issue with new employers on day 2

[perhaps]

And I am not even working today.  I got a few texts and a phone call from a co-worker this morning asking for my passwords to our computer system so an employee from another office that was filling in can be logged on as me.   I had a personal mtg but chose to ignore them.  No way am I giving someone I don't know access to my stuff.  Besides the fact that it is against company policy.  Well I tried logging on when I got home and my password was logged onto another system.  So the new owners must have called technology and had them break into my system.  This can legally  be done if you suspect an employee of wrongdoing.

I texted a different co-worker and got confirmation that someone was on as me.  So now what?  I am so pissed, nice way to start a relationship.  Do I say something tomorrow?  Do I wait and see if they bring it up?    Uuuggghh

[perhaps]

Sorry meant to post in off topic.  Mods feel free to move thread if necessary.

[chiver78]

what the...?   I'd be really pissed.

what industry are you in? I'm in pharma, that is a big glaring no-no in my world.

[Wisconsin Beth]

It's a glaring big no no in the IT industry too. 

[chiver78]

that's my area of the pharma world - I'm responsible for things like audit trails and system security. this thread's opening post made me twitch for so many reasons.

[Wisconsin Beth]

Yep.  I'd be changing all passwords and raising hell about security.  New employee should have had accounts and passwords set up the first day (or before).  "Your lack of planning is not an emergency on my part."

[movingforward]

Oh, I must work in a strange office because we all have the same password.  Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed.  This is one reason why I don't have any personal docs or personal emails on my work computer. 

[dannylion]

If the IT department had the time to break into your accounts, why didn't they just set up an account for the employee who needed one?  Sounds like management has no concept of appropriate security measures and no common sense.

[Deleted]

How big of a company?

[chiver78]

Sept 4, 2013 15:00:00 GMT -5 dannylion said:

If the IT department had the time to break into your accounts, why didn't they just set up an account for the employee who needed one?  Sounds like management has no concept of appropriate security measures and no common sense.

and when you say "break into my system" do you mean Windows? or some other application?

definitely not cool.

[Wisconsin Beth]

Sept 4, 2013 14:58:17 GMT -5 movingforward said:

Oh, I must work in a strange office because we all have the same password.  Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed.  This is one reason why I don't have any personal docs or personal emails on my work computer. 

Two words - Shared documents.  There are settings on the server side that will let you work with the rest of the team on the same document and still maintain passwords, etc. 

[NomoreDramaQ1015]

I would causually mention to the owners/your boss that you wanted to do some work at home and you noticed someone had already logged onto your account.  You're concerned somebody hacked into your account and wanted to let them know just in case.

Then wait to see what their answer is.  If they authorized it not much you can do unless there is some way to go up the chain and you're willing to do so.  If the employee did it then they'll handle it once made aware (hopefully).

[frankq]

How much stuff could you have put in their computers in one day? Did they tell you to stay home after one day? If so, that's definitely a red flag and I'd be looking for a new gig.  I hope it wasn't your decision... I can't imagine why anyone would have to use someone else's password unless they thought you were misusing their computer and want to see what you've been doing. If this is standard procedure for all new hires, I'm thinking you might not be working for the best company in the world....

[mmhmm]

I'd be angry, too.  If the employee filling in makes a glaring error, that employee is logged in as you.  The implications of that would not make me a happy panda.

[shanendoah]

So maybe I'm a pot stirrer, but I would call IT "in a panic"

"I think my work account has been hacked! I'm not in the office today, but I got an urgent voicemail so decided to log in from home and the system told me I was already logged in on another station. I thought it might be a glitch, so I called a coworker to check and he says the system shows me as logged in. I have access to some confidential information, so I'm very afraid the company might be at risk. Is there anyway you can shut my account down until I can come in tomorrow and run an audit to see what files have been accessed since I left yesterday?"

I would also send my boss and the new owners an email with a message along those same lines...

"I just want to give you a heads up about a situation that may put the company at legal risk. It appears my work account has been hacked. As you know, I have access to X files, which have Y type of data that could be sold to identity thieves/our competitors/exposed in some way to cause harm to the organization... I am on the phone with IT now, trying to get the access shut down and to see if they can trace it. With any luck, they'll be able to run an audit so we can know what files were actually accessed."

[haapai]

If shore was anywhere close, I would jump ship.

I'm not sure why you think the owners instructed IT to break into your account instead of creating a new one, but you cannot trust these owners. 

Grab something floaty and pinch your nose as you go over the side. 

[Deleted]

Sept 4, 2013 15:06:45 GMT -5 shanendoah said:

So maybe I'm a pot stirrer, but I would call IT "in a panic"

"I think my work account has been hacked! I'm not in the office today, but I got an urgent voicemail so decided to log in from home and the system told me I was already logged in on another station. I thought it might be a glitch, so I called a coworker to check and he says the system shows me as logged in. I have access to some confidential information, so I'm very afraid the company might be at risk. Is there anyway you can shut my account down until I can come in tomorrow and run an audit to see what files have been accessed since I left yesterday?"

I would also send my boss and the new owners an email with a message along those same lines...

"I just want to give you a heads up about a situation that may put the company at legal risk. It appears my work account has been hacked. As you know, I have access to X files, which have Y type of data that could be sold to identity thieves/our competitors/exposed in some way to cause harm to the organization... I am on the phone with IT now, trying to get the access shut down and to see if they can trace it. With any luck, they'll be able to run an audit so we can know what files were actually accessed."

WOW!    That is serious.   

maybe it is just a little company that doesn't have a great IT set up and does things without the best procedures.

[Wisconsin Beth]

Sept 4, 2013 15:05:54 GMT -5 mmhmm said:

I'd be angry, too.  If the employee filling in makes a glaring error, that employee is logged in as you.  The implications of that would not make me a happy panda.

I'm thinking of the Hipaa violations thread.  Anyone else? 

[mmhmm]

Sept 4, 2013 15:10:05 GMT -5 Wisconsin Beth said:

Sept 4, 2013 15:05:54 GMT -5 mmhmm said:

I'd be angry, too.  If the employee filling in makes a glaring error, that employee is logged in as you.  The implications of that would not make me a happy panda.

I'm thinking of the Hipaa violations thread.  Anyone else? 

Yep!  First thing that came to mind!

[movingforward]

Sept 4, 2013 15:01:45 GMT -5 Wisconsin Beth said:

Sept 4, 2013 14:58:17 GMT -5 movingforward said:

Oh, I must work in a strange office because we all have the same password.  Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed.  This is one reason why I don't have any personal docs or personal emails on my work computer. 

Two words - Shared documents.  There are settings on the server side that will let you work with the rest of the team on the same document and still maintain passwords, etc. 

I guess I don't really see it as a big deal in my office.  There are only 10 of us and since there is nothing personal on my computer I am okay with it.  Typically I only save completed documents in the shared file.  Everything else is on my desktop or in my personal drive.  I work on a laptop and it goes home with me a lot. 

ETA: Also, technically the company owns my work computer so if they want everyone to have the same password then that is their right. 

[Wisconsin Beth]

I guess too, we spend a LOT of time pounding into the field's head to "NO using of someone else's password anywhere for anything" because of documentation and potential legal issues.  Our records are subject to Open Records Law and sometimes the author of the report get subpenaed.  When the wrong person shows up, the case can be dismissed.  And we submit to the Feds and they get fussy when they find out this is happening.     <br>

[movingforward]

Sept 4, 2013 15:15:02 GMT -5 Wisconsin Beth said:

I guess too, we spend a LOT of time pounding into the field's head to "NO using of someone else's password anywhere for anything" because of documentation and potential legal issues.  Our records are subject to Open Records Law and sometimes the author of the report get subpenaed.  When the wrong person shows up, the case can be dismissed.  And we submit to the Feds and they get fussy when they find out this is happening.    

Our stuff is not all that big of a deal.  The only thing that really needs security is accounting stuff and they have a different system. 

[muttleynfelix]

Sept 4, 2013 14:58:17 GMT -5 movingforward said:

Oh, I must work in a strange office because we all have the same password.  Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed.  This is one reason why I don't have any personal docs or personal emails on my work computer. 

I'm with you. We routinely log onto everyone else's computer.  I am instructed to check my boss's email several times a day while he is on vacation. 

[Tiny]

Sept 4, 2013 15:00:00 GMT -5 dannylion said:

If the IT department had the time to break into your accounts, why didn't they just set up an account for the employee who needed one?  Sounds like management has no concept of appropriate security measures and no common sense.

They didn't 'break in' they just reset the password and had the 'new' person set up the new password.

FWIW:  I nearly passed out when I read the Opening post....  we're constantly reminded about password security and our passwords change every 3 months and have to be all complicated and you can't reuse a password for a year...

I'd probably have a chat with management - cause what the OP considers appropriate 'security' (not giving co-workers a password) doesn't seem to co-incide with the employer's values regarding security (ie it seems they don't care). 

Hey, on the plus side you can probably ask for someone's password from HR or Payroll or Benefits and get it without question!! and give yourself a nice big raise!!   too cool! 

[Wisconsin Beth]

And we can set up Outlook to allow someone else access to your email.  It's not real hard. 

[shanendoah]

Sept 4, 2013 15:09:36 GMT -5 ArchietheDragon said:

Sept 4, 2013 15:06:45 GMT -5 shanendoah said:

So maybe I'm a pot stirrer, but I would call IT "in a panic"

"I think my work account has been hacked! I'm not in the office today, but I got an urgent voicemail so decided to log in from home and the system told me I was already logged in on another station. I thought it might be a glitch, so I called a coworker to check and he says the system shows me as logged in. I have access to some confidential information, so I'm very afraid the company might be at risk. Is there anyway you can shut my account down until I can come in tomorrow and run an audit to see what files have been accessed since I left yesterday?"

I would also send my boss and the new owners an email with a message along those same lines...

"I just want to give you a heads up about a situation that may put the company at legal risk. It appears my work account has been hacked. As you know, I have access to X files, which have Y type of data that could be sold to identity thieves/our competitors/exposed in some way to cause harm to the organization... I am on the phone with IT now, trying to get the access shut down and to see if they can trace it. With any luck, they'll be able to run an audit so we can know what files were actually accessed."

WOW!    That is serious.   

maybe it is just a little company that doesn't have a great IT set up and does things without the best procedures.

It is possible, but it was mentioned in the OP that it is against company policy to give out your password. It also has an IT setup that does not allow you to be logged on from multiple stations at once. That means that the company has a policy against someone using someone else's account and security concerns about people being able to access the system through another person's account. As an employee, I would never assume that my coworkers or IT have violated company policy, which means I have to assume that this a hack/attack of some kind. 

If the boss/owners ordered IT to release the account login information, then they will have to own up to that fact.

[haapai]

Sept 4, 2013 15:10:05 GMT -5 Wisconsin Beth said:

Sept 4, 2013 15:05:54 GMT -5 mmhmm said:

I'd be angry, too.  If the employee filling in makes a glaring error, that employee is logged in as you.  The implications of that would not make me a happy panda.

I'm thinking of the Hipaa violations thread.  Anyone else? 

Not me.  To me this sounds like it's about money, bookkeeping, or sensitive client financial info. 

I'd recommend covering your ass and going over the side.  When a coworker asks you to break rules on day 2 and ownership agrees, you have nothing to gain by staying. 

[Rocky Mtn Saver]

The whole reason for issuing each person a personal password is to identify the person and to protect what is on the computer/site from intrusion.  If the company issued me a password, that password indicates that I'm doing whatever is going on there.  To have them give it to someone else without my permission would make me very upset.  I would be seriously wondering what else they're doing behind my back and what other bad procedures they have in place... 

FWIW, I've never had an employer use my password in any way, shape, or form.  IT has always had administrative access if they need to do things on my computer, etc.  And I think that any IT person worth their salt would not be giving out passwords between employees.  No IT guys I've worked with do that. 

[Deleted]

I just went back and reread some of Perhaps old posts.  She is the one where the owner sold the franchise, so she is essentially working for the same company with a new owner.  

I could see why she would be worried about this.

[muttleynfelix]

Sept 4, 2013 15:20:57 GMT -5 Wisconsin Beth said:

And we can set up Outlook to allow someone else access to your email.  It's not real hard. 

Part of it is that we have some different programs on each computer and sometimes we have to access those programs. Sometimes my AutoCAD acts up and I need to use someone else's.  For LEED projects, I have to use a 32 bit computer and mine is 64 (and my other computer when I reinstalled internet explorer and I can't get LEED access).