Protecting companies from hourly employees
-
@scottalanmiller said in Protecting companies from hourly employees:
The issue is around people not reporting, though. So in the given scenario, no reporting system would help.
With an appropriate HR policy in place, the issue then becomes one of monitoring for non-compliance. It's the manager's job to know that the employee is / will be hitting OT if they continue working at the current pace.
Managements failure to monitor and take action becomes implicit approval for the employee to continue working and getting OT.
-
@Danp said in Protecting companies from hourly employees:
@scottalanmiller said in Protecting companies from hourly employees:
The issue is around people not reporting, though. So in the given scenario, no reporting system would help.
With an appropriate HR policy in place, the issue then becomes one of monitoring for non-compliance. It's the manager's job to know that the employee is / will be hitting OT if they continue working at the current pace.
Managements failure to monitor and take action becomes implicit approval for the employee to continue working and getting OT.
Again, that's not possible here. The issue is that it cannot be monitored and it is not reported. Partially because it is a made up problem that isn't happening today. It's a theoretical problem with theoretical unknowns.
-
Think of it a little like this...
when pigs fly, how will we predict when they will poop on us?
We really don't know the answer because we don't have flying pigs to observe first.
-
Scott is correct. Today users don't have access to log in remotely. But in the near future they will. The concern is that they MIGHT, might try to claim their remote access as working time.
As Scott said over 5 pages ago... this is an HR issue - That said, we can definite put reports and logging in place to report when people are logging in from unknown places, or equally weird, logging in outside their work schedules (7 AM - 5:30 PM).
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
-
-
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
- Will false positives be an issue?
- Will false negatives be?
-
@scottalanmiller said in Protecting companies from hourly employees:
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
- Will false positives be an issue?
- Will false negatives be?
There is a policy - please - I don't know where the idea that there is no policy came from.
Now, that said, just because there is a policy... -
@scottalanmiller said in Protecting companies from hourly employees:
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
See above.
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
Now this is a great point!
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
Sure, they could at minimum show that sucessful logons were made outside of the employees allowed hours - discipline.
- Will false positives be an issue?
Absolutely they could be - hopefully only in so much as showing failed logons, if an employee claims they didn't attempt (and succeed) at logging in, how we have a breach/known password issue
- Will false negatives be?
Absolutely possible because of hackers attempting to logon.
-
@Dashrender said in Protecting companies from hourly employees:
@scottalanmiller said in Protecting companies from hourly employees:
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
- Will false positives be an issue?
- Will false negatives be?
There is a policy - please - I don't know where the idea that there is no policy came from.
Now, that said, just because there is a policy doesn't mean that management is following and enforcing the policy.I completed that for you so there was no ambiguity.
-
-
@Dashrender said in Protecting companies from hourly employees:
There is a policy - please - I don't know where the idea that there is no policy came from.
Now, that said, just because there is a policy...Because if there is a policy, why is the manager asking to do this? We were giving her the benefit of the doubt.
Also, you said that you were unsure if there was a policy, so there was no reason to assume that there was one.
And I didn't state that there was not one, only that we had assumed that there was not given the history, information at hand and actions.
Have you seen the policy? Does it say what is needed?
-
@Dashrender said in Protecting companies from hourly employees:
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
Sure, they could at minimum show that sucessful logons were made outside of the employees allowed hours - discipline.
So a cell phone connects automatically, do you discipline for that? You can, of course, but it is really weird.
-
@scottalanmiller said in Protecting companies from hourly employees:
Have you seen the policy? Does it say what is needed?
it's not enough - simply says that you can't work OT without permission from your supervisor. Clearly they need it to be much more verbose.
-
@Dashrender said in Protecting companies from hourly employees:
@scottalanmiller said in Protecting companies from hourly employees:
Have you seen the policy? Does it say what is needed?
it's not enough - simply says that you can't work OT without permission from your supervisor. Clearly they need it to be much more verbose.
That's not too bad. But without permission ahead of time would help a lot. Nip the implicit permission a bit.
-
Yea, being very explicit here is what would protect the company.
IE No overtime will be approved, unless with explicit written consent from you manager. Any overtime not approved beforehand will be viewed as a breach of company policy, repeated breaches of company policy are subject to disciplinary action.
Edit: ... disciplinary action. Up to and including termination.