In summary, we have a mess.
Top management not get involved unless there is a crisis of some kind, so
consequently we do not have a security policy, just some rules passed down
from current and former managers.
The guy who fixes stuff outside the 400 ... he would be happy if no one
ever changed any passwords.
Me, I think passwords should be changed
(a) in association with turn-over of key employees
(b) more often, because sometimes before key people are known to be
leaving, they could be plotting
and I believe there should be systems in place where people passwords
stored in such a way that in an emergency authorize company personnel can
get into co-worker stuff ... I am now moving towards the notion that this
should be managed by HR, because historically, that dept personnel has been
the most serious about managing confidential data.
A recent mess:
A key employee SUDDENLY left due to medical emergency.
One day at work, next day in hospital.
She handled all contact with customers & vendors in association with
accounting for cash payments, checks, invoices, etc. and she did our payroll.
No one wants to bother her with work questions, just send her get well
cards & like that.
She now recovering, very slowly, on medical leave, return unknown.
In the early days:
We can't get into her voice mail from customers vendors government, God
knows all
We can't get into her e-mail.
We can't get into bank lock box.
There was also a problem with payroll, but HR lady had alternate way in to
resolve that.
From one perspective, I am happy her security is better than I thought it was.
The fact that there was all this stuff we could not get into said that some
outsider probably also could not get in.
We have long lost admin documentation associated with company phone system.
Ok, we contact the bank & get the password changed to what another employee
will use.
The company network guy does something with her e-mail backup
After a month, I am given access to her e-mail, to resolve certain types of
e-mail traffic.
God, for every good e-mail, she gets 10 spam.
I try to have a conversation with the e-mail manager about spam viruses and
the spyware risk to key employees doing things like bank lockbox, but he
will only say
"Al, everyone gets spam, get over it."
Well at home, thanks to KNUJON, I have eliminated 99% of my spam ... I now
get maybe 1 spam for every 100 good e-mails. No one believes me at the
office about this. They have all given up on fighting spam, except me. It
is like before Y2K, sometimes I have to keep my mouth shut to avoid
undermining my credibility, when everyone has a different belief system
than me.
After 2 months, someone gets access to her phone mail.
Hi Al,
>snip>
When someone's PC goes bananas, someone has to do tech support on it.
Or someone off sick & we need into their stuff.
That IT repair person has a master directory of the passwords used by all
co-
workers to get onto company network, 400, e-mail, pin # for phone
messages,
the whole 9 yards, to facilitate that tech support.
I have seen that master list laying around in plain sight on IT co-worker
desks.
<snip>
How do you get their passwords for their email, and network. Are they
required to send you a message whenever they change their password, and if
so, how do you enforce this?
Thanx,
Nick
Nick Radich
Sr. Programmer/Analyst
EPC Molding, Inc.
Direct (320) 679-6683
Toll free (800) 388-2155 ext. 6683
Fax (320) 679-4516
nick_radich@xxxxxxxxxxxxxx
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
midrange.com
