A story of warning for what NOT to do in case you’re involved about community safety:
Our firm has a brand new machine coverage for non-work issued computer systems and we now have to make use of proprietary software program to get behind the corporate firewall. However as I found final week, not solely are the set up paperwork behind the firewall, the set up file for the software program to get behind the firewall can be behind the firewall.
After I posted about it in final week’s open thread right here, I had spent half a day attempting to get IT to know why this can be a downside. I failed to elucidate it and wound up utilizing a a lot older, insecure model of the software program I discovered buried in my downloads folder so I may get behind the firewall. Then I emailed a duplicate of the brand new directions and new set up file to my group to their private emails as a result of everybody’s work electronic mail is behind the firewall. Then phrase received round and I had different group leads and different departments begging me for a duplicate.
So quick ahead to this week: There are actually umpteen unsecured copies of this proprietary firewall software program floating round and IT was livid. They traced the supply again to me, assumed there was some type of breach, and remotely wiped my pc (which the software program permits them to do). Thankfully*, I lately received a second pc for work so all I needed to do was copy over my backed up recordsdata.
I used to be pulled right into a Zoom assembly with a livid head of IT, my boss, my grandboss, and my great-grandboss. The pinnacle of IT began to tear into me for being “so silly” for “falling for an apparent rip-off” which…has nothing to do with something? and that due to me, protected firm IP is now “on the market the place our rivals may get it and value us cash.” My grandboss stopped him and advised him to STFU and let me clarify what occurred.
So I did. And I forwarded each electronic mail, each assist desk ticket, each telephone transcript the place I attempted to get them to make the directions and set up file out there outdoors the firewall so we may, , do our jobs. I included (with permission) copies of emails from my group, different leads, and different departments asking for assist. I additionally despatched a duplicate of a colleague’s beautiful spreadsheet estimating the quantity in wages that the corporate wasted whereas workers couldn’t get work executed due to lack of entry.
They didn’t even end all of the emails, as soon as they received an eyeful of the greenback quantity on that spreadsheet, great-grandboss stated “I believe we’re executed right here,” stated I wasn’t in bother and referred to as the top of IT into a non-public assembly.
You’d assume the good transfer could be to maneuver the set up recordsdata to the one worker system we don’t have behind a firewall so we will get entry. However they’re nonetheless behind the firewall. Somebody created a dropbox for the set up recordsdata and we’ve quietly directed new hires in direction of it. One of many new hires is on my group and used to do community safety. He’s completely appalled at how badly this has been dealt with.
* I’ve actual points with an employer refusing to challenge work-critical units to remote-only workers after which insist the workers grant them the power to have their private units remotely wiped at any second.