Ask Slashdot: IT Personnel As Ostriches? 246
MonOptIt writes: I'm a new IT professional, having recently switched from a different sci/tech field. My first gig is with a mid-size (50ish) nonprofit which includes a wide variety of departments and functions. I'm the sole on-site IT support, which means that I'm working with every employee/department regularly both at HQ and off-site locations. My questions for the seasoned pros are: Do you find yourself deliberately ignoring office politics, overheard conversations, open documents or emails, etc as you go about your work? If not, how do you preserve the impartiality/neutrality which seems (to my novice mind) necessary to be effective in this position? In either case: how do you deal with the possibility of accidentally learning something you're not supposed to know? E.g. troubleshooting a user's email program when they've left sensitive/eyes-only emails open on their workstation. Are there protections or policies that are standard, or is this a legal and professional gray-area?
Simple Answers to Simple Questions (Score:5, Insightful)
Yes
IT has access to everything and should read nothing. The content is just that, content. It doesn't matter
Re: (Score:3, Interesting)
That wasn't the question. What do you do when you did read something inadvertently? You can't unread "Irregularities in the pension fund". Do you pretend that you don't know? What if it's something illegal / against company policy / unethical?
Re:Simple Answers to Simple Questions (Score:4, Interesting)
Does your country have laws protecting corporate whistle-blowers?
It's a lot easier to defend your position if it's the FBI asking you to make surreptitious copies of documents, after they called you following an "anonymous" tip-off...
Re:Simple Answers to Simple Questions (Score:5, Insightful)
Your best bet is to "forget" you read it; never acknowledge that you saw it, and assume the best.
For example, just because someone wrote about supposed "irregularities in the pension fund"; doesn't mean there are irregularities in the pension fund, it may just be some ignorant person spouting out / jumping to wrong conclusions.
There are also paranoid folks who will say such things, until it's proven that no, there was just some minor typographical mistake and everything's fine.
Just like when a person tells you "I turned off the firewall," but it still gave me the error message. Doesn't mean they managed to break into the server room and replace the corporate firewall with a closed circuit ------ they haven't a clue what they just said.
Re: (Score:2)
As a last resort, maybe.. (Score:4, Informative)
I have designed, built, tested, audited, and supported security compliant environments for over 2 decades. A decade at a DOD site, and about the same time afterwards with PCI and HIPPA compliance. In many cases, you need to report seeing things you are not supposed to see. "Forget" is illegal in many cases, so claiming it's a viable answer is dangerous.
That said, from TFA it does not appear to be a legal issue here. Just warning that it's not good advice in general.
The biggest single thing to put into your debugging arsenal is test data. Need to debug mail, send test mail. Need to test encryption/decryption, make dummy files to encrypt and test. A user can't do something, provide them test data to work with that you know is clean. A user has a display problem, have them bring up the application with NO data loaded. These are extra steps, but worthwhile steps. If users complain about loading test data explain it to them.
The second biggest thing for you to have handy is a big dose of honesty. If you open something confidential, make sure that someone knows you saw it (you report to someone as an IT professional, even if it's the CEO directly). If you have to access a users desktop, ask them to watch and make sure you don't open a file that they may not want you to see. If you have to open something you know is sensitive, get permission first (preferably in writing).
There are surely exceptions (Edward Snowden), but that's a much longer discussion. Sysadmins by nature have access to more than any single person in the company. Good sysadmins don't flaunt or take advantage of that fact.
Re: (Score:3)
I don't see how ignoring is a hard thing.
I've had access to countless mailboxes, confidential files, and sat down at executive's computers to fix problems. The magic secret is, don't read it. If someone's mail isn't working, so I repair the problem and check it, I see that there are words. I don't read the words. It's nothing more than a passing glance.
When I have been specifically (and legally) tasked with reading email, I can say that it is amazingly boring.
Usually, just as you said, if I'm testin
Re:Simple Answers to Simple Questions (Score:4, Interesting)
Your best bet is to "forget" you read it; never acknowledge that you saw it, and assume the best.
For example, just because someone wrote about supposed "irregularities in the pension fund"; doesn't mean there are irregularities in the pension fund, it may just be some ignorant person spouting out / jumping to wrong conclusions.
Case to case basis. "irregularities in the pension fund" is something that could be ignored, "couldn't dispose of the corpse last night" puts you in a spot where you might be committing a crime by not reporting.
Actually, you'd probably be committing a crime by not reporting there too... In both cases, if it could be proven you were aware of it. What you're talking about is the different levels of moral responsibility between the two cases.
To answer the OP, as someone who's had root at large positions... Assuming you are not intentionally spying on something or doing something at the behest of a security directory, legal, or other internal affairs-ish agency (which probably doesn't exist at your smaller company), you should treat everything as if you were a cop and you didn't have a warrant. You're not going on a fishing expedition, but if something is "in plain view", it is not inappropriate to use common sense and reason to consider that information now available to you and make choices accordingly. If that means calling your CFO/Legal that's one thing, if it's police that's something else.
Overall, it's hard to go wrong with the time-tested advice sudo lectures you with, specifically #1/#3:
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Re: (Score:2)
Re: (Score:3)
You ignore it. Don't think about, don't gossip it around, pretend you did not see anything.
And start looking for another position if warranted.
Re: (Score:2)
Exactly. You are not an enforcer. You will always get to see things like that with enough access, just too many human beings are scum. But unless you have the power to do bad things to people (and you want to do that), walk away.
Re:Simple Answers to Simple Questions (Score:5, Insightful)
Re:Simple Answers to Simple Questions (Score:5, Insightful)
That wasn't the question. What do you do when you did read something inadvertently? You can't unread "Irregularities in the pension fund". Do you pretend that you don't know? What if it's something illegal / against company policy / unethical?
We used to call it 'being trustworthy'. Not sure what the term is today.
People need to know that they can rely on you under pretty much any circumstances, otherwise they'll stop calling and you won't be able to do your job. That means ignoring pretty much everything.
I say pretty much, because there is a line past which you cannot remain silent. For me, it was child pornography on a customer's computer. I called the police and handed over the equipment.
This was in a small town, and it ruined my life, by the way. The owner of the computer was a prominent citizen who immediately accused me of planting the material, then began a slur campaign against me. The town, as the saying goes, wasn't big enough for the both of us. After more than a year of this, I had to leave. I'd lost my job, and I'd lost half my friends.
Some time later, I ran into an acquaintance from that town in an airport. His first bit of news that that the kiddie diddler had finally been convicted. His own smear campaign finally had the effect of bringing three adult victims of his out. They testified against him and put him away. The lesson I learned is that, sometimes, there is justice in this world. But it doesn't come free.
So yes, you need to be - and you need to be seen to be - completely, implicitly trustworthy. How you do it is simple enough: Always be there, never be seen to be part of the gossip. Be open and obvious about everything you do, and never, ever work in someone's office with the door closed. Equally, though, you need to be seen to be the kind of person who will do the right thing. That's a little harder to do and, as I've recounted, sometimes comes at a cost.
Re: (Score:2, Interesting)
As a sysadmin, there isn't the option of doing things the wrong way. Your job security and salary actually depend on you knowing "the right way", especially when everybody want to cut corners. This is why you always make sure you speak your mind, and if still the managers and leadership wants to do it their ass-backwards way, you get to say "I told you so".
After a few years, most of the good ones will start listening to you, even if you're totally fresh in the role. THIS is why you never just bow your head
Re: (Score:2)
As you don't know the details you simply stop reading. There could be any number of "irregularities in the pension fund", maybe a transaction was reversed or a simple typo, it happens all the time. Unless you continue reading to know the full details such a headline means nothing. In reality pretty much no matter what you accidentally read, most "small snippets" are almost never accurate towards the full content.
Re: (Score:2)
If I don't know any further details, I'll take it as if it were the best case scenario and someone found some irregularities and is fixing it. Irregularities doesn't mean something illegal happened, there are plenty of ways to siphon money out of a fund that don't break the law, that's what accountants are supposed to know and fix.
If something is blatantly illegal, follow the corporate policy and report as necessary to superiors and if that fails or is not feasible, authorities. Remain as anonymous as possi
Re: (Score:2)
Don't ever use that information (except to decide to resign your position _without_ giving honest reasons). While the moral thing might be to act on it, the practical thing is that you do not have the position/role to do so and it will always be to your detriment.
Re:Simple Answers to Simple Questions (Score:5, Insightful)
I prefer the term "professionally disinterested".
If it is NOT evidence of a crime then you ignore it. Or you use that knowledge to avoid finding out anything more about the topic.
If you have any questions then you bring those questions to HR.
Re: (Score:2, Insightful)
In my career I've had access to everything from HR data, payroll, ethics/legal investigations, etc... never really looked at it other than the few times I commented to the programming teams about them having debugging on in their code (in production), potentially spitting out private/sensitive information into the logs, etc (one time one team had company CC#'s with names, SSNs, etc). It is what it is - I just inform them they shouldn't do that, but don't really pay any attention to it.
I have never, even th
Re: (Score:2)
When it's the discussion about budgets that affect your department, including laying off staff, you're a complete fool if you don't get your resume out there.
When as IT should you ever be reading a "discussion"? You might see a subject or two about budget or even layoffs but
you shouldn't be reading the actual emails and without violating your position and reading the emails you are usually just
guessing at what is really going on. If you find yourself constantly curious and want to read other people's emails because
of some snippet you saw then you might want to think of changing to a career where you are not constantly being
tempted to do something illegal/immo
Re: (Score:3)
Of course you verify identity first. Just don't ask for the password.
You don't want users accustomed to giving out a password on the phone. If they're accustomed to giving it to somebody in IT, they'll probably tell it to somebody who pretends to be IT. If you tell them never to help IT when they call, you're setting up a problem when somebody in IT needs to ask a question, like "Do you really need that 342M email attachment in your mailbox?".
And, if you're giving your online banking password out ov
blahblahblah (Score:3, Funny)
why the fuck are you asking here, of all places, about office etiquette? haven't you noticed that over half of the people here are bitter, miserable burnouts and misfits?
are you also asking on the christian abstinence forums about finding prostitutes?
Not sure why this is a question (Score:5, Insightful)
I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them. If it's a temptation, might want to re-evaluate your own professionalism.
The same with politics and gossip: keep it to yourself; do not participate. If asked a question, smile and decline to comment. Be polite and cordial but trust no one.
Basically: do your job and stfu.
Re: (Score:2)
I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them.
What happens when you get a request from management to help them identify/bring to their attention people potentially 'abusing' the e-mail system, such as by e-mailing sensitive information out of the organization, or by identifying employee(s) sending e-mail that are obscene, abusive, harrassing, or contain inappropriate language?
Re: (Score:3)
I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them.
What happens when you get a request from management to help them identify/bring to their attention people potentially 'abusing' the e-mail system, such as by e-mailing sensitive information out of the organization, or by identifying employee(s) sending e-mail that are obscene, abusive, harrassing, or contain inappropriate language?
That's an official request from management and is part of your job at that point even if it wasn't before. Inform HR of what you've been asked to do and if there's a conflict let them hash it out. Document everything and keep a personal copy of the documentation in a safe offline place. If you get fired for doing your job you either have enough documentation to take legal action (if you can afford it) or enough to clear your name if it becomes necessary.
Re: (Score:2)
Re: (Score:2)
Don't just decline to comment, that's far to open to interpretation.
Play dumb instead.
Re: (Score:2)
Re: (Score:2, Informative)
I call bullshit on this. It seems to be true... but it isn't, not quite.
IT is typically a support position, not the core business. That limits promotion potential. Worse, when done well it's supposed to be invisible by dint of not breaking down. You can do something about that by promoting yourself, by communicating really well, by showing what went well instead of having to announce another failure you're mopping up after. Like, you've done a bunch of maintenance and introduced a new service. You can annou
Sound advice I was given (Score:2)
Don't look for logic (Score:4, Insightful)
1) They have no idea how to do what you do, and need you to help them perform even the simplest of tasks
2) What you do is so simple any moron can do it
3) Their son / brother-in-law / uncle, etc. is much more of an expert then you. They re-install Windows for them every six months, and made their system much faster by upgrading from a 512GB drive to a Terabyte drive as well as much safer by installing three, count them three different Antivirus products!
4)You are some kind of idiot, because you haven't done what their expert relative has done
I wish I was kidding. The reality regarding your question is that as an IT professional you will have access to said sensitive information. It will only make you jaded if there is good reason to be jaded. If there is good reason to be jaded, run don't walk to a better gig.
Re:Don't look for logic (Score:5, Insightful)
Always remember that you are dealing, in your case where your internal customers are not IT savvy, that there is a reason why we refer to them as lusers:
If I ever hear any IT professional at a place where I work referring to end users as "lusers", I can promise you that the shit will hit the fan.
Re: (Score:2)
Local user, you twit. It doesn't mean 'loser'.
The fact that the end users tend to look at IT as utterly useless except when something goes wrong, in which case it should have been fixed and prevented from going wrong even when it was the end user's fault, does however tend to promote such an attitude. But the IT guys would have to be idiots to use that term openly.
Re: (Score:3)
Any IT person that uses that term should immediately look for a different career path.
Re: (Score:2)
My aren't we feeling superior today.
Re: (Score:3)
(the toner cartridge in that LJ5 on third floor east isn't changing ITSELF, btw...)
Toner is a consumable and IT does not provide toner nor facilitate their replacement. Please feel free to open a ticket to IT once you have managed to jam the toner cartridge in upside down and sideways for technical support.
Re: (Score:2)
BS. the term 'luser' is specifically juvenile IT people thinking that they are being witty. They are not, and the.
And how! The real term is "looser.'
Re: (Score:2, Insightful)
Suffice it to say my experience differs from yours. Too often I ran into users of my software and of those that I may have written portions of, that discerned solutions and detected deficiencies I missed or did not take seriously, respectively. The former was an entire package I wrote to specifications given to me by the head of the firm I worked for (cryptic scribbled / partially illegible notes on scrapes of paper) who was a professional with at least one masters in computer science and the owner of the f
Re: (Score:2)
Re: (Score:2)
Everyone who has worked in end-user support thinks of lusers. Some of them say it, some have the social awareness not to utter the word, but they all think it or something to that effect. There are websites devoted to swapping stories of luser ignorance.
My personal favorite is the user I met who used to manage all her documents by running word, going to save-as and dragging files around in the little save dialog, right-clicking to make folders and delete things. In her years of using a computer, she never f
Re: (Score:2)
Everyone who has worked in end-user support thinks of lusers. Some of them say it, some have the social awareness not to utter the word, but they all think it or something to that effect. There are websites devoted to swapping stories of luser ignorance.
My personal favorite is the user I met who used to manage all her documents by running word, going to save-as and dragging files around in the little save dialog, right-clicking to make folders and delete things. In her years of using a computer, she never figured out that you could go to start->documents.
Either we've met the same person, or that method is now taught in college.
Re: (Score:2)
Seems frequent enough. I've had to populate desktops with icons for people who seem scared of the "start" menu.
Re: (Score:2, Interesting)
No, they don't need a master's, just a bachelor's degree and continuing education and training that will exceed the time invested in a master's and NEVER. STOPS.
If you're considering IT to be equal to janitors, you are not the person who should be doing the job you are doing.
Re: (Score:2)
You are too full of yourself. How productive are you when the computer network is down and you can't do your highly paid job? I'm sure you don't pull out a paper and pencil and design your next product. You call and demand the support team fix it, so you can work. So, without them, you are not bringing in any revenue either.
By the way, you are as replaceable as the IT guy who knows how to fix the system.
Re: (Score:3)
You condescending fuck.
If the IT support teams at my company downed tools we'd start losing revenue within minutes, start losing profit within hours and start losing customers daily.
I'd give the company around 3 weeks to reach an irreversible point from which it wouldn't recover.
IT may be a cost centre but good luck running your business without it.
Re: (Score:2)
When was the last time the IT folks provided reveune?
Every time a sales guy enters an order into the system and a sale actually takes place complete with product delivery. Shut down IT and the sales guys' productivity will plummet.
In all honesty, do you really think anything that didn't actually contribute somehow to profit (or even continued existence) wasn't tossed out the window long ago?
Re: (Score:2)
BTW, I am also a professional engineer but I mostly run computer systems for others these days and assist with the development projects for others. "IT" is not as cut and dried as you like to pretend. Many people would call your job of hardware and software development "IT" and be confuse
Certainly no logic there (Score:2)
Calling an IT person a janitor as an insult shows a lack of respect for both and is as stupid as calling a marketing person a hooker or a finance person a thief.
LOPSA/LISA Code of Ethics (Score:5, Informative)
Read the System Administrators' Code of Ethics [usenix.org] and take it to heart. Even if your job title doesn't include the words "system" or "administrator."
It's actually pretty easy to ignore the content of an email if you're focused on the email delivery process (mail server logs, the headers of forged/spam mails, things like that). Similarly, if you're doing FTP hosting or file drops for customers, you rarely need to dig into the content of the files themselves to troubleshoot upload/download problems. There are rarely reasons to dig into the content of whatever you're working on. It does come up, if (for instance) some piece of email has wacky malformed content that keep crashing the mail client, but IME those situations are uncommon.
I used to work at a mom-and-pop ISP, in a small town. Our customers included the local police and fire departments, City Hall, and most of the larger law offices and accountants' offices. Since we provided email and Web hosting (among other services), I certainly could have made some locals' lives very interesting. Hell, I had access to the email of everyone in my company, including that of the owners to whom I reported. I'll admit to having been tempted once or twice, but I'm proud to say I never abused my privilege.
Re: (Score:2)
I prefer to avoid seeing (or at least actually reading and comprehending) stuff on other people's PCs. Not just for legal liabilities and such, but there are some things they might be emailing about that are perfectly legal but might send me running for the brain bleach. I'd rather avoid that and the subsequent awkwardness.
Just ignore it (Score:2, Insightful)
Whether I'm working in IT or another area, I try to ignore what is on people's screens. I consider this a simple matter of manners, not an IT issue. You don't read over other people's sholders, do you? Do you feel the need to act on every piece of overheard gossip or twitter/facebook post? Dealing with other people's computers should be treated much the same way you treat overheard snippets of conversation on the street. Ignore it and move on.
I've been in your position (Score:5, Insightful)
You can never ignore office politics. You don't have to play the game actively, but you do need to be aware of what's going on around you, who is in what camp, what the major conflicts are. You have to cross battle lines regularly to do your job; you can't afford to be seen as a member of the 'enemy camp' by *anyone*.
As an IT guy you need people to trust you, which means you need to be ethical. If you see something you shouldn't know, don't go chattering about it.That kind of thing does get around, and you'll lose trust instantly.
Nothing's stopping you from making personal career decisions based on the information that you come across in your daily work. For instance, if you see that the company is about to be liquidated and you don't want to be around for the mess, by all means polish your resume and start interviewing. Just don't assume that just because you saw something you have the whole picture. You could end up feeling stupid when the private email you saw turns out to be a deliberate test of your trustworthiness. It does happen.
Keep your mouth shut about the things you see. Look after your career and reputation. Be aware of politics, but abstain from participating wherever possible. After a few years when you have trust and credibility, you can consider climbing the ladder a bit and playing the game - you'll have capital to spend.
Re: (Score:3)
In IT we have access to everything and that means that our trust and integrity means everything. We will see things that are very personal, we will know things that are very sensitive, and people will trust us.
If they question our integrity, our trust worthiness, or even our respect for authority then we lose our value to the organization. Once they start to question that, then you won't be able to get it back.
But if you maintain high standards in IT and gain absolute trust from your coworkers and administr
Re: (Score:2)
> As an IT guy you need people to trust you, which means you need to be ethical.
You need to _appear_ to be ethical to gain trust of co-workers, and to improve your position. I'm afraid to say that this is orthogonal to doing a good job at IT. It's often much, much easier and safer to appear trustworthy by being clear, honest, and open. It reduces the complexities of maintaining various approaches to various people.
But don't mistake such approaches with technical competence or business success.
Re: (Score:3)
There's no "grey area" (Score:5, Insightful)
As an IT professional, you will have access to data that regular employees don't. You keep your mouth shut and you don't snoop. Period. You only look at as much as you have to diagnose and fix problems; the details are irrelevant.
It's called "being professional."
Think of it as the equivalent of lawyer-client or doctor-patient relationships.
Re: (Score:3)
There is only one advice here: Do not. Unless you are a police officer (or live in certain fascist states), you have no obligations to report suspected crimes. And if you make a point of not reading the data you have access to (and you decidedly have no obligation to read it), you cannot be tempted anyways. And then you can always say honestly that you were being professional and did not look if it hits the fan.
I'm really hoping you are smarter than that (Score:5, Insightful)
Never get involved with reading others' emails, documents, etc., that you are not required to be privy to.
Never ever let the temptation allow you to see others' performance reviews, salaries, politics. I've seen how it leads to telling someone else and then they become the go to person for information. And if the information is bad and they didn't share it, even though they had no idea, well, they didnt' say that there was a problem, the @$$#013! Hell, I've seen someone with access to the HR database pull up salaries of EVERYONE and share it out. "Oh, can you tell me how much Jason Mcboogerhead is making? What?!? I'm making $1k less?! WTF, time to march off to the manager!!!" [A manager who was stunned at the level of knowledge! AFAIK, no info was given out about how the salary info was found. I found out later when it was offered to me.]
Ignore any overheard conversations, it'll only be a couple of people talking, who knows the truth and what really is going on? You must throw out any info you "accidentally" pick up too. The obvious is the missing context of the info. As a manager, I've had other directors and managers openly talk about staffing, budget, bonuses, performance or lack thereof, in front of me. In all cases I threw away what I heard, after all, all I'm hearing is a snippet of a longer discussion. It's not my business to try to save John's job if he's pissed someone off, so I'm better off not worrying about it.
Sometimes I received a list of users to be locked out of their accounts. The only reasons to receive such a list is that they are being laid-off/let-go or in a heap of trouble. I never shared such a list with anyone. It was given to me, as a manager, in confidence. Keep that confidence. Even after the firing, I still didn't tell anyone, there's no point or net positive to be gained.
In another instance I was at a company that changed their HR such that you logged into a page, and it told you your salary, OT rates, etc. You could print your confirmation of employment for loans and such there too. But there was a bug. This bug allowed me to view everyone's salary, their bank account info and some other stuff in a nice neat chart. I immediately picked up the phone and called head office IT Security and talked them through the bug. They fixed it, phoned me back to test with me on the phone, thanked me and sent off a thank you cc'd to my manager, director, etc., praising my immediate response and "help" in fixing it.
What I didn't do was say, "Hey everybody, look at this!" and print it off, etc. Nor did I read further than a few lines and then remove it from my screen. To this day, I run into some of the higher-ups from then from time to time, they still remember me, who I was, only because of that email and that to them I was trustworthy.
It's not up to you to solve office politics, who said what to whom, or anything else. You are there to do IT. So do it and maintain your dignity and professionalism and just don't even think of looking.
You, and hopefully everyone else, will hopefully see that you are in a position of trust. You are trusted by many to keep secrets. If you can do that, it only helps your reputation. If someone can actually say you are trustworthy in your IT job then you've accomplished a lot and it only helps down the road when you want to switch jobs.
Vip
The mind is a dangerous thing (Score:2)
Just for fun, answer this question and quickly move on to reading the rest of my post. Explanation at the end.
"HOW MANY animals of EACH KIND did Moses take on the Ark?"
The mind is a dangerous thing when presented with incomplete information -- it just extrapolates it, sometimes even substituting the incomplete original version with the extrapolated raw version. You might *think* you saw something noteworthy, but it was only your mind showing you a rabbit on the moon.
This is one of the chief values of privac
Ignore it (Score:2)
If you were not officially told then ignore it.
Don't backstab anyone. Don't read anything without permission. Don't get involved in anyone's infighting. Do your best to help all your customers, even if they are trying to undermine you. Play politics only as much as you have to, people will try to play you. You have to be aware of it and respond tactfully.
Your duty to report serious criminality overrides these rules. Your duty to report gross immorality may override these rules, you have to decide that one b
Re: (Score:2)
Typically, there is no duty to to report serious crimes or any crimes at all, except for police officers. (They are not human beings in that regard, just functional elements. Their personal morality has been removed.) Some limitations apply, especially in states with fascistic tendencies. But there basically is no way to commit a serious crime via email or files, so in most cases you have zero obligations to report anything even if you know. Of course, it is better not to know ad the very act of snooping co
Ostriches sometimes, yes (Score:4, Insightful)
Other animals that IT personnel may impersonate include canaries and guinea pigs.
part of the job (Score:2)
First, I wouldn't say a "50ish" people company is "mid-sized" :) But that isn't really your question.
I can only speak for myself- I can and do see things that are confidential. It is pretty much impossible for me not to. I deal with it by focusing only on my work. Most of the time I don't even really "see" what it is I am looking at... intentionally glancing away or closing things that are not part of the scope of my assistance. Unfortunately that doesn't always work and am exposed to things that get "
Explains all the introverts.... (Score:2)
Well most of us are introverts, maybe thats why we end up with these roles. So yes.
Ignore it and move on (Score:2)
Don't read it even if you inadvertently see it. Don't repeat things you may have overheard or seen. Testicles, Spectacles, Wallet and Watch all apply.
a cautionary tale (Score:2)
There is a lot of good advice here, so let me add a cautionary tale. I used to work for a local government as their “computer guy”. I got a call from a user who was unable to watch some video he had on a thumb drive. As part of diagnosing the problem, I logged in to his computer using my own account, copied the contents of the thumb drive to the hard disk, and played it from there. It turned out that playing the video worked from the hard drive and the rear USB connector, but not from the fr
Some common sense (Score:2)
The problem with reading an e-mail that's incriminating is that it may be out of context. If you do not have the knowledge required to fully understand the implications of the data, then there really is nothing you can do.
For example, at one job I have access to medical files, but I am not the doctor treating the patient and I am not in a position to judge anything about a patient no matter what information I might see. A man could be prescribed Viagra because of a heart condition, or a woman the pill bec
The practical answer. (Score:2)
The real problem with knowing things you shouldn't comes from your (in)ability to act on them, and the risk of accidentally letting something slip at the worst possible time.
Consider the best possible case - You find out about a major organizational change, and have some ability to position yourself to exploit it. That happens once a decade
Re: (Score:2)
Option 1) The FDA approves it, you make a fortune, and the SEC immediately starts breathing down your neck.
It's ok, Martha, I still think they just like persecuting individuals instead of corporations. Plus I continue to use your decorating tips.
Professionalism. (Score:5, Interesting)
In my field, education, it's quite common for the IT guy to be the one with absolute access to more things than anyone else. Nobody else, not even the data-protection officer, or the people on the senior management team, or the people ultimately in charge of the school (the heads and governors) has as much access to information as the IT guy.
Senior-management team files, HR databases, etc. are part and parcel of the job. The web filter logs are generally very revealing and, hence, why I anonymise them by default (Usually squid logs - which only contain source IP addresses, which can only be correlated to a machine using the DHCP logs, which can only be correlated to a user using the Windows event logs on the AD servers - NOT something you can do accidentally, but also allows you to analyse, spot trends and find dodgy things without immediately revealing the source. When I come upon something that worries me, I go to my boss, ask permission to de-anonymise those records, provide them with my results. I've had to do it a couple of times and it turned out to be nothing, but I've also worked with colleagues who've spotted a paedophile on the staff that way and got them prosecuted).
Despite all that data access, tou don't look. It's that simple. If I'm asked to work on a confidential file or database, that's what you do. It's just data. What you see is just numbers and letters and then forgotten. You do not dig. Not only are there alerts and warnings for digging into certain things (and I don't want to KNOW what triggers those alerts or warnings necessarily, but I know that they are in place on the MIS databases, for example - I only trigger them when it's been part of my job to go into that part of the databases), but it's a matter of professionalism.
If I become "exposed" to salary details, or witness protection details (children in schools rarely have as simple a home life as they might at first appear to have), or that some child's father is a Colonel in the Army who's asked for his address details to be maintained private, or whatever... that's what you do. You're not there to suck up data, you just treat it like anything else and move on.
If I suspect illegal activity - there's a lot of activity you CANNOT ignore in a school - I'd go through the proper channels and report it however I'm supposed to. It came up as part of my job, it's not like I was snooping for it.
I *STILL*, fifteen years into my career, look away when I ask people to set their passwords. I don't WANT to know. I want the deniability if someone gets into their account to say "There is no way I could know their password, without triggering a reset of their account, which would lock them out and inform them immediately anyway". My boss keeps trying to tell me his password "to save time". I don't want it. With it, I could - in theory - change my own salary, or modify any amount of details. Chances are it would get picked up eventually but if you were clever enough, you could get away with an awful lot very quickly, or very discretely.
Hence, I don't WANT to know those things. I choose to forget them, unless there is a reason to immediately report them. I suggest you get into the habit of doing the same.
I've been in exactly your position. (Score:5, Interesting)
Long, long ago, early in my career, I spent about fifteen years in the non-profit sector.
You don't ignore office politics, but you don't take sides either unless there is a crisis brewing -- something illegal, highly unethical, or financially dangerous. When you work in IT, you're in a "support" position, rather than a "line" position. Your job is to support. So when there's a big pissing match between two line functions, your job is to support *both* sides.
Often this means documenting business processes that sort of evolved via the lava flow antipattern; 50ish is the size where things start to get out of hand, because it's the size where the amateurishly hacked-together processes that keep the organization running start to break down because everyone can't be aware of everything that's going on in detail, in real-time. Make it your business to understand what business systems (not necessarily computer systems) *accomplish*. That puts you in a position to offer a third way, the one that emerges as obvious to everyone once somebody has figured out what's actually going on.
It's supposedly hard to implement changes in non-profits because of the consensus-driven decision making processes, but I found that I could make that process work for me. Lack of understanding is a vacuum; presented with a clear picture people usually line up behind the obvious solution quickly. But you do have to do your homework. Never surprise anyone with anything in a meeting. Bring people up to speed with things you're going to say about their work *before* the meeting so they don't feel blind-sided.
In a crisis be prepared to do the right thing. If you're in a non-profit they're paying you below market rates, so you can do better elsewhere. There is no call for getting yourself sucked into something that offends your self-respect. I resigned one job because my superior (the COO) was doing things that were financially reckless and improper (spending without proper authorization). I informed the CEO in my exit interview. That was my solution to the problem of not getting drawn into a persistent pattern of dysfunction.
When you handle sensitive information, just ask yourself what is the professional thing to do? Be discreet. Resist the temptation to peek at data, and when you *do* accidentally learn something you're not supposed to know, disclose that to the responsible parties. Be trustworthy, and present a trustworthy face.
Finally, don't let them pay you far below the market rate for your services, and expect a really good benefits package, including 1.5x to 2x the vacation you'd get in a for-profit. Insist on the respect due a professional. Non-profits are full of young people who haven't learned that the IT guy isn't there to be kicked around when they're frustrated, and the fact that you're in a support position rather than a more glamorous line position doesn't make your work any less important.
NYJ! (Score:2)
As an IT worker, your job is to see that the company assets you are assigned are functional and delivering proper service to end users.
It is NOT your job to audit the company's books.
It is NOT your job to Big Brother company e-mail (unless it is).
It is NOT your job to run the company.
It is NOT your job to set business policy for the company.
This is what they have financial wonks, sales wonks and managerial types for.
You never know when something you see "accidentally" is:
A) Blown out of proportion
B) A test
Secretaries (Score:5, Insightful)
If a secretary with no professional qualifications can take minutes in a senior management meeting and maintain confidentiality about what was said there's no reason you, as a theoretically highly-educated IT worker, can't do the same about the content of emails you happen to read in the course of doing your job.
I worked helpdesk for a large employer (Score:4, Insightful)
I started out all full of piss and vinegar and eventually learned to relax.
You will only make enemies if you play politics. Only play in politics that involve you directly. Let everything else go. It's not your job to know it though you have the ability to. You won't be faulted for not disclosing something that your privileges allowed you to know, but declined to know.
Be everyone's friend. I made friends and gained people's trust by being fair. They told me even more. I could go around uninstalling their games and stuff... But I didn't because it's just piss them off. So I just told them I saw the game and if something starts behaving weirdly, I'm going to blame the game first, and that they should uninstall it before I came back. That seemed to be enough to cover my ass in the event someone else found it and reported it to the head of IT. It kept me from making enemies. Exercising restraint is the key to success. If no one likes you, they won't put in the good word.
happier the less you know (Score:2)
Listen but don't speak or read. (Score:2)
I was the IT manager of a hospital. The HIPAA rules apply. You can't repeat what you hear and you can't read what you weren't supposed to see. Seriously, learn to not even focus your eyes on private information. However, there is nothing wrong with using what you hear to help you make decisions about what you should do, such as leaving a business that is in financial trouble or setting aside some server space for that expansion someone is planning but didn't think to consult with IT about.
Unless it is blatantly illegal... (Score:2)
Re: (Score:2)
Even if it is criminal (or rather looks criminal), look the other way. You are not a cop. Except for rare exceptions in some fascistoid states, you are not required to report crimes. If you think you need to report something, consult a lawyer first. Really, do it, and not the company lawyer. Pay for one yourself.
do your job, shut the fuck up (Score:2)
Like a priest at confession (Score:2)
Anything you learn during the course of your duties should never be discussed. What you learn around the coffee machine should be not talked about either lest people jump to the wrong conclusion.
Ignore everything except child pornography... (Score:2)
You can pretty much ignore everything around you that doesn't violate company policies. Except child pornography. I did a PC refresh project at a local hospital when my coworker came across child pornography on a workstation. He reported it to our supervisor. Together they reported it security. They each had separate meetings with the security chief and the hospital attorney.
The worker -- a high-level administrator -- freaked out when he didn't get a new computer and his old computer sat on his desk without
You ignore the shit. (Score:2)
I remember the first time an employer realized that I had access to everything . She froze for a few seconds while she processed the idea, shrugged, and went on with her request.
You're going to learn things you don't want to know and see things people don't expect you to see. My least favorite experience was someone who had an email stuck in their outbox. "Subject Re: Re: Re: Re: Re: My widdle wuvvy bear From: Not His Wife" And thank you so much, preview line, for confirming the content. So, with a s
Here's 18 years ... (Score:3)
We have the same job and I've been at it 18 years.
The first thing to bring up to management is a Technology Administration Policy.
In there provide the expectations of the Firm, and include any prohibitions regarding use of social media, games, personal email accounts, and other productivity-related issues.
State that all of the Firm's technology, and the products of that technology (documents, spreadsheets, emails, etc.) are owned by the Firm and WILL be inspected as management directs.
In the Policy inform all employees that they are to report violations, or suspected violations of the Technology Administration Policy to you.
There are other issues you can cover in there like password rules, prohibitions for using business email for personal use. Get management to work with you so everybody's on board.
Here's some other stuff:
Don't snoop. Ever. Tell management point blank that you are not snooping, and will not snoop unless management tells you to. When they tell you to take a look-see, especially if they are concerned about abuse of one person, snoop and report on several others. This covers you and management later, if questioned.
For some systems like financials, payroll, time card, etc. tell management you don't want entry passwords. You'll work with the individuals responsible for those systems and have those operators log in for you and THEN do your work.
If something odd happens in there, you want to be the first eliminated.
I see stuff I shouldn't a lot. If it's a violation on the part of a co-worker, I work it out with them. You want to have a good working relationship with all of your people. If they fight you, remind them that they are actually fighting the Firm. If things get nasty, take them to management.
When I see stuff I'm not supposed to on management computers, I just keep my mouth shut. NEVER gossip about that stuff. It WILL get back to the wrong people.
Your job and mine are atypical in that everyone is our boss. Make recommendations via email so you have a trail and let management do informed risk assessment. Remember that you are on the wrong side of the ledger. You are a cost center. Most times when you meet with management, it will be about spending money. That means everyone in the Firm will have to swim a little harder.
Make life easier for yourself by adopting the right attitude BEFORE you make contact with a coworker: They are absolutely right, and you agree with them. You are on their side, always. It's not you vs them. It's you and them vs the problem.
Last tip: You're gonna get yelled at. People have apologized to me afterwards. I tell them it's OK. I understand. I'm the guy to yell at because I'm the only one who will fix it, " ... and thanks for the apology. It means a lot to me that you want to clear things up."
If you and I are professional, we will get past each incident without anyone getting pissed.
Good luck.
Re: (Score:3)
I agree - unless something floats up that is outright criminal to the extent of prison time just leave it alone.
If you find something that's severely incriminating, look for a new job.
Being a sysadmin means that you have extreme rights and abilities to do stuff, but you shall also have the ability to keep your mouth shut. It's better to keep a distance than to end up on the wrong side in a conflict or legal proceeding.
Re: (Score:2, Funny)
this is a good guideline, but it's worth keeping an eye open for someone weak, yet brash enough to engage in criminal conspiracy. it's rare and i wouldn't plan on it, but it's an excellent opportunity to make a sideline income and develop a skillset suitable for a lucrative management position. i won't go into detail on the tactics, but they're pretty obvious. keep in mind, you want hush money and an intimidating rep; you don't actually want a confrontation. start with a moderate offer, on the lines of mayb
Re: (Score:2)
Re: (Score:2, Insightful)
Snowden found a different job more important than the one he was doing. It was also his duty to report illegal activity. I think he did a great job.
Re: (Score:2)
Snowden found a different job more important than the one he was doing. It was also his duty to report illegal activity. I think he did a great job.
Sure, but in the private sector, you don't have the luxury of exiling yourself to another country for the rest of your life and being seen as a hero.
Re: (Score:2)
Fix that before it happens. Tell everyone to never use a work email for personal mail. Tell them to get a free webmail account for personal stuff instead.
Re: (Score:2)
I completely disagree. It is in fact your job to assist in this if you are IT. You are in a trusted position and if you gain access to something due to that trust, it is a duty to keep that trust (unless it reveals something so unconscionable that you have to remove yourself from that
Re: (Score:2)
If you help people, facilitate, make their work lives easier, you won't be the scum of the office.
Re:yes, ignore office politics (Score:5, Interesting)
Ideally, but office politics is complicated. Sometimes making one person's life easier makes another's harder - teach the micromanager that he has the ability to add items to his underlings' outlook calanders, and said underlings are going to be annoyed. Sometimes people actually like their lives to be harder, for not-apparent reasons.
For example, having worked at a school in IT support, part of my job was to maintain the various measures used to keep the students away from games in lessons. Due to some sadistic tendencies, I have become quite skilled at this. New games sites appeared all the time, and were quickly blocked - often while a student was trying to use them. We watched their screens.
Until some of the teachers started acting very annoyed, and complaining about us interfering in lessons. Why would they do this? We were trying to make their lives easier, keeping the students from entertaining distractions so they would focus on their work. We were enforcing the usage policy, everything by the book. What we hadn't realised is that many of the teachers were well aware of the gaming going on in lessons, and turning a blind eye to the class clown. Games keep the disruptive student busy, and if he weren't playing the latest flappy bird clone he would just be jumping around the room, distracting his friends or demanding most of the teacher's attention. So when we stepped in to 'help' the teachers, we actually got in the way of a little trick of theirs by turning the silent non-working student into a class-ruining joker that kept everyone else from working too. All they needed was an excuse to stop us, and it wasn't hard to find one - they just argued to the boss's boss that we were performing 'classroom management,' a function that the union said must be the exclusive domain of teachers.
The way the workplace actually functioned differed from the way it actually functioned. By not noticing the unwritten procedure in use, we disrupted it and caused friction with another department.
We still block the games, of course. Teachers should learn to manage their students, not just give them an electronic pacifier. We're just a bit more subtle about it.
Re: (Score:2)
Re: (Score:2)
I managed to mess up in editing to the extent of making a statement that cannot be logically true. Hmm.
Re: (Score:2)
Most answers to these questions are concentrating on the snooping. System admins should not snoop, unless specifically told to do so by someone in authority.
But few are talking about office politics. Do not stick your head in the sand! Listening to the grapevine is not snooping. Learn what's going on the same way everyone else can, by keeping up with how the company's presentation did at the trade show and that sort of thing, not by abusing system administrator privileges to read private email and the
Re: (Score:2)
You misspelled "inseminating".
Re: (Score:2)
Re: (Score:2)
Sure, good luck with that one.
After all, you're talking about playing with the big boys here. They got where they are because they're good at it, not because they lucked into some useful information.
Make just the slightest mistake when you make your moves and you'll be obliterated. And lets face it: if you're in IT it's probably not because you have great people skills, political acumen, charisma or connections.
Re: (Score:2)
Re: (Score:2)