Protecting companies from hourly employees
-
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
- Will false positives be an issue?
- Will false negatives be?
-
@scottalanmiller said in Protecting companies from hourly employees:
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
- Will false positives be an issue?
- Will false negatives be?
There is a policy - please - I don't know where the idea that there is no policy came from.
Now, that said, just because there is a policy... -
@scottalanmiller said in Protecting companies from hourly employees:
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
See above.
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
Now this is a great point!
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
Sure, they could at minimum show that sucessful logons were made outside of the employees allowed hours - discipline.
- Will false positives be an issue?
Absolutely they could be - hopefully only in so much as showing failed logons, if an employee claims they didn't attempt (and succeed) at logging in, how we have a breach/known password issue
- Will false negatives be?
Absolutely possible because of hackers attempting to logon.
-
@Dashrender said in Protecting companies from hourly employees:
@scottalanmiller said in Protecting companies from hourly employees:
@Dashrender said in Protecting companies from hourly employees:
So yes, the boss can watch these logs and nip in the bud before it becomes a real problem, or fire them if they don't change their actions.
The questions would be...
- The boss that can't be bothered to have a policy (we assume) will sit around watching logs every day?
- The boss will create a process by which they are legally responsible for knowing if people are logging in and determining if they are working? Sounds like they are creating liability rather than removing it. Employees will claim that the boss must have known, since there is a process for them to know, therefore it was approved.
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
- Will false positives be an issue?
- Will false negatives be?
There is a policy - please - I don't know where the idea that there is no policy came from.
Now, that said, just because there is a policy doesn't mean that management is following and enforcing the policy.I completed that for you so there was no ambiguity.
-
-
@Dashrender said in Protecting companies from hourly employees:
There is a policy - please - I don't know where the idea that there is no policy came from.
Now, that said, just because there is a policy...Because if there is a policy, why is the manager asking to do this? We were giving her the benefit of the doubt.
Also, you said that you were unsure if there was a policy, so there was no reason to assume that there was one.
And I didn't state that there was not one, only that we had assumed that there was not given the history, information at hand and actions.
Have you seen the policy? Does it say what is needed?
-
@Dashrender said in Protecting companies from hourly employees:
- Will the logs be useful? Will there be good, easy to read logs that show actual login correlation? Maybe, but that will be a lot of effort.
Sure, they could at minimum show that sucessful logons were made outside of the employees allowed hours - discipline.
So a cell phone connects automatically, do you discipline for that? You can, of course, but it is really weird.
-
@scottalanmiller said in Protecting companies from hourly employees:
Have you seen the policy? Does it say what is needed?
it's not enough - simply says that you can't work OT without permission from your supervisor. Clearly they need it to be much more verbose.
-
@Dashrender said in Protecting companies from hourly employees:
@scottalanmiller said in Protecting companies from hourly employees:
Have you seen the policy? Does it say what is needed?
it's not enough - simply says that you can't work OT without permission from your supervisor. Clearly they need it to be much more verbose.
That's not too bad. But without permission ahead of time would help a lot. Nip the implicit permission a bit.
-
Yea, being very explicit here is what would protect the company.
IE No overtime will be approved, unless with explicit written consent from you manager. Any overtime not approved beforehand will be viewed as a breach of company policy, repeated breaches of company policy are subject to disciplinary action.
Edit: ... disciplinary action. Up to and including termination.