Whilst someone whose hated by the whole company can be sacked, employees here have a lot of protection against bad bosses who would sack them out of sheer malice or incompetence. If anyone is wondering why we have such laws, it's because we don't want unemployment stats and unemployment benefit costs raised unnecessarily by having people perfectly able and competent enough to do the job sacked unfairly.

            Regardless though, if you are in such a situation, and taking the matter to a higher level of management if one exists doesn't solve it, then you're better off going elsewhere anyway, because although they may not be able to get rid of you, they can at least kill off your career by preventing you getting promotions and payrises although even that's subject to some protections if everyone else gets a rise, or the interviews for promotion were carried out in a provably unfair manner for example.

            • by EricWright (16803) on Tuesday January 26, 2010 @07:49AM (#30902340) Journal

              I believe the US has slightly less employee protections than this

              Interesting definition of that word. In the US it depends on which state and whether or not unions are involved. If you live in a "work at will" state and are not unionized, you can lose your job for any reason at all, including "we just don't want to pay you any more". This is justified by the claim that you are free to leave whenever you'd like as well.

              Even when I was a contract worker, the company reserved the right to terminate the contract with 1 week paid notice. My options were limited to take it (with no modifications to the contract) or leave it (we have other candidates who want the job).

              • Re: (Score:3, Informative)

                by Xest (935314)

                I didn't realise the US job market was quite that "flexible".

                I should add that contract workers here have less rights too, I was referring to the rights of permanent staff. Here contractors can indeed have their contract terminated at the drop of a hat also.

                • by BarryJacobsen (526926) on Tuesday January 26, 2010 @09:40AM (#30903230) Homepage

                  I didn't realise the US job market was quite that "flexible".

                  That's why we have such a strong economy - we care more about the people that make up the businesses than the business itself.

                  • Re: (Score:3, Insightful)

                    by Xest (935314)

                    Two points:

                    1) Whether the US cares more about the people depends on whether the people are happy with the ability to walk out easier with much lower job security. Being able to sack at any time without question seems to be a much more business oriented law than a people oriented law.

                    2) As mentioned in my original post, Europe has much better employee protection in that most of it includes the protections I mentioned, and yet has a much stronger economy than the US.

                    Or were you being sarcastic?

                    • Re: (Score:3, Insightful)

                      by Xest (935314)

                      It's not so much about being able to fire or quit on the spot, it's about giving both the employer and the employee time to make alternative arrangements.

                      It means that the company has a month or whatever your leave period is to find a replacement so that they're not inconvenienced and hence don't have their business dealings interrupted and it's about ensuring the employee has time to find another job, so that they're not a drain on the state either because they end up claiming unemployment benefits, or bec

                    • Re:Works both ways (Score:4, Interesting)

                      by The Spoonman (634311) on Tuesday January 26, 2010 @02:05PM (#30907322) Homepage
                      Seems reasonable to me. I can quit anytime I want; why can't they fire me anytime they want? I'm selling them my labor. They're free to buy labor from whomever they want, and I'm free to sell to whomever I want.

                      On the face of it, it seems a reasonable argument and in fact IS the argument used by the 43 states that don't offer any kind of employee protection whatsoever. However, if you activate your critical thinking skills, you'll see that reciprocity (which is what you're trying to define) doesn't exist. If, for example, I decided to just not show up to work anymore my company will go on just fine without me even though I do work in a fairly critical position. It might mean other members of my team will have to work a bit harder for a few weeks to fill the void, but there will be no overwhelming financial impact to the company whatsoever.

                      On the other hand, if my company decides to fire me because I wore white after Labor Day (a stupid reason, yes, but a legal one nonetheless in all but 7 states), then I am subject to severe financial disruption, not to mention the loss of medical benefits for myself and family. In all but a few states, being fired makes you ineligible for unemployment (you need to be laid off with the potential for recall to be eligible), so you're on your own regardless of there being a valid reason or not. Beyond that, whenever you interview going forward, you have to explain why you were terminated BUT you're not allowed to speak negatively of a former employer in an interview...so keep it positive! Even if you do, the myth of "they're not allowed to say anything negative about you in a reference" is a meme that should've died a long time ago. They can say whatever they want when giving a reference, legally it just has to be true. However, as you're an unemployed schlub with no income...good luck finding a lawyer who will take your case on a contingency if they lie.

                      We can try and spin it any way we like, the fact is the deck is stacked 100% against you. Is it likely you'll be fired for wearing white after Labor Day? Is it likely, however, that you'll be fired for another equally stupid reason? In this economy, anything's possible.
                  • Re: (Score:3, Insightful)

                    by sconeu (64226)

                    Mod as +1, sad - unable to tell if this is sarcasm or not!

      • Re: (Score:3, Interesting)

        I tried to mod you insightful, then the mouse wheel slipped and i accidentally clicked 'redundant' instead. sorry.

        CYA.
        Cover your ass.
        Just about every industry is like a big pot of boiling soup: the crud rises to the top. "I'm wrong, your fired"
        Document everything, and back it up. make sure you talk to several different managers about the issue. hopefully, at least one will listen/do something. If not, at least when a problem does come up, they can't say they weren't warned.

        Hey look...now I'm the redund

        • by hairyfeet (841228) <bassbeast1968@NOspaM.gmail.com> on Tuesday January 26, 2010 @03:08AM (#30901072) Journal

          Yep you gotta CYA, sometimes you even have to go over their heads but it is a risky move. I have a story that illustrates the point. Many years ago after all those worms were going around I had lunch with my admin buddy Glenn, just swapping stories and about died laughing whe he told me this one:

          He had a PHB middle manager threaten to fire him, so he had to go over the guy's head. So the regional boss calls them both in to explain their sides to the story, and the PHB goes "He has NO RIGHT to tell me who I am allowed to speak to! He is blocking my emails from Melissa [wikipedia.org] and refusing to let me have them! He should be fired for insubordination!"

          Lucky for Glenn the regional head actually read tech journals and knew what Melissa was. He turned to Glenn and said "Is he actually talking about the bug going around?" when Glenn said yes he rolled his eyes and said "Glenn is doing his job and actually protecting this company. There is NO "Melissa" it is a computer bug that spreads through networks and makes a mess, which I'm sure Glenn tried to explain if you weren't busy having a fit. From now on when Glenn says no that is FINAL, got it?" and then he had his secretary send Glenn a free steak dinner for two for having to put up with "that ass" as he put it.

          So yeah I would CYA, but if it is truly a dangerous situation he may have to look at going over a head or two. A lot of the time the middle managers act like little gods because the higher ups don't know what kind of stupidity they are pulling, and as long as he is polite and points out the financial risks this person/persons are causing the company he may be able to turn a bad situation to his advantage. Glenn said he later got a raise and more power because the regional head pointed out how valuable it was to have a network admin that put the company before the dangerous requests of the PHBs. In the end it all comes down to money, and by showing that this person is putting actual $$$ at risk he might be able to turn this to his favor.

      • Re: (Score:3, Insightful)

        by fearlezz (594718)
        Have no fear, I have an asshole cousin who used to own a company. Anytime something went wrong he made sure to blame somebody else.
        And for that exact reason, sometimes IT has to enforce things that even bosses don't like.

        I read a lot of "the owner is the boss" replies, which is technically correct. But if something goes wrong, your ass 's gonna get in trouble. Therefore, if the boss doesn't cooperate, sometimes you have to 'help' him/her a little.

        1) You could fix it under water by syncing over their
  • by FooAtWFU (699187) on Tuesday January 26, 2010 @12:37AM (#30900256) Homepage
    I'd ask anyone who routinely overrides your authority in the data-protection sphere to sign a form indicating something to the effect that they've been informed of these policies and the potential risks and if it all comes crashing down because they don't listen to you, it's not your fault.
    • by Anonymous Coward on Tuesday January 26, 2010 @12:46AM (#30900332)

      If that doesn't work, use a reverse analogy, and actually shoot them in the foot.

    • by Sycraft-fu (314770) on Tuesday January 26, 2010 @12:54AM (#30900398)

      I mean you can't make the owners do anything. They own it, it is theirs to do with as they please. They could close up shop tomorrow for no reason if they wanted. So you can't force them to do as they should. Likewise, nagging them could be a bad career move. So the best thing is a CYA. Have something that says they understand the risks of not following the policy more or less. Then, if shit does break you should be covered. They'll either realize that they made a mistake and be fine, or they'll come looking to blame you and you can pull out the document and say "We made sure to inform you of the risks and you signed off saying you understood them and that it was up to you if you chose not to follow them."

      That's the best you can do.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Meanwhile, back in the real world:

        Owner : IT Guy IT Guy, my data is gone! Save me
        IT Guy : Well here we have this release I made you sign last month that clearly said that if you lost any data it was your own damn fault.

        Owner : He's a post it with the words "you're fired on it". Now take your arrogant self-righteous ass out of my office.

        • Re: (Score:3, Funny)

          by MightyMartian (840721)

          IT Guy: That's fine. You'll be hearing from my lawyer, and by this time next year I'll own your company.

          • by JorDan Clock (664877) <jordanclock@gmail.com> on Tuesday January 26, 2010 @02:32AM (#30900908)
            Or not. Many states are At-Will Employment. The employer can let you go at any time for any reason (aside from illegal discrimination) and in exchange you can leave at any time without repercussions (other than a loss of a positive reference.). IT Guys lawyer would tell him to find a new job instead of paying for legal advice on such a stupid subject.
        • by clodney (778910) on Tuesday January 26, 2010 @10:52AM (#30904254)

          Meanwhile, back in the real world:

          Owner : IT Guy IT Guy, my data is gone! Save me
          IT Guy : Well here we have this release I made you sign last month that clearly said that if you lost any data it was your own damn fault.

          Owner : He's a post it with the words "you're fired on it". Now take your arrogant self-righteous ass out of my office.

          You know what? If it goes down that way, leaving is really your only option. The company is clearly too dysfunctional for you to be happy/successful, so why torture yourself? Move on, and call it a learning experience.

          Life is too short to work in a job that sucks. Yes, being unemployed sucks too, so better to go on terms of your own choosing. But if your boss is determined to be an asshat there is very little you can do to change that.

      • Re: (Score:2, Insightful)

        I remember in 2003 I worked for a non-profit where I managed all IT software (but not hardware). I noticed that various employees were storing large files onto the server. Not a big deal, but we only had about 3 months left of harddrive space at the current upload rate.

        I informed my boss several times, telling him if we didn't expand memory, everything will crash - including email for all 40 employees.

        Well, he didn't act, everything crashed, and apparently they had a several day 'emergency' until they remem

      • by nine-times (778537) <nine.times@gmail.com> on Tuesday January 26, 2010 @01:44AM (#30900698) Homepage

        Not only is it true tat you can't make the owners do anything, but it's even very possible that doing the right thing isn't necessarily going to protect you. You could follow very sensible procedures and CYA with all kinds of documentation, and if the owners are petty and childish enough, they might still fire you or at least make your life a living hell.

        That said, I think it's important that you find a way to be very very clear with the owners about what you believe the consequences to their actions will be. Do it in writing if possible. Be polite and respectful, but don't be subtle. The more vague you are, the more likely it is that they'll hear what they want to hear and ignore what they don't want to hear. Be as clear as possible without incurring their wrath. If you have to, be repetitive and say the same exact thing 5 different ways, but make sure that they understand how their bad actions put the future of your company in jeopardy.

        Also understand that they might not like you afterwards. I've known a number of small business owners who were manipulative and petty and they couldn't tolerate anyone pointing out their flaws or telling them they're wrong. If they were willing to let someone else tell them what to do, they would have gotten a job working for someone else instead of running their own business. Even though you're trying to do the right thing, you might be burning bridges. Make sure it's worth it.

        • Re: (Score:3, Insightful)

          by mcvos (645701)

          That said, I think it's important that you find a way to be very very clear with the owners about what you believe the consequences to their actions will be. Do it in writing if possible. Be polite and respectful, but don't be subtle. The more vague you are, the more likely it is that they'll hear what they want to hear and ignore what they don't want to hear. Be as clear as possible without incurring their wrath. If you have to, be repetitive and say the same exact thing 5 different ways, but make sure that they understand how their bad actions put the future of your company in jeopardy.

          Also understand that they might not like you afterwards. I've known a number of small business owners who were manipulative and petty and they couldn't tolerate anyone pointing out their flaws or telling them they're wrong.

          So don't tell them they're wrong, tell them they're important. Tell them their work is also important, and therefore it needs to be backed up regularly, protected with the best anti-virus stuff, whatever. Don't make it sound like a chore, make it sound like you're doing it especially for them. Because they and their work is really that important.

          How are they going to reply to that? Say that their work is not important? Not likely.

      • by TapeCutter (624760) * on Tuesday January 26, 2010 @01:48AM (#30900716) Journal
        Rubbing their nose in it with a useless disclaimer is not going to end well. Presumably the policy has been written down, meaning the owners have authorised the policy either explicitly or by delegation, therefore his arse is already covered if HE follows it. You can respectfully remind the owners of their own policy but provided no laws are broken they are free to make and break policy as they see fit, employees do not have the same privlages.
      • by mcrbids (148650) on Tuesday January 26, 2010 @02:21AM (#30900860) Journal

        They'll either realize that they made a mistake and be fine, or they'll come looking to blame you and you can pull out the document and say "We made sure to inform you of the risks and you signed off saying you understood them and that it was up to you if you chose not to follow them."

        The only thing you'd get out of such a document is protection from them suing you after they fire you! I'd suggest this:

        1) Write an email to them, indicating your concerns about the safety of the data, and how they need to adhere to the protocol in order to protect themselves. Be very nice about it, and indicate that you are confused as to how you should proceed after meeting X...

        2) They'll reply with something or other. Print both emails off, WITH FULL HEADERS included. File those someplace offsite, perhaps at home.

        Why would you need everything signed in triplicate? That's just intimidating, and likely to engender mistrust. These are your bosses! They're nice enough to hire you, provide you with a living wage, and ask you to solve their problems - be nice enough to respect their position and wishes. And even if they are vindictive, you just need enough to show good faith effort on your part.

        In my experience with things legal, the law isn't interested in the fine grains of the contract, they're interested in what you actually agreed to. At least in California, verbal contracts are OK so long as they are substantiated by actions or supporting evidence, and the courts have already ruled that email is sufficient evidence of an agreement/contract, so anything more is just a formality. But if you get all weird on them, it's a good possibility you'll just lose your job.

        Of course, if you are really worried, IANAL, go hire a lawyer, blah blah. But IMHO, if you do, you'll probably just end up fired.

        • Not necessiarly (Score:4, Informative)

          by Sycraft-fu (314770) on Tuesday January 26, 2010 @02:46AM (#30900964)

          I mean ya, if the owners are major assholes they could fire you anyhow, however such a thing can be useful. First, it may make them change their behaviour and if it doesn't it can help protect you. Reason is they are then presented with evidence that they were informed and indicated that fact. If not, it is easy for ego to interfere with memory and them to say "You never told me this would be a problem!" However with a document they are more likely to say "Ya, I screwed up, now what do we do to make sure this isn't a problem in the future?"

          In any company, there is no 100% protection from being fired no matter what. However having good documentation can go a long way. People do not have perfect memories and often we remember things the way we wish they had been, not how they really were. Documentation can help prevent that.

          Also you don't present it as a "This is just for you because you are assholes" document. Rather, it is a policy exception document. If someone wants to not need to back up their data, you have them sign a doc that says they know the risks, and perhaps have it countersigned and ok'd by a boss. In the case of the bosses, they just sign it themselves.

      • Re: (Score:3, Insightful)

        by invisik (227250)

        Exactly. Sounds more like you should me sending resumes then trying to convince the bosses of something they do not care about. Typically, something bad has to happen until everyone is on board. And it has to affect the bottom line.

        I would approach with a very automated backup system. Something that requires no interaction on their part, that is invisible to them. Like a CrashPlan or Data Deposit Box account. Set it to backup all their main folders and some other places where files might land by accid

    • by pclminion (145572) on Tuesday January 26, 2010 @12:55AM (#30900406)
      Sure, I'll sign a form for you, it's called a Release of Employment.
    • by Fujisawa Sensei (207127) on Tuesday January 26, 2010 @01:10AM (#30900492) Journal

      I'd ask anyone who routinely overrides your authority in the data-protection sphere to sign a form indicating something to the effect that they've been informed of these policies and the potential risks and if it all comes crashing down because they don't listen to you, it's not your fault.

      If they have the authority to routinely ignore / override your security policies, they don't have to sign the fucking form either.

      • by Cyner (267154) on Tuesday January 26, 2010 @01:27AM (#30900598) Homepage

        If you honestly work at a business where the boss both ignores your expert opinion and refuses to acknowledge their contempt for business continuity planning, you should probably be looking for employment elsewhere. You're never going anywhere in that business environment, and the business itself is likely never going anywhere positive either. Unemployment sucks (and I've been there), but a dead-end job can be worse (stress in the short-term, and employability in the long term).

    • Re:sign this (Score:5, Insightful)

      by BigSlowTarget (325940) on Tuesday January 26, 2010 @01:13AM (#30900510) Journal

      1) Thank you for trying to save me money. Your recommendations are welcome as I'm paying you for your expertise and opinions.

      2) If you're going to try to have me sign something like that I'm going to have a talk with you about bureaucracy and how we can't afford a BS cover your ass mentality in a small company. You may rest assured that if I don't back up and there's a crash there are two possible results: If I'm a bad manager I'm going to come back at you and no little piece of paper will stop me from firing you (though I'd expect you would receive unemployment as it's not really for cause). If I'm a good manager I'm going to write the check to cover the damages, feel foolish and accept your recommendation going forward.

      3) If it's a dumbass relative that thinks they can ignore the rules because they're family working in a family business (and they don't sign the checks) then I expect to see their name (and possibly mine if I'm doing it too) on the report of IT security scofflaws that you periodically (though infrequently) prepare for me.

      In a company controlled by a single or few owners it is reasonable to recommend, cajole, suggest or encourage proper owner behavior, but if you dictate it and attempt to threaten (for instance by saying in a confrontational manner 'ok, but I'm not taking responsibility then') you are writing checks that your expertise may not be able to cash. As an owner it's important that my IT works right, but it's absolutely imperative that I don't lose control of the company. Don't make me think that you're trying to take it away from me or lord your technical expertise over me unless you have a VERY secure position.

    • Re: (Score:3, Interesting)

      by icebike (68054)

      I'd ask anyone who routinely overrides your authority in the data-protection sphere to sign a form

      And as you flop that document out for them to sign, also ask if you can leave the building under your own power rather than being manhandled out by security.

      Its time people in IT get over themselves. They don't run the company and they do not tell management what to do with their own computers.

      TFA said "all computers would return to IT to have their contents backed up".

      Really? What CEO in his right mind would turn over the contents of his hard drive to geeks with ink stained pockets?

  • by ghetto2ivy (1228580) on Tuesday January 26, 2010 @12:37AM (#30900258)
    If they do -- shut up and work around it.
    • by Captain Splendid (673276) <capsplendid.gmail@com> on Tuesday January 26, 2010 @12:49AM (#30900354) Homepage Journal
      Parent wins the thread. Hack their laptops, and script the fuckers the back themselves up. Sheesh.
      • Re: (Score:2, Insightful)

        Exactly. Data backup is one thing: I'm sure you can find some open source script that automatically syncs the important files with your office's file sever, or you could write your own, and if you have decision making power in the IT department, you can mandate all laptops used within the company have this software installed to ensure data loss is always minimal. Theft is another story. You can't make anyone pick good passwords, the best you can do is scare them into doing the right thing.
  • I don't get it... (Score:5, Interesting)

    by HockeyPuck (141947) on Tuesday January 26, 2010 @12:38AM (#30900268)

    So you're going to take my laptop, back it up, reload it and give it to the next guy? I in turn will get someone else's formatted laptop?

    Or are you just trying to say, "we lost a lot of data when someone's laptop failed without proper backup processes in place. So we've decided that everyone needs to regularly connect to the company network and back up their laptop. The owner's of the company never back up their laptop"?

    • They should just do away with laptops. They are unsecure by definition, and shouldn't be allowed on the network or even inside the building...
    • I think it might be the process for when somebody leaves the company and their computer goes to a different person. I got a machine once with a whole lot of personal photos on it. I told the IT manager about it and he said all machines are supposed to be imaged between owners.

      The business may not want to to that (say if they have a temp) because it may cost money per machine.

    • Re: (Score:3, Insightful)

      by ajlisows (768780)

      I am with you as far as the confusion. You they asking all the laptop users to hand their laptops over at certain intervals to be backed up, reformatted, and reallocated? That sounds like the definition of fail, and if I was in charge I would not put up with it.

      Here are my simple tips for discussing backup with people who are generally "too busy" to bother with backups.

      Advise them to keep all their data on the server. When they are working in the office, this should be easy. Word, Excel, or whatever sho

  • You don't (Score:4, Insightful)

    by Anonymous Coward on Tuesday January 26, 2010 @12:38AM (#30900272)

    Quite simply, you don't. I've worked at large banks that do not follow their own rules. IT cannot drive policy if C level executives do not want to follow the policy. If you can get auditors or examiners to force the policy to be followed, then it can work. Otherwise, IT cannot do anything. They will only be seen as chicken little and IT will lose what little standing they have at the company already.

    • What the parent said... if they won't follow the policy (and they don't have to). I don't know if the owners are straight shooters or not, so I don't know what happens if the SHTF. Will they pin the blame on IT? It'd sure be nice to have an email or written memo where they had signed off on the policy. It won't save you from getting fired if they're looking for scapegoats, but it might save your reputation while looking for another job.

  • by oldhack (1037484) on Tuesday January 26, 2010 @12:39AM (#30900278)

    They who have the gold make the rule.

    Your responsibility is to recommend and record your recommendation, and do your job as you can.

    In the end, it is "their" company, not yours. It's the way of capitalism. You don't like that? Change your job.

    For what it's worth, I didn't mean any of this in sarcastic/offensive way. I am being sincere.

    Flip it around and see how you would see things if you were the owner.

    • by aeoo (568706) on Tuesday January 26, 2010 @02:45AM (#30900962) Journal

      This whole "flip it around" idiom doesn't work well for me. I am a very unusual person. I know if I was an owner, I wouldn't be an ass, I would not only accept criticism, but would solicit it. I would make sure that if the policy doesn't work for me, then it can't work for anyone, but if it works for others, it better work for me too. In other words, if having my computer backed up is too onerous for me, I would assume it was also too onerous for my employees. On the other hand, if something is not a big imposition and has good benefits, I expect everyone, including myself, to follow it. I would basically eat my own dog food.

      Since I am a great person, unlike most business owners, saying "flip it around" just doesn't work for me. I know that if an employee came up to me and criticized me, it wouldn't be a career ending move. But that's just me.

  • Assign it a cost (Score:5, Interesting)

    by hedronist (233240) * on Tuesday January 26, 2010 @12:39AM (#30900280)
    See if you can assign a value to the data already lost because of their failure to follow the rules. We did a variation of this at Xerox ASD in the 70's and locked Charles Simonyi (yes, that Charles) out of "his" own source code.
    • by zifferent (656342)
      Very interesting. So how did that turn out?
      • by Tablizer (95088) on Tuesday January 26, 2010 @01:13AM (#30900514) Homepage Journal

        It put Xerox behind and prevented them from releasing the GUI in 1977, delaying the computer industry and the would-be 2008 CAD design of the first practical flying car. Remember that anal stunt the next time you are stuck in traffic.

      • Re: (Score:3, Informative)

        by hedronist (233240) *

        It turned out just fine. Our "VCS" was a magnetic white board with a grid on it (remember, this was 32 years ago). Every filename had a box. When you checked out a file you put a little colored magnet (we each had our own color) on it. If you wanted a file that was already checked out you put your magnet upside down over the current one and when the person checked it in they would flip yours over, poke their head through the door and say 'foo.h is yours.'

        Charles would sometimes want to make a 'quick fix'

    • by Gramie2 (411713)
      But it was too late, he had already checked in code with that goddamned "Hungarian Notation", right?
  • by Farmer Pete (1350093) on Tuesday January 26, 2010 @12:44AM (#30900306)
    It's funny, every year we prepare for auditors, and all we have to do is show them that we have a policy, not that we actually follow the policy. It's really quite hilarious and yet sad at the same time. For instance, we have to show them that we are doing scans of our network looking for vulnerabilities, but all they want is a log with someones name and a date on it. They don't care what was found or that anything was done with the information that we found. They could care less. The sad thing is, the company doing the audit is a very large company. The truth is that most management could care less about policies. Password complexity? Sure, just don't assign it to the management. Screensaver locks after 10 minutes? There better be an exceptions group for the CEO and her secretary. It's really quite sickening really. It's amazing what you can get people to do for you when you're the network admin's boss' boss' boss.
  • Remote Backup (Score:4, Interesting)

    by Bios_Hakr (68586) <xptical&gmail,com> on Tuesday January 26, 2010 @12:46AM (#30900322) Homepage

    Use the admin account (and shares; $C, $D, etc...) to map their hard drive remotely to a computer in the networking office. Then, use RSYNC (or SyncToy) to mirror the drive remotely. Once the initial backup is complete, daily or weekly jobs will progress quickly.

    You really have to find a way to work around the guys who are in charge.

    If you want to be a bit more nefarious, start the backup jobs first thing in the morning. When the boss complains his system is slow, do a backup/format/reinstall on his system. Now his system is magically fast again...

  • Just because I own a few shares of Best Buy doesn't mean I get any special treatment in the stores or edge in getting a job with them. If the owners don't follow the policy, they should be fired by the CEO. Of course, this doesn't work if CEO == Owner.

    • by timmarhy (659436)
      No. he said small and he mentions owners. that means this is a small business.

      frankly i'm not sure why this guy cares. if the owners want to do shit that endangers their data then let them unless you think there is a real risk of the business failing because of it. in which case it should be easy to make the case to stop them.

    • by pclminion (145572)
      Fire the owner? Uhhh... Unless the company has a board of directors, how exactly does one do that? With a firearm?
      • Yep, it happens. If there's a minority-share owner and the CEO doesn't like them, they can be fired from their role as employee. Of course, the CEO can be canned if the ousted owner can get a majority of the ownership shares behind them... but there's always been cases of people falling below 50% ownership and being fired by the rest of the ownership.

  • by Chas (5144) on Tuesday January 26, 2010 @12:48AM (#30900344) Homepage Journal

    You've created a policy and don't have the owner-level execs onboard?

    That's failure #1 right there. Good policy making for security purposes isn't "And IT saith THUS!". Operating in this kind of vacuum gets your enforcement NO PLACE. Fast!

    You have to involve these people pretty much from the get-go. This way they understand why the policy is in place and have less self-provided incentive to circumvent it.

    And yes, as others have said, a small amount of "horror story" can go a long way too. But only DURING the policy creation process. Afterwards, they look at it as simple justification of an arbitrary policy.

    Right now you guys haven't got a leg to stand on.

  • As I understand, the policy is about computers that are reused, and the prior data loss occurred because someone quit, and nobody bothered to preserve the data on his computer until it was too late.

    If the owners of the company neglect this rule as they change their own computers, not much you can do or need to do. Just send them a few reminders, and if you hear nothing back, desist. It's their company after all.

    The owners may want to do that if the computers were used for storing some confidential infor

    • by TapeCutter (624760) * on Tuesday January 26, 2010 @02:19AM (#30900854) Journal
      "The owners may want to do that if the computers were used for storing some confidential information. Such a backup cannot be stored on your shelf among books and other assorted DVDs. If the owners know what they are doing, they perform backup of those computers themselves, and keep the media at home"

      That's a very good point, it's quite likely that the owners know exactly what they are doing and why they are doing it. You won't get far in business by blindly trusting everyone who works for you.
  • You need to give up caring. Seriously, if they, as the owner(s), want to be idiots... well, so be it. Realize that (as with many business owners) they aren't really all that sharp, don't commit to this company any further than the short term, and keep your resume up to date for the time when they finally screw up really bad.

    I've seen it all at this point. The small business owners that are smart, honest, and have reasonable common sense are few and far between. Your complaints don't surprise me at all;

  • Ask why they're not following the policies. If the policies are onerous (they usually are) then you're wasting your breath asking that they be followed. Instead, rearchitect the policies so that you maximize their effectivenes -short of- getting in the way of the work.

  • Your network policies have to be convenient for the users (including the business owners). If the perceive something as being so inconvenient that they're tempted to circumvent it, you as the IT department are obligated to come up with something more convenient.

    If the problem isn't one of convenience (but sneaking around and trying to actively evade backups), then you've got bigger problems.

  • by victim (30647) on Tuesday January 26, 2010 @12:56AM (#30900414)

    What makes you think the owner's information should be available to you in the IT department?

    • Re: (Score:3, Insightful)

      Because we already have access to that data. If you don't trust US with that data, then you have bigger issues.

  • What are you an admin noob or something? You cant. You are IT, you are SUPPORT STAFF, you do what you can to create policies and safeguard against disaster. The owners do not report to you, you are not their boss, if they want to take a torch to your server room because they feel cold they can. Just as pretty much every post at this point has made, suck it up and do your job. When you own your own company you can force people whichever way you want but until then, see the above posts.

    Which brings up a

    • Exactly. If they won't come to you, go to them and do your job at their convenience, not according to some policy set by a subordinate.

      And here is a bonus -- you will create the impression of being a useful, dedicated employee rather than that of a peevish dweeb who doesn't know his place in the pecking order.

    • by realmolo (574068)

      You're right, but IT still needs to cover their own asses. That's where the "control freak" attitude stems from.

      IT knows what kinds of things are going to cause problems, and they want to prevent them. If management doesn't want to do those things, that's fine, but management then needs to sign off on it. They need to KNOW that IT is not going to take responsibility when the shit hits the fan. Of course, that doesn't mean they won't blame IT, and likely fire some of the IT team. Someone has to take the fall

    • So you are hired to perform a professional service, and your brilliant sugestion is not to do the work properly but to follow the money?

      What kind of "professional" are you? Not one I would want on a sensitive environment, since obviously you would not have the presence of mind to stick to security procedures.

      There is certainly a problem if you don't bring on board of your suggestions the owners of your place of employment, but that is a problem of presentation. Part of the skill set of a Systems Administrat

  • I once worked for a company that had a direct competitor next door and didn't realize they next to each other and were sharing the same lunch room worker, who just happened to be the twin sister of the pricing manager of the shop I worked for. When we in the IT room figured out what was happening... we gave incorrect information to the women and drove our competitors into bankruptcy. For her involvement in the mess, that pricing manager was demoted. And because I had developed the pricing system to become e

  • Use Linux
    Emacs, that always works
    Buy a Mac
    Switch to Windows 7
    Switch back to Window XP
    Just quit and find another job
    Keep a documentation trail to CYA
    Smile and nod, smile and nod
    You're doing it wrong anyway
    Laptops? Nobody needs a laptop!
    Backups? Nobody needs a backup!
    Why is the CEO such a jerk? All CEOs are jerks
    I worked at a company once with this exact same problem and here what I did: Nothing
    I worked at a company once with this exact same problem and here what I did: Showed the CEO a better way
    I worked at

  • sociopaths (Score:4, Insightful)

    by digsbo (1292334) on Tuesday January 26, 2010 @01:03AM (#30900448)
    It has been shown (I can't google the study right now) that people in senior management have a much higher incidence of sociopathic and psychopathic behavior than the general population. If your management insists on rules for others that they don't follow themselves, and consciously flout, they may fall into that group. In that case, keep your resume and interview skills up-to-date.
  • Only if you find a way that does not involve requiring the user to do anything. "Auto something thingy", hey you're the IT guy figure it out.

  • Sell your idea (Score:2, Interesting)

    by netfoo (1729856)
    Understand that the owner(s) are a peer group and have their own dynamic. It's their company, not yours. If they liked following orders, they'd be employees not owners.
    1. Identify the group dynamic (is there a 'holdout', and 'alpha geek')?
    2. Identify the objections to your proposed solution.
    3. Ask them what their ideal solution(s) would be for this problem.
    4. Customize and provide a solution to them.

    Don't ...
    * rely on the owners having a conversation amongst themselves. If you want to meet with
  • Here's some perspective. Owners are people too and their personality and circumstances vary. I've been in both roles. Be respectful of their time. Owners/entrepreneurs/execs are used to optimizing their own time and taking calculated risks. Find out why they don't follow the rules and don't get irritated at the answer.

    I've broken rules and procedures (filling out time cards, backups, etc) when the "opportunity cost" was too high and it was my prerogative to make that decision. (I could complete my time

  • Owners make policies not to avoid problems, but to avoid responsibility. They don't want employees to create risk -- because those employees are not able to be held accountable for those actions unless there is a policy. But owners get to dodge the policy and assume the risk -- because they are able to be held accountable, no matter what.

    Rules don't apply to people who can change the rules at any time.

  • ... what I do. Does that sound familiar? That's the way corporate executives think. They make the rules for OTHER people to follow, but their own obligation to follow them is very, very conditional.

    Incidentally, we have the same problem in government. Same mindset, different venue.

  • by coolgeek (140561) on Tuesday January 26, 2010 @01:46AM (#30900708) Homepage

    It's all about letting it go, CYA, documentation, etc.

    Here's an idea: sit down with the boss and ask him what his objections are to the policy. Perhaps, rather than dictating something that he finds inconvenient, invasive, or just doesn't like, you should engage him in the solution process. Chances are, if he has a hand in designing the solution, he'll participate in it.

    I can think of all kinds of potential problems with your system. I'll pretend to channel your boss for a minute. Maybe I don't want to have everything on my computer backed up. (Perhaps he has a mistress, offshore accounts, cooking the books, records of skimming, concealing things from his wife's divorce attorney) Maybe I don't want to swap my computer that I love with one that you are pulling out of the pool. (I don't want the one that Scroggins has been using, that dude picks his nose, and then goes right on typing. And he types a lot.) Maybe I don't want to drop my computer off once a week for you guys to back it up. (I'm the fucking boss, why should I follow your schedule, punk)

    So, if my channeling is correct, you give him a script that only backs up essential folders, and some thumb drives. And then you come collect his backed-up thumb drive once a week, leave a fresh one, and archive the backup onto the server somewhere, where it gets backed up for real.

  • Talk the Talk (Score:3, Insightful)

    by DynaSoar (714234) on Tuesday January 26, 2010 @01:57AM (#30900772) Journal

    "How do I get through to the bosses..."

    Talk boss language to them.

    Wait until one costs the company something through a computer failure and failure to follow the policy.

    Fix the problem and present the machine back to them with a bill for the repair. Make sure to boost the price to cover any ancillaries such as your training, their training, their retraining, lost time to the company due to their down time, and any similar costs you can dream up. Keep copies.

    Request a general meeting with the bossships. Present the data from the above repair, anonymized to protect the guilty. Compare the cost presented with the cost of following policy. Make sure to point out that they too stand to lose financially (ie not make even more money) if they or others cost the company money. Suggest that in order to protect the company they adopt the policy that such unnecessary costs be charged to the individual in the future.

    For theft, adjust scenario as necessary as well as costs. For concominant data theft, do the same, as well as figure in cost to the company.

    Or put together a 'what if' report based on a previous loss and present that at such a meeting, rather than wait until it actually happens. Feel free to pretend it did at the start of your presentation (with knowledge of at least one boss). Done this way you could make it look like the company was sunk and scare the bejeezus out of them.

  • by aztektum (170569) on Tuesday January 26, 2010 @02:20AM (#30900858)

    My advice: Find a new job.

    It's done wonders for my stress levels.

  • by ghostlibrary (450718) on Tuesday January 26, 2010 @09:36AM (#30903178) Homepage Journal

    So I was working at a large defense company, and they had been dinged by the gov't for high-level management fraud. So part of the penalty was all employees that weren't managers had to take a mandatory Ethics class, run by... the managers.

    Add in that the class included a Dilbert Ethics Game-- an actual, licensed Dilbert[TM] board game with little Dilbert characters and cartoons in it, where you had to move around and then answer ethics questions.

    Oh, and it turns out you could win the game without correctly answering the questions, as my team figured out victory was based on position on the board, not score. And the only team that could have beat us took the high road, and when faced with one ethic question said "We know you want to hear answer A, but really, we would do answer B, as would any reasonable person."

    I'm still not sure what lessons we learned.

  • by nightsweat (604367) on Tuesday January 26, 2010 @10:59AM (#30904408)
    Every so often reiterate the policy in writing to them and when they ignore it, they ignore it. It's their funeral.

We are experiencing system trouble -- do not adjust your terminal.

Working...