Advice needed on how to deal with a pr0n problem

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Thanks for the help guys. I appreciate it. In light of the current virus problem hitting the net at the moment, the solution I've decided on is to do a company presentation about security.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

should drive the point home pretty nicely, if you can make sure all the suspects are in attendance... then look for the increasing numbers of guilty blushing faces as you get further through your list of causes

as i've had said to me enough times... a lot of the job isn't fixing the computers, it's fixing the users..

 

Ahem this presentation would have taken place 11 months ago

 

I'm with ya, bro. My biggest problem is one of tact, and learning to pick and choose my battles. I always opt for truthfulness, but then again problems aren't always black and white. The most alarming thing here is the lack of discipline.

Now, before anybody jumps at the anti-pr0n stance, the context of this concerns the very subject that you have stated -- the security of the laptop, both online and offline. The very fact that he's in a position of authority doesn't relieve him of being steadfast; in fact, the contrary should be the norm: he should be accutely aware of the responsibility of his position, and the information entrusted to him. This definitely includes the sensitive information on his laptop, and that transcends into securing it properly.

Poor surfing habits, loading unnecessary software, and other misuses (clearly outlined in the company use policy -- if you don't have one, which would be a surprise, get one created) are not just something to be ignored. This is equally important in physical security as well -- not leaving it flipped up, or in a car overnight (or even stopping into a 7-11). Users are the soft white underbelly of security administration.

I couldn't agree on this more -- this guy represents the future and livelihood of the company. Problem is, this type of behavior is being accepted. Someone's always got an excuse, and accountability is almost *never* first out of the gate. If his data is compromised, who do you think will get the blame? Yup, scarey situation, particularly because his bosses (if any) are probably techno-challenged as well. The good ole boy network has foiled many an honest worker, that's for sure.

I'd follow the advice of others here, too. Definitely document this kind of stuff. The policy is there for a reason, so adhere to it (hopefully it exists). Like Trip, I'd take it to HR discretely, maybe even broach the subject without any names, to find out the proper course of action. Is this in a domain infrastructure? Maybe some GP tinkering or IEAK creativeness to curtail these breaches of policy -- without a direct confrontation.

This is a bad position to be in, and I empathize. Most people look at this and say "No big deal -- you're making a mountain out of a molehill." Yeah, right, that's what they said about Enron. Lack of accountability invites many things, most of which pertains to excluding oneself from any rule deemed unnecessary. My motto? Better safe than sorry.

EDIT: Great idea on the Security Presentation -- knock all the birds out with *one* stone!

 

So how are things now Nugg?

 

I'm up for the presentation. A very deep and consist one. Show them what hacker do and how they do it, then show them what it cost a company when hackers do find there way in. Also let it be know that why they do have IT people in place to protect and keep their network running smooth. The security part can not be guaranteed with out the employees coperation. Everyone has to particapate when it comes to security. Make sure they do understand that there is more to security then you pushing a button and barrier is formed around the network.

What? You get in shiny little car turn the key and go? No you put gas in it, when it needs new tires you change them, when you go so many miles you change the oil. When a bell starts dingging you have someone look at. You think because you hear antivirus and firewall, no one can get in? If goverments around the world can be hacked you don't think corporation cans? What the hells the matter with you man? Do you not watch tv at all??????

wheew I feel better now...