Wednesday, July 25, 2007

Reason Number 1 why we need a stronger security policy

As I finished my last post, I remembered a minor, yet aggravating incident that occurred today.

The manager of international customer service has one employee. That employee is responsible for handling international orders, quotes, and the like. That employee happens to be on a two week vacation. So, around lunchtime, the manager comes to my desk to ask me a question; and I could tell she wasn't too comfortable. Her boss, the VP of Sales and Marketing was wondering how the bulk of the international orders were going to be entered if the person doing it was not here. A fine question. It was suggested that the manager just log into the employee's machine, read the mail and handle the order.

So, she was at my desk to find out how she could log into her employee's machine. I glared at her, and she basically knew the answer. I don't know everyone's password; and there's no way to find the password. Could I just reset the password, yes. Would I. No. I calmly explained that the "policy" is that I can't allow access to the employees computer. The manager calmly explained that she had been to HR's office and that the Director of HR had given permission. The manager asked if it was in the policy document (it's not.) The HR director responded that it was ok, AND that the Comptroller knew the passwords to all of the computers in the finance office (a separate office.) She also mentioned that the VP wanted orders entered this week and wanted to know what it would take. I explained that anything negative that happened would have to be her responsibility.

In the end, the VP of Sales and Marketing sent me a note, basically ordering me to create a new password and reset it when the vacationing employee returns.

I would have jumped out a window, but being on the first floor I figured I would just really hurt myself.

Security policy? Yeah right. A post for another day.

No comments:

Post a Comment