perhaps
Junior Member
Joined: Sept 8, 2011 14:47:21 GMT -5
Posts: 139
|
Post by perhaps on Sept 4, 2013 14:40:26 GMT -5
And I am not even working today. I got a few texts and a phone call from a co-worker this morning asking for my passwords to our computer system so an employee from another office that was filling in can be logged on as me. I had a personal mtg but chose to ignore them. No way am I giving someone I don't know access to my stuff. Besides the fact that it is against company policy. Well I tried logging on when I got home and my password was logged onto another system. So the new owners must have called technology and had them break into my system. This can legally be done if you suspect an employee of wrongdoing.
I texted a different co-worker and got confirmation that someone was on as me. So now what? I am so pissed, nice way to start a relationship. Do I say something tomorrow? Do I wait and see if they bring it up? Uuuggghh
|
|
perhaps
Junior Member
Joined: Sept 8, 2011 14:47:21 GMT -5
Posts: 139
|
Post by perhaps on Sept 4, 2013 14:42:14 GMT -5
Sorry meant to post in off topic. Mods feel free to move thread if necessary.
|
|
chiver78
Administrator
Current Events Admin
Joined: Dec 20, 2010 13:04:45 GMT -5
Posts: 39,479
|
Post by chiver78 on Sept 4, 2013 14:43:10 GMT -5
what the...? I'd be really pissed.
what industry are you in? I'm in pharma, that is a big glaring no-no in my world.
|
|
Wisconsin Beth
Distinguished Associate
No, we don't walk away. But when we're holding on to something precious, we run.
Joined: Dec 20, 2010 11:59:36 GMT -5
Posts: 30,626
|
Post by Wisconsin Beth on Sept 4, 2013 14:45:21 GMT -5
It's a glaring big no no in the IT industry too.
|
|
chiver78
Administrator
Current Events Admin
Joined: Dec 20, 2010 13:04:45 GMT -5
Posts: 39,479
|
Post by chiver78 on Sept 4, 2013 14:46:56 GMT -5
that's my area of the pharma world - I'm responsible for things like audit trails and system security. this thread's opening post made me twitch for so many reasons.
|
|
Wisconsin Beth
Distinguished Associate
No, we don't walk away. But when we're holding on to something precious, we run.
Joined: Dec 20, 2010 11:59:36 GMT -5
Posts: 30,626
|
Post by Wisconsin Beth on Sept 4, 2013 14:54:08 GMT -5
Yep. I'd be changing all passwords and raising hell about security. New employee should have had accounts and passwords set up the first day (or before). "Your lack of planning is not an emergency on my part."
|
|
movingforward
Junior Associate
Joined: Sept 15, 2011 12:48:31 GMT -5
Posts: 8,385
|
Post by movingforward on Sept 4, 2013 14:58:17 GMT -5
Oh, I must work in a strange office because we all have the same password. Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed. This is one reason why I don't have any personal docs or personal emails on my work computer.
|
|
dannylion
Junior Associate
Gravity is a harsh mistress
Joined: Dec 18, 2010 12:17:52 GMT -5
Posts: 5,212
Location: Miles over the madness horizon and accelerating
|
Post by dannylion on Sept 4, 2013 15:00:00 GMT -5
If the IT department had the time to break into your accounts, why didn't they just set up an account for the employee who needed one? Sounds like management has no concept of appropriate security measures and no common sense.
|
|
Deleted
Joined: Oct 7, 2024 4:34:48 GMT -5
Posts: 0
|
Post by Deleted on Sept 4, 2013 15:00:09 GMT -5
How big of a company?
|
|
chiver78
Administrator
Current Events Admin
Joined: Dec 20, 2010 13:04:45 GMT -5
Posts: 39,479
|
Post by chiver78 on Sept 4, 2013 15:01:43 GMT -5
If the IT department had the time to break into your accounts, why didn't they just set up an account for the employee who needed one? Sounds like management has no concept of appropriate security measures and no common sense. and when you say "break into my system" do you mean Windows? or some other application? definitely not cool.
|
|
Wisconsin Beth
Distinguished Associate
No, we don't walk away. But when we're holding on to something precious, we run.
Joined: Dec 20, 2010 11:59:36 GMT -5
Posts: 30,626
|
Post by Wisconsin Beth on Sept 4, 2013 15:01:45 GMT -5
Oh, I must work in a strange office because we all have the same password. Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed. This is one reason why I don't have any personal docs or personal emails on my work computer. Two words - Shared documents. There are settings on the server side that will let you work with the rest of the team on the same document and still maintain passwords, etc.
|
|
NomoreDramaQ1015
Community Leader
Joined: Dec 20, 2010 14:26:32 GMT -5
Posts: 48,070
|
Post by NomoreDramaQ1015 on Sept 4, 2013 15:03:10 GMT -5
I would causually mention to the owners/your boss that you wanted to do some work at home and you noticed someone had already logged onto your account. You're concerned somebody hacked into your account and wanted to let them know just in case.
Then wait to see what their answer is. If they authorized it not much you can do unless there is some way to go up the chain and you're willing to do so. If the employee did it then they'll handle it once made aware (hopefully).
|
|
frankq
Well-Known Member
Joined: Jan 28, 2013 18:48:45 GMT -5
Posts: 1,577
|
Post by frankq on Sept 4, 2013 15:05:28 GMT -5
How much stuff could you have put in their computers in one day? Did they tell you to stay home after one day? If so, that's definitely a red flag and I'd be looking for a new gig. I hope it wasn't your decision... I can't imagine why anyone would have to use someone else's password unless they thought you were misusing their computer and want to see what you've been doing. If this is standard procedure for all new hires, I'm thinking you might not be working for the best company in the world....
|
|
mmhmm
Administrator
It's a great pity the right of free speech isn't based on the obligation to say something sensible.
Joined: Dec 25, 2010 18:13:34 GMT -5
Posts: 31,770
Today's Mood: Saddened by Events
Location: Memory Lane
Favorite Drink: Water
|
Post by mmhmm on Sept 4, 2013 15:05:54 GMT -5
I'd be angry, too. If the employee filling in makes a glaring error, that employee is logged in as you. The implications of that would not make me a happy panda.
|
|
shanendoah
Senior Associate
Joined: Dec 18, 2010 19:44:48 GMT -5
Posts: 10,096
Mini-Profile Name Color: 0c3563
|
Post by shanendoah on Sept 4, 2013 15:06:45 GMT -5
So maybe I'm a pot stirrer, but I would call IT "in a panic"
"I think my work account has been hacked! I'm not in the office today, but I got an urgent voicemail so decided to log in from home and the system told me I was already logged in on another station. I thought it might be a glitch, so I called a coworker to check and he says the system shows me as logged in. I have access to some confidential information, so I'm very afraid the company might be at risk. Is there anyway you can shut my account down until I can come in tomorrow and run an audit to see what files have been accessed since I left yesterday?"
I would also send my boss and the new owners an email with a message along those same lines...
"I just want to give you a heads up about a situation that may put the company at legal risk. It appears my work account has been hacked. As you know, I have access to X files, which have Y type of data that could be sold to identity thieves/our competitors/exposed in some way to cause harm to the organization... I am on the phone with IT now, trying to get the access shut down and to see if they can trace it. With any luck, they'll be able to run an audit so we can know what files were actually accessed."
|
|
haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Sept 4, 2013 15:08:23 GMT -5
If shore was anywhere close, I would jump ship.
I'm not sure why you think the owners instructed IT to break into your account instead of creating a new one, but you cannot trust these owners.
Grab something floaty and pinch your nose as you go over the side.
|
|
Deleted
Joined: Oct 7, 2024 4:34:48 GMT -5
Posts: 0
|
Post by Deleted on Sept 4, 2013 15:09:36 GMT -5
So maybe I'm a pot stirrer, but I would call IT "in a panic"
"I think my work account has been hacked! I'm not in the office today, but I got an urgent voicemail so decided to log in from home and the system told me I was already logged in on another station. I thought it might be a glitch, so I called a coworker to check and he says the system shows me as logged in. I have access to some confidential information, so I'm very afraid the company might be at risk. Is there anyway you can shut my account down until I can come in tomorrow and run an audit to see what files have been accessed since I left yesterday?"
I would also send my boss and the new owners an email with a message along those same lines...
"I just want to give you a heads up about a situation that may put the company at legal risk. It appears my work account has been hacked. As you know, I have access to X files, which have Y type of data that could be sold to identity thieves/our competitors/exposed in some way to cause harm to the organization... I am on the phone with IT now, trying to get the access shut down and to see if they can trace it. With any luck, they'll be able to run an audit so we can know what files were actually accessed." WOW! That is serious. maybe it is just a little company that doesn't have a great IT set up and does things without the best procedures.
|
|
Wisconsin Beth
Distinguished Associate
No, we don't walk away. But when we're holding on to something precious, we run.
Joined: Dec 20, 2010 11:59:36 GMT -5
Posts: 30,626
|
Post by Wisconsin Beth on Sept 4, 2013 15:10:05 GMT -5
I'd be angry, too. If the employee filling in makes a glaring error, that employee is logged in as you. The implications of that would not make me a happy panda. I'm thinking of the Hipaa violations thread. Anyone else?
|
|
mmhmm
Administrator
It's a great pity the right of free speech isn't based on the obligation to say something sensible.
Joined: Dec 25, 2010 18:13:34 GMT -5
Posts: 31,770
Today's Mood: Saddened by Events
Location: Memory Lane
Favorite Drink: Water
|
Post by mmhmm on Sept 4, 2013 15:10:41 GMT -5
I'd be angry, too. If the employee filling in makes a glaring error, that employee is logged in as you. The implications of that would not make me a happy panda. I'm thinking of the Hipaa violations thread. Anyone else? Yep! First thing that came to mind!
|
|
movingforward
Junior Associate
Joined: Sept 15, 2011 12:48:31 GMT -5
Posts: 8,385
|
Post by movingforward on Sept 4, 2013 15:11:40 GMT -5
Oh, I must work in a strange office because we all have the same password. Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed. This is one reason why I don't have any personal docs or personal emails on my work computer. Two words - Shared documents. There are settings on the server side that will let you work with the rest of the team on the same document and still maintain passwords, etc. I guess I don't really see it as a big deal in my office. There are only 10 of us and since there is nothing personal on my computer I am okay with it. Typically I only save completed documents in the shared file. Everything else is on my desktop or in my personal drive. I work on a laptop and it goes home with me a lot. ETA: Also, technically the company owns my work computer so if they want everyone to have the same password then that is their right.
|
|
Wisconsin Beth
Distinguished Associate
No, we don't walk away. But when we're holding on to something precious, we run.
Joined: Dec 20, 2010 11:59:36 GMT -5
Posts: 30,626
|
Post by Wisconsin Beth on Sept 4, 2013 15:15:02 GMT -5
I guess too, we spend a LOT of time pounding into the field's head to "NO using of someone else's password anywhere for anything" because of documentation and potential legal issues. Our records are subject to Open Records Law and sometimes the author of the report get subpenaed. When the wrong person shows up, the case can be dismissed. And we submit to the Feds and they get fussy when they find out this is happening. <br>
|
|
movingforward
Junior Associate
Joined: Sept 15, 2011 12:48:31 GMT -5
Posts: 8,385
|
Post by movingforward on Sept 4, 2013 15:18:35 GMT -5
I guess too, we spend a LOT of time pounding into the field's head to "NO using of someone else's password anywhere for anything" because of documentation and potential legal issues. Our records are subject to Open Records Law and sometimes the author of the report get subpenaed. When the wrong person shows up, the case can be dismissed. And we submit to the Feds and they get fussy when they find out this is happening. Our stuff is not all that big of a deal. The only thing that really needs security is accounting stuff and they have a different system.
|
|
muttleynfelix
Junior Associate
Joined: Dec 20, 2010 15:32:52 GMT -5
Posts: 9,406
|
Post by muttleynfelix on Sept 4, 2013 15:18:42 GMT -5
Oh, I must work in a strange office because we all have the same password. Most docs are also saved on the server so they can be accessed in case someone is out of the office and info is needed. This is one reason why I don't have any personal docs or personal emails on my work computer. I'm with you. We routinely log onto everyone else's computer. I am instructed to check my boss's email several times a day while he is on vacation.
|
|
Tiny
Senior Associate
Joined: Dec 29, 2010 21:22:34 GMT -5
Posts: 13,488
|
Post by Tiny on Sept 4, 2013 15:20:01 GMT -5
If the IT department had the time to break into your accounts, why didn't they just set up an account for the employee who needed one? Sounds like management has no concept of appropriate security measures and no common sense. They didn't 'break in' they just reset the password and had the 'new' person set up the new password. FWIW: I nearly passed out when I read the Opening post.... we're constantly reminded about password security and our passwords change every 3 months and have to be all complicated and you can't reuse a password for a year... I'd probably have a chat with management - cause what the OP considers appropriate 'security' (not giving co-workers a password) doesn't seem to co-incide with the employer's values regarding security (ie it seems they don't care). Hey, on the plus side you can probably ask for someone's password from HR or Payroll or Benefits and get it without question!! and give yourself a nice big raise!! too cool!
|
|
Wisconsin Beth
Distinguished Associate
No, we don't walk away. But when we're holding on to something precious, we run.
Joined: Dec 20, 2010 11:59:36 GMT -5
Posts: 30,626
|
Post by Wisconsin Beth on Sept 4, 2013 15:20:57 GMT -5
And we can set up Outlook to allow someone else access to your email. It's not real hard.
|
|
shanendoah
Senior Associate
Joined: Dec 18, 2010 19:44:48 GMT -5
Posts: 10,096
Mini-Profile Name Color: 0c3563
|
Post by shanendoah on Sept 4, 2013 15:21:04 GMT -5
So maybe I'm a pot stirrer, but I would call IT "in a panic"
"I think my work account has been hacked! I'm not in the office today, but I got an urgent voicemail so decided to log in from home and the system told me I was already logged in on another station. I thought it might be a glitch, so I called a coworker to check and he says the system shows me as logged in. I have access to some confidential information, so I'm very afraid the company might be at risk. Is there anyway you can shut my account down until I can come in tomorrow and run an audit to see what files have been accessed since I left yesterday?"
I would also send my boss and the new owners an email with a message along those same lines...
"I just want to give you a heads up about a situation that may put the company at legal risk. It appears my work account has been hacked. As you know, I have access to X files, which have Y type of data that could be sold to identity thieves/our competitors/exposed in some way to cause harm to the organization... I am on the phone with IT now, trying to get the access shut down and to see if they can trace it. With any luck, they'll be able to run an audit so we can know what files were actually accessed." WOW! That is serious. maybe it is just a little company that doesn't have a great IT set up and does things without the best procedures. It is possible, but it was mentioned in the OP that it is against company policy to give out your password. It also has an IT setup that does not allow you to be logged on from multiple stations at once. That means that the company has a policy against someone using someone else's account and security concerns about people being able to access the system through another person's account. As an employee, I would never assume that my coworkers or IT have violated company policy, which means I have to assume that this a hack/attack of some kind.
If the boss/owners ordered IT to release the account login information, then they will have to own up to that fact.
|
|
haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Sept 4, 2013 15:22:28 GMT -5
I'd be angry, too. If the employee filling in makes a glaring error, that employee is logged in as you. The implications of that would not make me a happy panda. I'm thinking of the Hipaa violations thread. Anyone else? Not me. To me this sounds like it's about money, bookkeeping, or sensitive client financial info. I'd recommend covering your ass and going over the side. When a coworker asks you to break rules on day 2 and ownership agrees, you have nothing to gain by staying.
|
|
Rocky Mtn Saver
Junior Associate
Joined: Dec 23, 2010 9:40:57 GMT -5
Posts: 7,461
|
Post by Rocky Mtn Saver on Sept 4, 2013 15:24:49 GMT -5
The whole reason for issuing each person a personal password is to identify the person and to protect what is on the computer/site from intrusion. If the company issued me a password, that password indicates that I'm doing whatever is going on there. To have them give it to someone else without my permission would make me very upset. I would be seriously wondering what else they're doing behind my back and what other bad procedures they have in place...
FWIW, I've never had an employer use my password in any way, shape, or form. IT has always had administrative access if they need to do things on my computer, etc. And I think that any IT person worth their salt would not be giving out passwords between employees. No IT guys I've worked with do that.
|
|
Deleted
Joined: Oct 7, 2024 4:34:48 GMT -5
Posts: 0
|
Post by Deleted on Sept 4, 2013 15:25:45 GMT -5
I just went back and reread some of Perhaps old posts. She is the one where the owner sold the franchise, so she is essentially working for the same company with a new owner.
I could see why she would be worried about this.
|
|
muttleynfelix
Junior Associate
Joined: Dec 20, 2010 15:32:52 GMT -5
Posts: 9,406
|
Post by muttleynfelix on Sept 4, 2013 15:25:51 GMT -5
And we can set up Outlook to allow someone else access to your email. It's not real hard. Part of it is that we have some different programs on each computer and sometimes we have to access those programs. Sometimes my AutoCAD acts up and I need to use someone else's. For LEED projects, I have to use a 32 bit computer and mine is 64 (and my other computer when I reinstalled internet explorer and I can't get LEED access).
|
|