Tattling on Employees? 2

[JillofAllTrades]

Long-time lurker, first time poster.

I am a one-person IT department for a small company. One of my jobs is to keep an eye on the web logs to make sure no one is browsing any bad sites. We do have an official written policy on what types of sites are not allowed. Another part of my job is mail scanning. Throughout the course of the day, personal mail will get quarantined for whatever reason and I have to manually release it.

My question is, if I see that someone is frequenting monster.com, or getting apparently solicited emails from headhunters, or even discussing new job prospects in email, do I go to my boss?

I love my job and feel a great responsibility to the company's well-being. I am not here to win a popularity contest. However, I am already viewed by many as the "cop" because I have to do these types of tasks.

Any thoughts?

 

[sha76]

Does your written policy prohibit the use of job sites? If so, then yes, you should take action (although personally I'd tend towards having a quite word with the individual involved before, if necessary, approaching their manager). If it doesn't then I don't see that you have grounds to do anything, would you tell your boss if one lunchtime you saw an employee buy a job paper or walk into an agency?
Also, do consider that their manager may already know & be fine with it, all my previous managers have been fully aware of my job-hunting.

 

[carrr]

Unfortunately, when you're the go-to person for tasks such as monitoring, you're going to be pinned with the "cop" label by some. In a lot of ways, it's up to you to what extent that label is applied.
Just like a street cop, you've got the power of discretion in your hands. Is looking for a job an offense worth citing the offender over? Are they periodically looking, or spending half their shift surfing? Is their other work getting done or laying neglected?
There are going to be situations where it behooves you to pass it up the chain, but you should weigh each situation before making that determination.



"'Tis an ill wind that blows no minds." - Malaclypse the Younger

 

[JillofAllTrades]

Thanks for the fast replies!

sha76 - Our written policy specifically prohibits using company resources to job hunt.

carrr - Agreed about different levels. I mean, it is always good to keep your career options open. On the other end of the spectrum, we recently had a newly-hired guy who seemed to spend all day surfing monster and sending his resume, and discussing job prospects with his friends. I did approach him by simply sending him an email reminding him that web traffic was logged and reviewed and that email is scanned. He did not respond. I did not go to my boss. About 1 week later, he called in sick for two days and then just never came back. He was a developer and his code was not recoverable when he left.

I don't regret not going to my boss, but I do wonder if we could've saved ourselves some time and money if this guy was so unhappy working with us.

 

[carrr]

TKSAdmin,

but I do wonder if we could've saved ourselves some time and money if this guy was so unhappy working with us.

A good question to which you'll likely never know the answer.
Look at it this way. Your losses were minimal if this turkey flaked out in the first few weeks of employment. It would appear possible that your monitoring and subtle contact with him took care of a problem that COULD have cost your company more in the long run had you not applied the "nudge" that you did. If he did leave of his own volition, it was simply inevitable. The guy was clearly using your company as a rest stop and you didn't need him anyway.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger

 

[sha76]

If it's against the written policy then I'd say you definitely have to do something. Ethical issues aside, if you ignore this then you could be risking your own job. Maybe you could start by sending a mail to all staff, reminding them of the internet policy and how it is monitored and discuss with management how they would like you to breaches of this policy. It'd probably make your life a lot easier if there's a clear protocol established before you point the finger at particular individuals.

 

[JillofAllTrades]

What about software piracy? I run a tight ship and will not install or allow software to be installed without valid licenses. My boss backs me up on this, although he was the biggest offender when I started working there.

There is one employee who routinely takes software home to install. I can't block his access to the media, as he is a developer and has a legitimate need to be reinstalling this stuff on a regular basis. He also has access to our msdn downloads because of this. However, I know he is providing software to his friends and family. He had the nerve to tell me he was going to borrow the CD for an expensive graphics application to install it. When I told him "No way", he said he was going to do it anyway, ha ha. Joking...not joking?? Everyone knows my stance on this issue. I have since hidden that CD since he has no reason the have access to it. I later found out that he borrowed the "Extras" CD that came with it from the graphic artist, thinking that the install was on there. I advised the graphic artist to please not give out the CD's or we could lose our right to use this software.

Ugh!

 

[JillofAllTrades]

sha76 - you're right. We need a protocol! That is what is missing!

 

[DrJavaJoe]

You need to keep all of the CD's and when he needs them you should be the one that installs the software. No way should you give these guys the CD's and let them take them home. As far as web monitoring you should take a look at Websense,

http://www.websense.com/.

"Two strings walk into a bar. The first string says to the bartender: 'Bartender, I'll have a beer. u.5n$x5t?*&4ru!2[sACC~ErJ'. The second string says: 'Pardon my friend, he isn't NULL terminated'."

 

[JillofAllTrades]

Hey Doc - I use ISA Server and it works well enough. But thanks for the suggestion!

Please explain your signature joke - I am not a programmer, but I am dying to understand it!

 

[DrJavaJoe]

You use a null character to terminate a string in C it basically says here's the end of the string. If you don't then when reading the string it will continue reading until it finds a null picking up whatever happens to be in that memory at the time.

"Two strings walk into a bar. The first string says to the bartender: 'Bartender, I'll have a beer. u.5n$x5t?*&4ru!2[sACC~ErJ'. The second string says: 'Pardon my friend, he isn't NULL terminated'."

 

[bluedragon2]

Policy and protocol are two very important things to have in place if a company wants to enforce any security/limitations. Without a policy, you have no law. Without protocol, you have no judges.

If it were my department and there was a protocol in place and the infraction was light (ie nothing illegal), I would mention to the employee that this was found and is against policy and if it continues, protocol will have to be followed.

Handleing problems like that should be cleared with your boss first though. (cover your own behind too).



[Blue]Blue[/Blue] [Dragon]

If I wasn't Blue, I would just be a Dragon...

 

[mrdenny]

With reguard to the software piracy, I'd take his access to the media away. Lock the CD's in a cabinet. That's what we've done. It keeps everyone honest. If he needs the software installed on his workstation, then he can have the cd for an hour or so to get it installed, but that cd better be back under lock and key before he goes home.

Developers don't like having access to software taken away, but if anyone should understand licensing, developers should be the ones that do. If he complains, ask him if he would like it if someone took software that he wrote and was supose to be paid for and installed in on a bunch of machines for lots of people to use without paying him for it.

Our developers complained when we locked up the CD's, but they stopped complaining when we explained to them the liability that they were opening the company up to.

Denny

--Anything is possible. All it takes is a little research. (Me)

 

[AnanthaP]

TksAdmin, what you need is a comprehensive security policy.

Particularly in the case of the developers, the limits should be defined and barred. Also, other developers (the developer's friends) may have already made CD copies and be yet putting your company at risk.

Also, going by your post, ("...one-person IT department for a small company...), are these developers contractors? If so, you got real serious problems.

So how to handle it (ie. the cop's stance).

I would suggest that you consult with your boss, (the erstwhile offender ie. reformed convict in cop parlance) and let him get missionary about secuirty, breaches etc.

End

 

[JillofAllTrades]

You would think the Developers would understand about software licensing! I don't think that my boss (the reformed pirateer) will go for me locking the CD's up. One big hinderance to that is my wonderful schedule - 7:30-11:30am working in the office and 12:30-4:30pm working from home every day.

One thing that has helped is Microsoft's Software Activation. I have the volume license media hidden away, but the copies that you have to activate are available. Having to call and get the software activated has curbed things a bit. OK, I might have fibbed about what and how they track this. LOL!

As far as my comment about being a one-person IT department - my company calls me "IT" and the 3 developers and 2 electrical engineers "Development". Probably different from most places.

I did talk to my boss today and he did ask me to notify him however I felt comfortable. He said he was also okay with me going directly to the offenders and that he would back me up.

 

[chiph]

You need to look at the license for the MSDN CDs. At our company, it's a named-user license, so there's no problem with the developers installing it on a home PC.

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first