ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Question for System Admin/ support desk staff



  Cupra
How do you/ your company deal with privacy of personal files on the network?

We had a problem this week with somebody who has saved a load of p**n photos on their personal network share. One of our Sys admins ran a report to identify duplicate files and this user popped up as he had duplicated 2GB of grotty snaps.

It went to HR who have dealt with it. Legally, we are allowed access to all files, but apparently the management don't like the concept and are going to make an issue out of it.

Are you allowed a free reign on all files?
Do you use auditing to see who has accessed what?
Do you have any other processes in place if you have to access personal folders?

From an IT perspective, it is important that we keep the free access, but I was curious if this was the norm or whether we are behind the times.

Thanks!
 
  Fiesta ST
I look after a lot of customer networks and have access to every file on every network. Admin rules all in my book ;).

Auditing wise I tend just just monitor who deletes what - depending on the customer.

As for reporting what you find then that's a different matter. Everything is just files and folders to me.
 

Cookie

ClioSport Club Member
Data on company servers = company data

Admins have access to all files. Users here are allowed a free reign (ish) on what they can do with regards to personal files etc, they just need to make sure they're not in a synced location on a company server that'd get backed up.

People have been sacked here for dirty pics and videos, but never for say iTunes or personal pictures. Violation of the IT policy here is gross misconduct IIRC
 
  182 T
As above. IT System admins shouldn't have free access to HR data such as peoples personnel files. Other than that consider anything you do at work to be not private. It's not your network and in theory you shouldn't be doing anything private on it. It should be audited access and there should be an AUP that the user accepts before logging in to be used in a "You agreed to the T&C, I can see what you're doing".

Exceptions are things like government, military, R&D and Banks where sometimes data needs to be segregated but this isn't personal things it's data you may not want a random techy to be able to sift through at will.

It's all about audit and access control these days!. If you don't want someone to see it, do it at home. (and lets be honest even then someone somewhere will probably see it)
 

Donny_Dog

ClioSport Club Member
  Jim's rejects
Files? Then sys admins have to have access - who can unravel permissions issues in the end?!

In terms of personal storage at work - WTF. You deserve to lose your job especially for p**n on work servers JESUS F.C.

I dont think its about being behind the times - things like this should be goverened by policy. Your security/audit is performed and acted upon on the back of it.

Information governance ftw.
 
  Cupra
Cheers all. Good news so far then as it seems to confirm that it is standard practice for most companies. I imagine it'll be an interesting discussion with management next week.

It's not been a problem for the past 10 years, so I really don't understand why they don't like it now.

The guy is clearly retarded. For the sake of a £5 8GB USB drive, we'd have been none the wiser.
 

ChrisR

ClioSport Club Member
As said by many yes the admins do require access to things, however I'd argue that access to certain resources shouldn't just be accessed willy nilly by them, for instance HR, health or financial records.

There should be controls in place such as audited access to privileged accounts when privileged access is required to certain things.

I used to work a guys who used to jump into the HR database when someone new started to check out what salary they were being paid (one guy was always hostile to me purely because we got paid the same and he thought I shouldn't). Same chap also went for our manager's job when he was leaving and thought it'd be good to regularly log into the people who were interviewing email to see what questions would be asked and what they were talking about.

When he didn't get the job (for various reasons, not because of this though) he then used to read the newly hired bosses email as he didn't like him, a very bitter man he was.

But this is all a step further than just file access, whack auditing on so it at least shows who accessed the file etc.

If people have something they don't want you to access and have reason for it then they should encrypt if it's that important, but there is the human element of trust at play here, the solution isn't just technical.

As said your governance, policies etc need to be there.
 
  DCi
our HR/finance systems are operated by our parent company in their shared services data centre so we don't have any access to it what so ever (which i like because i dont have to support it :D)


we have to get a signature to get into someones home drive we don't have persmissions to any of them normally.


I don't think we audit any access but saying that we've just had the 2nd instance of email reading at another site - we usually have 2 people per site in IT but our most recent site has 3. Allegedly they have more technology to support up there to justify it.
If you looked at their helpdesk stats they always have a lot more on than where I work, we kinda wondered why. Then we found out the manager there was a bit anal with the helpdesk and literally wouldn't move if your query wasn't on the helpdesk (logging jobs for 'change backup tapes' etc) we kind of just thought well that's what it's there for... Until we then found out he gave himself access to his 2 staff's emails so when people emailed 'hey can you fix ____' he would reply for them saying 'no log it on the helpdesk' haha.

So he got sacked because we dont think those were the only emails he was reading. Then one of his staff went for his job but didn't get it and apparently got a bit bitter about it. Now he is on gardening leave (and has been for a few months) again something to do with reading emails he shouldnt have been so I think if the bosses aren't auditing already they will be soon.
 

Don

  182 & LY Clio 220 ed
Do you have an AUP (acceptable use policy) in place at work? (to allow access for the user to files, emails or internet).

Surely, if this person has used 'your' systems for 'non-work related stuff' which is essentially pornographic in its content...then they are out. It would be like accessing p**n or downloading films, etc on a work computer. We (ICT) have full access to everything in terms of homes or shared drives so that we can investigate/resolve issues...

When someone starts, they sign this AUP to reflect their usage of the computer...such as 60 mins Internet usage each day (essentially their dinner hour). Should they veer from that, then they can be pulled in their Manager's office and dealt with appropriately. Obviously, if they were using Internet for work related stuff...then nothing could be said.

In the case the OP is talking about. Instant suspension, normally leading up to discipline/dismissal depending on severity. Just be thankful it was 'adult' content and not something more sinister!!!
 
  Cupra
We do have labour conditions which clearly state that all systems can be monitored. It is just very rare that we actively do anything with it outside of Internet use.

Our management are just getting themselves worked up because they are suddenly being made aware that everything that they put on the network could be read by us. Nobody in the team is nosey enough to go through other peoples files, and we have a perfect track record as a department for the past 10 years so hopefully it's just a storm in a tea cup. When the director starts raising problems, you have to do something to keep him happy though...
 

Don

  182 & LY Clio 220 ed
We do have labour conditions which clearly state that all systems can be monitored. It is just very rare that we actively do anything with it outside of Internet use.

Our management are just getting themselves worked up because they are suddenly being made aware that everything that they put on the network could be read by us. Nobody in the team is nosey enough to go through other peoples files, and we have a perfect track record as a department for the past 10 years so hopefully it's just a storm in a tea cup. When the director starts raising problems, you have to do something to keep him happy though...

I would just create the smt/directors their own share/folder and remove all but explicit permissions...so that only THEY have access to it. Then show them...it might be that they are looking to sell out or something, so they dont want people aware of it until they have to....
 


Top