brothers work issue

mrpants

Hi there, I'm hoping someone can help with a problem. My brother has been subject to an investigation in work. He has been accused of something that lost the company money (actually a very small amount, less than €300). Now, the company have brought a disiplinary proceedure against him which means he is demoted from management to staff and his pay reduced. The only thing is that the company can't prove it was him. Everyone knows everyone else's log on for the stock computer. It was his log on that did this stock thing but they can't prove what time it happened. He can't even prove that he wasn't in the store or was out on the floor at the time it happened by checking the cctv camera. They told him that their system doesn't do that. Are the company right in what they did or are they completely in the wrong if it can't be proven. He's very quiet so he hasn't really fought it because he's living in fear of losing his job. He has a wife and a young son and a house and they told him that was the only reason he's holding onto a job with them at all. If someone with any knowledge can advise him if he needs to talk to a solicitor about this. I feel really sorry for him because its like the fight has gone out of him with this. Thanks in advance for any help.

wmpdd3

Is he in a union?

If so get them to go through the investigation and resolution with a fine tooth comb.

He has a week to appeal any decision.

If he is not in a union, for his own piece of mind he could go the citizen advice breau or legal advice.

If this whole thing happened over a week ago it may be a bit more difficult as he has accepted the findings.

dade

did he officially accept the findings of the investigation?

if the company could not prove or disprove conclusively that it was him then IMO they should not be taking action. at the end of the day if he is responsible for "theft" why demote him, it's a serious enough offence to warrant dismissal in most cases.

if it's done on computer there's a log someplace that can prove what time and most probably what terminal was used to carry out the transaction, the company could be just looking for a scapegoat and pinning it on him. If i was him I'd be looking for a lawyer. coz in the long run it could bite him in the ass be it at interview stage for other organisations.

"oh why were you demoted from management?" "well see there was this issue with stock going missing and ...." "Ok we'll get back to you, NEXT"

or even promotion within his own organisation, the management may now view him as untrustworthy, or even use it as an excuse to sack him if they need to rationalise and reduce costs.

as for everyone knowing everyone else's login, that's the company's fault. they have no clear security policy in place and your brother shouldn't be held liable for senior management's lack of control of heir IT infrastructure no matter how big or small that infrastructure is. individual user accounts are there for this exact reason, so you can prove who was on line and who wasn't. if all user IDs are unique and the password known to that user then it goes a long way to proving that was the individual who did it. the fact that they can't even do that weakens their case IMO.

mickoneill30

dade wrote: »

as for everyone knowing everyone else's login, that's the company's fault. they have no clear security policy in place

How do you know that? What if they do and it's just ignored?

dade

mickoneill30 wrote: »

How do you know that? What if they do and it's just ignored?

if the company have a security policy in relation to the IT infrastructure they should ensure that it is not ignored (through proper security awareness training for all employees, acceptable usage polices and so on at induction) and if it is ignored they should be aware of it through log monitoring. it's pretty easy to verify if it's ignored. the same user logged in 24/7 even though that person works specific hours, a users account active while they are on vacation, accounts used in department or on terminals it shouldn't be.
they should enforce their security policy, there's no point in having one if it is not enforced.

the situation the OP's brother is in is a perfect example of why it needs enforcing. if the company had enforced it correctly then they would be able to verify that it was that person that was logged in because no one should be able to access the users account. couple that information with any possible CCTV footage if applicable and time card/scheduling systems etc it is easier to pin down who was responsible.

one other issue is that by allowing the sharing of IDS it allows users to gain access to systems they should not have, for example the OPs brother is a manager so in theory should have higher privileges that a standard user, at least in some respects anyway. now if Joe Bloggs logs in under a managers account the could gain access to personnel files, performance reviews, salary reviews for other staff etc. obviously this only applies if the manager has access to this data too, but in general it's safe to assume a manager would have access to at least performance review and KPI data.

I'm not saying the company are fully responsible for the loss of the money/stock. I'm saying their complacency lead to a situation where they could not clearly identify the culprit and may have accused someone in the wrong of something that could ruin that persons future career prospects.

godtabh

There is a difference in the level of prove required between say a criminal trial and something like this.

In a criminal trial its proof beyond reasonable doubt.

In HR its different as far as I know

mickoneill30

dade wrote: »

if the company have a security policy in relation to the IT infrastructure they should ensure that it is not ignored (through proper security awareness training for all employees, acceptable usage polices and so on at induction)

Pretty much every company I've worked in has had those. You still get users sharing passwords. If a company has those security policies and does the training in induction I don't know how far the defence of "I gave my password to X" will go. A very simple question of "It's written in Policy X and you got trained in it in induction so why did you do it and the disciplinary procedure is outlined in Y" will sort that out.

Being logged on 24X7 means nothing unless there's a policy of forcing users to log off or reboot when they go home.

Accounts being active during holidays is possible to log but most companies are not looking for that activity unless they're doing something secure. It could be used as a defence for the OPs brother IF the company logs that information and if they store the logs far enough back to see a pattern.

dade

mickoneill30 wrote: »

Pretty much every company I've worked in has had those. You still get users sharing passwords. If a company has those security policies and does the training in induction I don't know how far the defence of "I gave my password to X" will go. A very simple question of "It's written in Policy X and you got trained in it in induction so why did you do it and the disciplinary procedure is outlined in Y" will sort that out..

yeah but the OPs company seems to have a half arsed policy in place in that they have some policy but it's not enforced in any way, and that's partly why they can't conclusively prove who did what IMO

mickoneill30 wrote: »

Being logged on 24X7 means nothing unless there's a policy of forcing users to log off or reboot when they go home. .

ok you got me on that one but you understand where I'm coming from with my reasoning. in my experience most users at least log out,

mickoneill30 wrote: »

Accounts being active during holidays is possible to log but most companies are not looking for that activity unless they're doing something secure. It could be used as a defence for the OPs brother IF the company logs that information and if they store the logs far enough back to see a pattern.

such activity could be used to so that log in activity could be wrong, in that if it indicates logins while the user is on vacation then it's clearly wrong and there would be a need to look further at why.

but in this spicific case the company are partly to blame for the problem by not enforcing a security policy. they have some form of policy in place because as the OP said everyone knows everyone Else's password. so the organisation is to blame for it not being able to clearly identify who did what. so IMO they should not go demoting someone on the strength of "your account was used" because in this case this evidence is as weak as a buggies fart

mrpants

just like to say thank you to all you guys for all the info, you will be happy to know, the my bro was going to take legal action but it seems that the demotion and pay cut is paying off, the new hours are great and with the pay cut he has come off the high tax and is working out about the same and after a year the issue will be taken off his record.

wmpdd3

He must have been working in retail then if the conditions for staff are much better than mgt!!

But glad to hear he is happy, that's the important thing.

dade

glad to hear it worked out for him, though he may have to edit his DC in the future to hide the demotion