Manager accessing computer

runawaybishop

Deleted User wrote: »

By the sounds of it, it's a small company, 2/3 people, so no hr dept or anything like that.

As for the kiddie porn - that's simple enough for authorities to trace back to a time/date if images are being looked at online.....easy enough to prove that the op wasn't in work at that time if it came to it.

As for the security issue - you're right, it's appalling, but as it's a standalone computer, even setting a password on a user account locally is next to useless if somebody really wants to access the information on the disk.....google it, you can crack/reset that within a few minutes extremely easily (I have a cd here that will do it in 30 seconds!). If the computer was stolen etc....it's so so easy to take any information off it....even if you're unable to crack the password....you can put the hard drive into another computer as a 2nd drive, or into an external case and access it via usb.

Bitlocker will not allow that to be an issue. Negligence to security is a big problem in small businesses. They don't think its important until the poop hits the fan.

runawaybishop

runawaybishop wrote: »

Bitlocker will not allow that to be an issue. Negligence to security is a big problem in small businesses. They don't think its important until the poop hits the fan.

Absolutely....and encryption really is the only way to guarantee files can't be accessed, and even that is not 100% safe...there's always brute force attacks etc, but they'd be 99.99999% ok

But the vast majority of small businesses wouldn't even consider it I'd imagine.....like you say, until the poop hits the fan, and it's harsh lesson then for them.

runawaybishop

Deleted User wrote: »

Absolutely....and encryption really is the only way to guarantee files can't be accessed, and even that is not 100% safe...there's always brute force attacks etc, but they'd be 99.99999% ok

But the vast majority of small businesses wouldn't even consider it I'd imagine.....like you say, until the poop hits the fan, and it's harsh lesson then for them.

TBH i would also be concerned about the open account policy - i think someone here already mentioned concerns about accessing illegal material. Its not hard to envisage someone being let go for accessing stuff they shouldn't, only to have an unfair dismissal case thrown back at them as the company policy meant anyone could have accessed the material from that employees pc. My understanding is that this is the reason my company have a policy of having manager+hr present when accessing an employees PC/desk and insisting that employees do not give out passwords to anyone for any reason.

runawaybishop

runawaybishop wrote: »

TBH i would also be concerned about the open account policy - i think someone here already mentioned concerns about accessing illegal material. Its not hard to envisage someone being let go for accessing stuff they shouldn't, only to have an unfair dismissal case thrown back at them as the company policy meant anyone could have accessed the material from that employees pc. My understanding is that this is the reason my company have a policy of having manager+hr present when accessing an employees PC/desk and insisting that employees do not give out passwords to anyone for any reason.

You're right....in bigger infrastructures there's really no need for password to be shared,......you can assign somebody access to your email inbox and IT dept can set permissions for them to send mail on your behalf through the server etc.

It's always going to be an issue with smaller businesses though, especially in the current climate - can you see a small office with 2/3 people investing a couple of thousand in a server etc to allow them to set the relevant permissions and policies in place.

runawaybishop

Deleted User wrote: »

You're right....in bigger infrastructures there's really no need for password to be shared,......you can assign somebody access to your email inbox and IT dept can set permissions for them to send mail on your behalf through the server etc.

It's always going to be an issue with smaller businesses though, especially in the current climate - can you see a small office with 2/3 people investing a couple of thousand in a server etc to allow them to set the relevant permissions and policies in place.

Does it really require that much investment to use a mail account and set local account passwords? One coudl argue (and i am ) that a small business cannot afford the hassle that ensues from lax security.

runawaybishop

runawaybishop wrote: »

Does it really require that much investment to use a mail account and set local account passwords? One coudl argue (and i am ) that a small business cannot afford the hassle that ensues from lax security.

I agree 100%, but try telling the person in charge of a small business' money that though, you'd be surprised how much they scrimp to save a few quid. Most are quite happy to let staff work on 5-10 year old pcs that crawl all day long, oblivious to how many man-hours they're losing out on due to pcs crashing/needing to be rebooted over low memory, ****ty cpus, etc etc. when a new pc could be bought for a few hundred (I had that argument so so so many times with people)

Local account passwords are just that....local to that pc....cracked in seconds so virtually useless - as for files stored locally....if that pc crashes, then there's no guarantee the files can be recovered.

Old saying applies (kind of)....pay peanuts & you get monkeys.

RainyDay

jd83 wrote: »

Sharing passwords and allowing others access your profile on a work computer is a big no no for me. Its a security issue and also removes accountability for the users actions as they can just turn around a say someone else is responsible for their actions on a work computer as there's a culture of letting anyone log on to your laptop ( including managers ) in the company. Its just bad form and no excuse for it even if its a small company.

In my job there's a policy if they want to access something on my profile they would have to have a good reason for it and I and a hr person would have to be present. If i was going on holidays and I wrote my password on a piece of paper for someone to access my computer while I was gone, I would be lucky to have a job when I come back.

Fully agree.

Maybe the OP should just talk to her manager and ask him what's going on?

tony81

Mrs OBumble wrote: »

Especially since you're managing a generic email, I'd almost say that your manager has a responsbility to audit your work occasionally and make sure that you are handling it all correctly.

I think he's going about it wrong - assuming it's a networked environment.

There is nothing to stop the manager from adding the generic account to his own outlook. All files you work on should be stored on the network too.

I'd agree with the odd audit to ensure you don't save stuff to the local drive.

Personally, when I use a work p.c i'm an open book. I give my manager full access to my calendar, every file I use is on the network and as far as possible in a shared folder, no need to clear browser history as I try not to use the internet for personal reasons..

No need to worry about invasion of privacy when you only use your computer for work purposes.