How come my users never understand the simple things..
-
I'd have a quick talk with HR about the liability of you having passwords. Why are you being shown passwords for a system for which you have no responsibility? That's a security breach.
-
Yeah... for some odd reason here, there is a policy that IT needs to have every 3rd party login credentials for those "Oh crap" moments that something may go wrong.
Now without getting into the argument of password management or anything along those lines. I don't even care to question the fact that this request more than certainly flies in the face of every corporate policy out there in regards to passwords.
Someone here at some point made it mandatory that IT be aware of every client login credential that we have access too. And no matter how many times I've said its incredibly stupid to have such a policy it won't be changed.
-
Scott,
I've been writing HR policy for everything from cell phones to services to assets. I've brought this one up and told to just do it this way because "IT needs to manage it for the users. "
-
@DustinB3403 said:
Scott,
I've been writing HR policy for everything from cell phones to services to assets. I've brought this one up and told to just do it this way because "IT needs to manage it for the users. "
See previous statement about bad management in SMB.
-
@JaredBusch said:
@DustinB3403 said:
Scott,
I've been writing HR policy for everything from cell phones to services to assets. I've brought this one up and told to just do it this way because "IT needs to manage it for the users. "
See previous statement about bad management in SMB.
Link?
-
@DustinB3403 said:
Scott,
I've been writing HR policy for everything from cell phones to services to assets. I've brought this one up and told to just do it this way because "IT needs to manage it for the users. "
Did you bring it up as a security violation and asked that you have it in writing from HR that they understand that they have removed the ability to identify who is taking actions with accounts?
Have you also asked why IT is doing other departments jobs? If the other people can't do their jobs, why is IT not being paid to do both jobs? Ask HR if HR feels HR should do the work of other departments if those departments are too lazy to do them themselves? In fact, ask HR to do some IT work for you based on the same ruling.
-
@DustinB3403 said:
Link?
@scottalanmiller said:
So the vast majority of SMB jobs is working for companies where management is failing to take the company to what most people consider success. So the nature of work in the SMB is focused around the concept of failed or failing management.
-
In many of these cases, while I feel that SMBs very often have terrible management and this sounds likely to be more of that, IT exacerbates the problems by not presenting the situation correctly. It can be presented like this "User is poorly functional and lazy, do I need to do their work for them?" In this case, HR is going to roll their eyes and say yet.
In the other way you can say "This is an HR issue for me and for the IT department and we need HR to step in and protect us from having a security exposure both for the company and to keep us from being put into a position in which we are uncomfortable."
In one case, you are simply asking HR to make you "not do other people's work." In the other, you are putting security responsibility into the hands of HR and making them responsible for the decision.
-
-
Exactly. Change their point of view. It doesn't work every time, but coming to them as IT with an HR issue is very different than coming to them looking for them to manage the time of employees.
-
@DustinB3403 said:
How come my users never understand the simple things, like how to connect to the VPN. Launch the application, click connect, enter your password.
Probably because no one makes them. People rarely learn how to do things if they are not required to. Why bother if you can have someone else do it for you.
I support in many cases that it might be more efficient for some tasks, maybe not connecting to the VPN, be done by IT if they are not common or simple tasks.
