A story of warning for what NOT to do in case you’re involved about community safety:
Our firm has a brand new gadget coverage for non-work issued computer systems and we now have to make use of proprietary software program to get behind the corporate firewall. However as I found final week, not solely are the set up paperwork behind the firewall, the set up file for the software program to get behind the firewall can also be behind the firewall.
After I posted about it in final week’s open thread right here, I had spent half a day making an attempt to get IT to know why it is a downside. I failed to clarify it and wound up utilizing a a lot older, insecure model of the software program I discovered buried in my downloads folder so I might get behind the firewall. Then I emailed a duplicate of the brand new directions and new set up file to my staff to their private emails as a result of everybody’s work e mail is behind the firewall. Then phrase received round and I had different staff leads and different departments begging me for a duplicate.
So quick ahead to this week: There at the moment are umpteen unsecured copies of this proprietary firewall software program floating round and IT was livid. They traced the supply again to me, assumed there was some sort of breach, and remotely wiped my laptop (which the software program permits them to do). Fortuitously*, I not too long ago received a second laptop for work so all I needed to do was copy over my backed up recordsdata.
I used to be pulled right into a Zoom assembly with a livid head of IT, my boss, my grandboss, and my great-grandboss. The top of IT began to tear into me for being “so silly” for “falling for an apparent rip-off” which…has nothing to do with something? and that due to me, protected firm IP is now “on the market the place our rivals might get it and value us cash.” My grandboss stopped him and informed him to STFU and let me clarify what occurred.
So I did. And I forwarded each e mail, each assist desk ticket, each cellphone transcript the place I attempted to get them to make the directions and set up file obtainable exterior the firewall so we might, you already know, do our jobs. I included (with permission) copies of emails from my staff, different leads, and different departments asking for assist. I additionally despatched a duplicate of a colleague’s beautiful spreadsheet estimating the quantity in wages that the corporate wasted whereas workers couldn’t get work finished due to lack of entry.
They didn’t even end all of the emails, as soon as they received an eyeful of the greenback quantity on that spreadsheet, great-grandboss mentioned “I believe we’re finished right here,” mentioned I wasn’t in bother and referred to as the pinnacle of IT into a personal assembly.
You’d assume the good transfer can be to maneuver the set up recordsdata to the one worker system we don’t have behind a firewall so we will get entry. However they’re nonetheless behind the firewall. Somebody created a dropbox for the set up recordsdata and we’ve quietly directed new hires in the direction of it. One of many new hires is on my staff and used to do community safety. He’s completely appalled at how badly this has been dealt with.
* I’ve actual points with an employer refusing to situation work-critical gadgets to remote-only workers after which insist the workers grant them the power to have their private gadgets remotely wiped at any second.