Network Administrator Ethics 4

[wmichael]

Folks;

I have not yet searched through the threads here to see about any related topics, but wanted to see if anyone has any thoughts on the following situation;

I had a network administrator who was technically competent, yet seemed to think he had free reign of the network, and had the right to access any files regardless of who owned them. A specific example is that he wanted to use a marketing image and, instead of asking the marketing guru, went ahead and rifled through their home directory on the network to retrieve it. This was done without any prior communication to myself or the person whose files he went through.

My take was that this, among other actions, had nothing to do with his job. I hired him to ensure the performance, security and growth of our Windows environment. While he certainly has access to all files on the server, the authority to enter a users home directory for any reason other than network-related tasks was not given to this individual.

The odd thing is that for all the training classes one can take, it is very difficult to find an ethics course. You can learn how to administer a network, but there is still that line that can be easily crossed by someone who is confused about what some may consider common sense ethics. There are quite a few gray areas.

Any thoughts on the specifics, or on the broader issue of such ethics?

Thanks in advance.

~wmichael

"small change can often be found under seat cushions

 

[Walter349]

I have just bumped into this discussion. I believe the cause of this, is more fundamental, than a need for a specific IT ethics course.

Rather that the problem lies with the need for Morals and ethics to be introduced in both the Home life and the school curriculam. I think that if ethics are not introduced at that stage, then any courses provided in later days, will largely fail to achieve the stated aim.

It is very difficult to eradicate attitudes and values that are inculcated in the developing years.

I have worked in both US DOD & UK MOD areas, Hospitals and most recently a large international bank. In all instances I have had unrestricted access to data. But Professionalism and ethics dictate that I do not root around, unless it it is to a specific point.

 

[OhioBill]

In the company where I work two items are made clear to all employees. One, don't send anything in Email that you would not shout in a crowded room. Email isn't mail and it isn't private. Two, hardware that belongs to the company includes the content of the HD, cookies and all. No personal files of any kind should be on the drive in the first place, but if they are do not expect privacy. The files belong to the company. Welcome to life in the glass tank.

 

[Onyxpurr]

In these situations, I always think about what if I was employing someone in my house. I certainly would set down the rules of, "don't look in closed spaces even if their unlocked and always ask my permission." If a friend comes over to my house to use my computer, by all rights I should be able to check what they put on it. Likewise at work.

If you have personal information, buy your own computer and use it at home.

 

[GlenJohnson]

All users should be asked to sign a document that they understand there are no private files on their computers and that everything they have on their computer or network drives is subject to review by management or IT people at the request of management.

This is true, but it has to be decided on a company basis. I worked for a company where all who recieved an account hadd to sign a form stating that they have read the rules and agree to them. However, that being said, if I came across something that may not have been the smartest thing, but not harmful, I would just talk to the person on the side and tell them that they could get in trouble. Most of the time, they just didn't know, and would take care of it. There were times when I was forced to take issue, such as when the head of a department found sexual e-mails in the deleted folder of a users e-mail. Seems a couple in the company were dating, and were sending explicit e-mails to each other. They were deleting them, but did not realize the letters stayed in the deleted items. In this case, it was someone else who made the decision to terminate the couple, and I personally never had agreed with that. The way I look at it, the network of a small manufacturing company isn't going to have nearly as much confidential info as say a hospitals network.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin/Central Florida feel free to join the Tek-Tips in Chicago, Illinois Forum.
TTinChicago
Johnson Computers

 

[Dimandja]

Discretion is the key word. You cannot reasonably expect restricting people 8 hours a day to your company communication system only, and not have them produce now and then something "personal" on it.

If it is not harmful to the company (lost time, excessive comsumption of resources, etc), a quiet reminder of their commitment to the company usually suffices.