Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: IT Personnel As Ostriches?

Soulskill posted about a month and a half ago | from the head-in-the-sand dept.

Businesses 246

MonOptIt writes: I'm a new IT professional, having recently switched from a different sci/tech field. My first gig is with a mid-size (50ish) nonprofit which includes a wide variety of departments and functions. I'm the sole on-site IT support, which means that I'm working with every employee/department regularly both at HQ and off-site locations. My questions for the seasoned pros are: Do you find yourself deliberately ignoring office politics, overheard conversations, open documents or emails, etc as you go about your work? If not, how do you preserve the impartiality/neutrality which seems (to my novice mind) necessary to be effective in this position? In either case: how do you deal with the possibility of accidentally learning something you're not supposed to know? E.g. troubleshooting a user's email program when they've left sensitive/eyes-only emails open on their workstation. Are there protections or policies that are standard, or is this a legal and professional gray-area?

cancel ×

246 comments

Sorry! There are no comments related to the filter you selected.

queer-o-sexuals (-1)

Anonymous Coward | about a month and a half ago | (#47589851)

having buttsex with your butt. dirty and nasty poop butts.

making your dick stink

Simple Answers to Simple Questions (5, Insightful)

Anonymous Coward | about a month and a half ago | (#47589865)

Yes

IT has access to everything and should read nothing. The content is just that, content. It doesn't matter

Re:Simple Answers to Simple Questions (3, Interesting)

Anonymous Coward | about a month and a half ago | (#47590001)

That wasn't the question. What do you do when you did read something inadvertently? You can't unread "Irregularities in the pension fund". Do you pretend that you don't know? What if it's something illegal / against company policy / unethical?

Re:Simple Answers to Simple Questions (3, Interesting)

Raumkraut (518382) | about a month and a half ago | (#47590051)

Does your country have laws protecting corporate whistle-blowers?
It's a lot easier to defend your position if it's the FBI asking you to make surreptitious copies of documents, after they called you following an "anonymous" tip-off...

Re:Simple Answers to Simple Questions (5, Insightful)

mysidia (191772) | about a month and a half ago | (#47590099)

Your best bet is to "forget" you read it; never acknowledge that you saw it, and assume the best.

For example, just because someone wrote about supposed "irregularities in the pension fund"; doesn't mean there are irregularities in the pension fund, it may just be some ignorant person spouting out / jumping to wrong conclusions.

There are also paranoid folks who will say such things, until it's proven that no, there was just some minor typographical mistake and everything's fine.

Just like when a person tells you "I turned off the firewall," but it still gave me the error message. Doesn't mean they managed to break into the server room and replace the corporate firewall with a closed circuit ------ they haven't a clue what they just said.

Re:Simple Answers to Simple Questions (-1)

Anonymous Coward | about a month and a half ago | (#47590139)

There are also people like me who like to place arbitrary hints in things they write.
Just to throw off people if I ever need it in the future.

Re:Simple Answers to Simple Questions (1)

wisnoskij (1206448) | about a month and a half ago | (#47590279)

You ignore it. Don't think about, don't gossip it around, pretend you did not see anything.

Re:Simple Answers to Simple Questions (5, Insightful)

wisnoskij (1206448) | about a month and a half ago | (#47590297)

If it is actual evidence, and not just gossip, of real law breaking that is something only your conscience can decide. As for everything else, including things that are clearly breaking company policy, as long as it is nothing or little to do with your job ignore it. You are not paid to rat on your peers. And telling your boss that Bob in accounting steals office supplies is not going to earn you any promotions or friends.

Re:Simple Answers to Simple Questions (5, Insightful)

grcumb (781340) | about a month and a half ago | (#47590445)

That wasn't the question. What do you do when you did read something inadvertently? You can't unread "Irregularities in the pension fund". Do you pretend that you don't know? What if it's something illegal / against company policy / unethical?

We used to call it 'being trustworthy'. Not sure what the term is today.

People need to know that they can rely on you under pretty much any circumstances, otherwise they'll stop calling and you won't be able to do your job. That means ignoring pretty much everything.

I say pretty much, because there is a line past which you cannot remain silent. For me, it was child pornography on a customer's computer. I called the police and handed over the equipment.

This was in a small town, and it ruined my life, by the way. The owner of the computer was a prominent citizen who immediately accused me of planting the material, then began a slur campaign against me. The town, as the saying goes, wasn't big enough for the both of us. After more than a year of this, I had to leave. I'd lost my job, and I'd lost half my friends.

Some time later, I ran into an acquaintance from that town in an airport. His first bit of news that that the kiddie diddler had finally been convicted. His own smear campaign finally had the effect of bringing three adult victims of his out. They testified against him and put him away. The lesson I learned is that, sometimes, there is justice in this world. But it doesn't come free.

So yes, you need to be - and you need to be seen to be - completely, implicitly trustworthy. How you do it is simple enough: Always be there, never be seen to be part of the gossip. Be open and obvious about everything you do, and never, ever work in someone's office with the door closed. Equally, though, you need to be seen to be the kind of person who will do the right thing. That's a little harder to do and, as I've recounted, sometimes comes at a cost.

Re:Simple Answers to Simple Questions (4, Insightful)

khasim (1285) | about a month and a half ago | (#47590021)

I prefer the term "professionally disinterested".

If it is NOT evidence of a crime then you ignore it. Or you use that knowledge to avoid finding out anything more about the topic.

If you have any questions then you bring those questions to HR.

Re:Simple Answers to Simple Questions (2, Insightful)

Anonymous Coward | about a month and a half ago | (#47590367)

In my career I've had access to everything from HR data, payroll, ethics/legal investigations, etc... never really looked at it other than the few times I commented to the programming teams about them having debugging on in their code (in production), potentially spitting out private/sensitive information into the logs, etc (one time one team had company CC#'s with names, SSNs, etc). It is what it is - I just inform them they shouldn't do that, but don't really pay any attention to it.

I have never, even though I've had access, actually gone into the databases doing queries or anything "looking". I'd consider that horribly unprofessional, unethical, and potentially illegal.

blahblahblah (3, Funny)

retchdog (1319261) | about a month and a half ago | (#47589867)

why the fuck are you asking here, of all places, about office etiquette? haven't you noticed that over half of the people here are bitter, miserable burnouts and misfits?

are you also asking on the christian abstinence forums about finding prostitutes?

Re:blahblahblah (-1)

Anonymous Coward | about a month and a half ago | (#47589911)

Seduce the Christians on the abstinence forums! and help them to affirm their faith! through temptation!

Re:blahblahblah (-1, Flamebait)

retchdog (1319261) | about a month and a half ago | (#47590105)

and surprise anal!

yes, ignore office politics (1)

Anonymous Coward | about a month and a half ago | (#47589869)

Then you will be surprised when the players of office politics conspire to fire you. And they will. It's what they do. Because you're IT. You're the scum of the office by definition.

Re:yes, ignore office politics (0)

Anonymous Coward | about a month and a half ago | (#47590075)

Needed by all, hated by all?

Re:yes, ignore office politics (1)

1s44c (552956) | about a month and a half ago | (#47590229)

If you help people, facilitate, make their work lives easier, you won't be the scum of the office.

Re:yes, ignore office politics (5, Interesting)

SuricouRaven (1897204) | about a month and a half ago | (#47590409)

Ideally, but office politics is complicated. Sometimes making one person's life easier makes another's harder - teach the micromanager that he has the ability to add items to his underlings' outlook calanders, and said underlings are going to be annoyed. Sometimes people actually like their lives to be harder, for not-apparent reasons.

For example, having worked at a school in IT support, part of my job was to maintain the various measures used to keep the students away from games in lessons. Due to some sadistic tendencies, I have become quite skilled at this. New games sites appeared all the time, and were quickly blocked - often while a student was trying to use them. We watched their screens.

Until some of the teachers started acting very annoyed, and complaining about us interfering in lessons. Why would they do this? We were trying to make their lives easier, keeping the students from entertaining distractions so they would focus on their work. We were enforcing the usage policy, everything by the book. What we hadn't realised is that many of the teachers were well aware of the gaming going on in lessons, and turning a blind eye to the class clown. Games keep the disruptive student busy, and if he weren't playing the latest flappy bird clone he would just be jumping around the room, distracting his friends or demanding most of the teacher's attention. So when we stepped in to 'help' the teachers, we actually got in the way of a little trick of theirs by turning the silent non-working student into a class-ruining joker that kept everyone else from working too. All they needed was an excuse to stop us, and it wasn't hard to find one - they just argued to the boss's boss that we were performing 'classroom management,' a function that the union said must be the exclusive domain of teachers.

The way the workplace actually functioned differed from the way it actually functioned. By not noticing the unwritten procedure in use, we disrupted it and caused friction with another department.

We still block the games, of course. Teachers should learn to manage their students, not just give them an electronic pacifier. We're just a bit more subtle about it.

Re:yes, ignore office politics (1)

Anonymous Coward | about a month and a half ago | (#47590249)

So you are saying he should scan all their data and build dossiers with inciminating information for every employee, that he can use later as blackmail if they start conspiring against him? Is that the solution?

Re:yes, ignore office politics (1)

I'm New Around Here (1154723) | about a month and a half ago | (#47590553)

You misspelled "inseminating".

Use common sense (0)

Anonymous Coward | about a month and a half ago | (#47589881)

Oops... this is the wrong site for that.

Re:Use common sense (0)

Anonymous Coward | about a month and a half ago | (#47590281)

What is common sense, exactly? It varies from country to country, culture to culture, town to town..

Simple. (0, Informative)

Anonymous Coward | about a month and a half ago | (#47589885)

"how do you preserve the impartiality/neutrality which seems (to my novice mind) necessary to be effective in this position" You keep your mouth shut about anything but your job.

Re:Simple. (-1)

Anonymous Coward | about a month and a half ago | (#47589929)

I'll tell that to Snowden.

Re:Simple. (2, Insightful)

Anonymous Coward | about a month and a half ago | (#47589995)

Snowden found a different job more important than the one he was doing. It was also his duty to report illegal activity. I think he did a great job.

Re:Simple. (1)

Chas (5144) | about a month and a half ago | (#47590559)

Snowden found a different job more important than the one he was doing. It was also his duty to report illegal activity. I think he did a great job.

Sure, but in the private sector, you don't have the luxury of exiling yourself to another country for the rest of your life and being seen as a hero.

Re:Simple. (2)

Z00L00K (682162) | about a month and a half ago | (#47589947)

I agree - unless something floats up that is outright criminal to the extent of prison time just leave it alone.

If you find something that's severely incriminating, look for a new job.

Being a sysadmin means that you have extreme rights and abilities to do stuff, but you shall also have the ability to keep your mouth shut. It's better to keep a distance than to end up on the wrong side in a conflict or legal proceeding.

Re:Simple. (1, Funny)

retchdog (1319261) | about a month and a half ago | (#47590169)

this is a good guideline, but it's worth keeping an eye open for someone weak, yet brash enough to engage in criminal conspiracy. it's rare and i wouldn't plan on it, but it's an excellent opportunity to make a sideline income and develop a skillset suitable for a lucrative management position. i won't go into detail on the tactics, but they're pretty obvious. keep in mind, you want hush money and an intimidating rep; you don't actually want a confrontation. start with a moderate offer, on the lines of maybe 5% of their salary, and crank that up as time goes by.

btw, start going to the gym now; yes, you can always kill the motherfucker, but it's much, much more effective to passively intimidate them.

Not sure why this is a question (5, Insightful)

GeekFreak (202351) | about a month and a half ago | (#47589897)

I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them. If it's a temptation, might want to re-evaluate your own professionalism.

The same with politics and gossip: keep it to yourself; do not participate. If asked a question, smile and decline to comment. Be polite and cordial but trust no one.

Basically: do your job and stfu.

Not sure why this is a question (0)

Anonymous Coward | about a month and a half ago | (#47589969)

for the most part people who stfu and do their job go unnoticed and usually see no promotions.

Re:Not sure why this is a question (2, Informative)

Anonymous Coward | about a month and a half ago | (#47590013)

I call bullshit on this. It seems to be true... but it isn't, not quite.

IT is typically a support position, not the core business. That limits promotion potential. Worse, when done well it's supposed to be invisible by dint of not breaking down. You can do something about that by promoting yourself, by communicating really well, by showing what went well instead of having to announce another failure you're mopping up after. Like, you've done a bunch of maintenance and introduced a new service. You can announce that with a nice little (short!) blurb extolling the virtues of what you've done and how that helps the company in a way that'll be appreciated. Do this well and everybody'll know what IT is for, what it does for the company, and so on. You make yourself visible.

The original question, though, was about office politics and gossipping you run into because you meet bloody everybody in the company, and about the accidental brushes (I would hope so, anyway) with stuff not really ment for your eyes. As to that, you indeed don't partake in and do STFU about.

Re:Not sure why this is a question (0)

Anonymous Coward | about a month and a half ago | (#47590095)

Also if you find stuff on their computer i.e. torrents, warez, porn and the whole reason you're even looking at the computer is because it is infected, clearly something more needs to be done otherwise you'll just be in that same spot in another week trying to clear up the computer again.

Re:Not sure why this is a question (1)

mysidia (191772) | about a month and a half ago | (#47590151)

I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them.

What happens when you get a request from management to help them identify/bring to their attention people potentially 'abusing' the e-mail system, such as by e-mailing sensitive information out of the organization, or by identifying employee(s) sending e-mail that are obscene, abusive, harrassing, or contain inappropriate language?

Re:Not sure why this is a question (2)

Cheerio Boy (82178) | about a month and a half ago | (#47590275)

I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them.

What happens when you get a request from management to help them identify/bring to their attention people potentially 'abusing' the e-mail system, such as by e-mailing sensitive information out of the organization, or by identifying employee(s) sending e-mail that are obscene, abusive, harrassing, or contain inappropriate language?

That's an official request from management and is part of your job at that point even if it wasn't before. Inform HR of what you've been asked to do and if there's a conflict let them hash it out. Document everything and keep a personal copy of the documentation in a safe offline place. If you get fired for doing your job you either have enough documentation to take legal action (if you can afford it) or enough to clear your name if it becomes necessary.

Re:Not sure why this is a question (1)

Anonymous Coward | about a month and a half ago | (#47590381)

HR

You tell them you need to get approval from HR before you give them access to anything, and even better, you tell them you cannot sift through the email, that they will have to designate another non-IT person to read/go through the documents/email (best if it is HR).

Stand your ground and they cannot give you crap for requesting that you do not put yourself in liable.

Re:Not sure why this is a question (1)

wisnoskij (1206448) | about a month and a half ago | (#47590307)

Well of course unless it goes strongly against your conscience or the law you do what you are asked.

Re:Not sure why this is a question (1)

Anonymous Coward | about a month and a half ago | (#47590331)

Here's "what happens":

There's plenty of LEGAL reasons you might need to access them, but very little LEGAL reason for you to READ them, still. As an admin, it's just as easy to say "here's a text file dump of all email for User X's account in this handy password-encrypted file. To read it, log into heavily secured & audited system X, conduct your investigation, and let me know when you're completed, so I can blow away the VM you were working on and eliminate the chance of this data being improperly accessed.

If you fear the request is somehow illegitimate, escalate to your own manager, HR, or corporate legal.

Re:Not sure why this is a question (1)

Threni (635302) | about a month and a half ago | (#47590217)

Read it for a laugh, just don't tell anyone about anything you read, and you'll be fine!

politics and stuffs (0)

Anonymous Coward | about a month and a half ago | (#47589901)

Unless you're a professional ladder climber and/or backstabber (most MBA middle-management types), it's best to just stick to IT and keep stuff to yourself.

Sound advice I was given (2)

tyggna (1405643) | about a month and a half ago | (#47589905)

Just keep the guy who does your yearly reviews happy and make him look good. Also, make his boss look good. If you're like me and have multiple bosses, develop your relationship with the one you think will hold that position longest. Don't burn any bridges unless you have to in order to keep your job. Every company has different standards of security, and an even wider variation of enforcement. Don't intentionally be a butt-head to anyone, and if you see anything that's off policy or could get someone fired, just politely point it out to the individual so they can correct it.
As for dealing with sensitive information, I usually ignore it. You'll see lots of stuff you probably shouldn't as the only IT guy. Just file it away and don't bring it up again--even if it seems like a good idea or a neutral situation to do so. You don't want upper management finding out the IT guy knows more about the company than they do, or they'll (often unintentionally) make your life miserable.
IT can be likable, but there will be a lot of people who will make your job harder because of their ignorance. Just do you best to educate them in a friendly way so you can work on more important things than dealing with office dunce's all the time.

Don't look for logic (4, Insightful)

Zero__Kelvin (151819) | about a month and a half ago | (#47589909)

Always remember that you are dealing, in your case where your internal customers are not IT savvy, that there is a reason why we refer to them as lusers:

1) They have no idea how to do what you do, and need you to help them perform even the simplest of tasks
2) What you do is so simple any moron can do it
3) Their son / brother-in-law / uncle, etc. is much more of an expert then you. They re-install Windows for them every six months, and made their system much faster by upgrading from a 512GB drive to a Terabyte drive as well as much safer by installing three, count them three different Antivirus products!
4)You are some kind of idiot, because you haven't done what their expert relative has done

I wish I was kidding. The reality regarding your question is that as an IT professional you will have access to said sensitive information. It will only make you jaded if there is good reason to be jaded. If there is good reason to be jaded, run don't walk to a better gig.

Re:Don't look for logic (5, Insightful)

gnasher719 (869701) | about a month and a half ago | (#47590061)

Always remember that you are dealing, in your case where your internal customers are not IT savvy, that there is a reason why we refer to them as lusers:

If I ever hear any IT professional at a place where I work referring to end users as "lusers", I can promise you that the shit will hit the fan.

Re:Don't look for logic (1)

Kuroji (990107) | about a month and a half ago | (#47590121)

Local user, you twit. It doesn't mean 'loser'.

The fact that the end users tend to look at IT as utterly useless except when something goes wrong, in which case it should have been fixed and prevented from going wrong even when it was the end user's fault, does however tend to promote such an attitude. But the IT guys would have to be idiots to use that term openly.

Re:Don't look for logic (1)

Threni (635302) | about a month and a half ago | (#47590185)

Luser is most definitely loser. Because most users are idiots. No ability to partially diagnose or even use common sense to solve any problem (ie. if the problem persists when you log onto another PC why do you think your PC has a problem?)

Re:Don't look for logic (2)

Belial6 (794905) | about a month and a half ago | (#47590201)

BS. the term 'luser' is specifically juvenile IT people thinking that they are being witty. They are not, and the lame excuse of 'local user' doesn't make their openly hostile attitude OK. The fact that you recognize one would need to be an idiot to use that term openly shows that you know full well that it is intended to be a double entendre.

Any IT person that uses that term should immediately look for a different career path.

Re:Don't look for logic (1)

epyT-R (613989) | about a month and a half ago | (#47590309)

My aren't we feeling superior today.

Re:Don't look for logic (1)

Bing Tsher E (943915) | about a month and a half ago | (#47590413)

This is a discussion of IT Personnel. It'd be hard not to feel superior.

(the toner cartridge in that LJ5 on third floor east isn't changing ITSELF, btw...)

Re:Don't look for logic (1)

katarac (565789) | about a month and a half ago | (#47590441)

Hilarious. Pointing out petty condescension is condescending, I guess.

Re:Don't look for logic (0)

Anonymous Coward | about a month and a half ago | (#47590153)

He's not referring to end users dumb ass. He's referring to his co-workers.

Re:Don't look for logic (1)

RoombaRampage (3755195) | about a month and a half ago | (#47590189)

In this case co-workers are end users. They are the consumers of the services that IT provides.

Re:Don't look for logic (1)

Zero__Kelvin (151819) | about a month and a half ago | (#47590209)

Any decent software developer will tell you that your if conditional results in a Code can't be reached compiler warning :-)

Re:Don't look for logic (1)

SuricouRaven (1897204) | about a month and a half ago | (#47590435)

Everyone who has worked in end-user support thinks of lusers. Some of them say it, some have the social awareness not to utter the word, but they all think it or something to that effect. There are websites devoted to swapping stories of luser ignorance.

My personal favorite is the user I met who used to manage all her documents by running word, going to save-as and dragging files around in the little save dialog, right-clicking to make folders and delete things. In her years of using a computer, she never figured out that you could go to start->documents.

Runner-up is shared between all of those who have summoned me from across the building because 'sound not working' when someone has turned off the speakers.

Re:Don't look for logic (1)

I'm New Around Here (1154723) | about a month and a half ago | (#47590583)

Everyone who has worked in end-user support thinks of lusers. Some of them say it, some have the social awareness not to utter the word, but they all think it or something to that effect. There are websites devoted to swapping stories of luser ignorance.

My personal favorite is the user I met who used to manage all her documents by running word, going to save-as and dragging files around in the little save dialog, right-clicking to make folders and delete things. In her years of using a computer, she never figured out that you could go to start->documents.

Either we've met the same person, or that method is now taught in college.

Re:Don't look for logic (-1, Troll)

Anonymous Coward | about a month and a half ago | (#47590363)

Always remember that you are dealing, in your case where your internal customers are not IT savvy, that there is a reason why we refer to them as lusers:

Use that word where I work and there will immediately be a meeting with me, a HR representative and your manager.
Depending on the outcome of that meeting you will either
* get counceling from your manager
* you get to have a meeting with your manager and someone from HR.

IT is a cost centre and a support organization. Just like janitors, but you are paid more than janitors and less than engineers.
IT support is not exactly an occupation that require a masters degree.

As an important support organization, but a support organization nevertheless, to the question on
"what should I do if I overhear something?"
The answer is "ask yourself what the janitor would do" and if you do so then all is well.

Re:Don't look for logic (2, Interesting)

Anonymous Coward | about a month and a half ago | (#47590401)

No, they don't need a master's, just a bachelor's degree and continuing education and training that will exceed the time invested in a master's and NEVER. STOPS.

If you're considering IT to be equal to janitors, you are not the person who should be doing the job you are doing.

Re:Don't look for logic (0)

Anonymous Coward | about a month and a half ago | (#47590497)

No, they don't need a master's, just a bachelor's degree and continuing education and training that will exceed the time invested in a master's and NEVER. STOPS.

If you're considering IT to be equal to janitors, you are not the person who should be doing the job you are doing.

And people that are real engineers never need to learn new stuff to keep up with times?

I am an engineer. I build hardware and software. We have sales peoples to, that sells the stuff we engineers build.
IT and helpdesk is a cost centre and a drain to the company. When was the last time the IT folks provided reveune?

As I said, support folks, like janitors and receptionists but slightly better paid.

Re:Don't look for logic (1)

I'm New Around Here (1154723) | about a month and a half ago | (#47590607)

You are too full of yourself. How productive are you when the computer network is down and you can't do your highly paid job? I'm sure you don't pull out a paper and pencil and design your next product. You call and demand the support team fix it, so you can work. So, without them, you are not bringing in any revenue either.

By the way, you are as replaceable as the IT guy who knows how to fix the system.

Re:Don't look for logic (0)

Anonymous Coward | about a month and a half ago | (#47590571)

Again, If I ever hear that derogatory term used by non-essential staff, like IT, Receptionists, Janitors, etc I would immedialtely have a meeting with that persons manager and a representative from HR.
I would there suggest termination of employment, but would settle for counceling it manager or HR strongly wants to keep that person and it was a firsdt offence.

If it was essential or otherwise valuable staff and it was just a first offence I would suggest counceling before termination.

In any case it would go to that persons file.

Seriously (0)

Anonymous Coward | about a month and a half ago | (#47589919)

If colleagues cannot depend on the discretion of their IT support, then they need new IT support.

OTOH if the information involves illegal activity, perhaps one ought to consult management. If management does not respond, or responds in an unethical way, maybe IT support needs to find new colleagues.

Fwiw

ignores (1)

ghighi (1416473) | about a month and a half ago | (#47589923)

You can't be liable for having knowledge of information that people couldn't be bothered to encrypt. Executives can be lazy with their data and you can't be expected to do special efforts when they didn't do any to begin with. That being said, I would chose to ignore. I have been there, with information very sensible for a very big company, and just ignored that. A colleagues acted upon that same knowledge in not so subtle way and we almost got troubles for it; it was harmless so they pretended they did not realise we had access to the documents and left it at that. It could get you fired though, so you might want to just stfu. Now there would be two exception to that rule: I you were in a position where you could blow the whistle on some important information for the public good, or if you could get personal gains in the process. It's a moral decision q:

Re:ignores (1)

sumdumass (711423) | about a month and a half ago | (#47590205)

You can't be liable for having knowledge of information that people couldn't be bothered to encrypt. Executives can be lazy with their data and you can't be expected to do special efforts when they didn't do any to begin with.

I completely disagree. It is in fact your job to assist in this if you are IT. You are in a trusted position and if you gain access to something due to that trust, it is a duty to keep that trust (unless it reveals something so unconscionable that you have to remove yourself from that position of trust).

The rest, I agree with. An example was not something that happened to me but to a lawyer in a firm I administrated. The IT for another law firm for the plaintiffs in a lawsuit was having drinks bragging about some things he saw. He was making the statements as if in idolization of a couple of the lawyers at the firm. Turns out, one of the defendants of the same suit was there also and over heard some of the conversations. This led to finding evidence that completely nullified the lawsuit as the contract had been essentially broken but not officially broken by the plaintiffs before the breach in question they were suing over. In essence, the plaintiffs wanted out of a contract and were taking steps to void it before those steps ended up causing a failure in another party to the contract from delivering. Their steps to secure resources when they voided the contract removed the availability of resources from the market making the defendant in default of the contract obligations. Instead of voiding the contract, they decided to sue for the breach to recover expenses of setting up their in house facilities to do the contract work themselves- which they planned to do all along.

So even just telling friends outside of the job can cause things to come back at awkward moments. You have to forget you even noticed the information.

LOPSA/LISA Code of Ethics (5, Informative)

David E. Smith (4570) | about a month and a half ago | (#47589949)

Read the System Administrators' Code of Ethics [usenix.org] and take it to heart. Even if your job title doesn't include the words "system" or "administrator."

It's actually pretty easy to ignore the content of an email if you're focused on the email delivery process (mail server logs, the headers of forged/spam mails, things like that). Similarly, if you're doing FTP hosting or file drops for customers, you rarely need to dig into the content of the files themselves to troubleshoot upload/download problems. There are rarely reasons to dig into the content of whatever you're working on. It does come up, if (for instance) some piece of email has wacky malformed content that keep crashing the mail client, but IME those situations are uncommon.

I used to work at a mom-and-pop ISP, in a small town. Our customers included the local police and fire departments, City Hall, and most of the larger law offices and accountants' offices. Since we provided email and Web hosting (among other services), I certainly could have made some locals' lives very interesting. Hell, I had access to the email of everyone in my company, including that of the owners to whom I reported. I'll admit to having been tempted once or twice, but I'm proud to say I never abused my privilege.

Just ignore it (2, Insightful)

Anonymous Coward | about a month and a half ago | (#47589951)

Whether I'm working in IT or another area, I try to ignore what is on people's screens. I consider this a simple matter of manners, not an IT issue. You don't read over other people's sholders, do you? Do you feel the need to act on every piece of overheard gossip or twitter/facebook post? Dealing with other people's computers should be treated much the same way you treat overheard snippets of conversation on the street. Ignore it and move on.

well.. (0)

Anonymous Coward | about a month and a half ago | (#47589963)

it gets better..wait 'til some higher up comes and asks for a dump of so-and-so's inbox

Re:well.. (1)

1s44c (552956) | about a month and a half ago | (#47590203)

Fix that before it happens. Tell everyone to never use a work email for personal mail. Tell them to get a free webmail account for personal stuff instead.

I've been in your position (5, Insightful)

neiras (723124) | about a month and a half ago | (#47589975)

You can never ignore office politics. You don't have to play the game actively, but you do need to be aware of what's going on around you, who is in what camp, what the major conflicts are. You have to cross battle lines regularly to do your job; you can't afford to be seen as a member of the 'enemy camp' by *anyone*.

As an IT guy you need people to trust you, which means you need to be ethical. If you see something you shouldn't know, don't go chattering about it.That kind of thing does get around, and you'll lose trust instantly.

Nothing's stopping you from making personal career decisions based on the information that you come across in your daily work. For instance, if you see that the company is about to be liquidated and you don't want to be around for the mess, by all means polish your resume and start interviewing. Just don't assume that just because you saw something you have the whole picture. You could end up feeling stupid when the private email you saw turns out to be a deliberate test of your trustworthiness. It does happen.

Keep your mouth shut about the things you see. Look after your career and reputation. Be aware of politics, but abstain from participating wherever possible. After a few years when you have trust and credibility, you can consider climbing the ladder a bit and playing the game - you'll have capital to spend.

Re:I've been in your position (0)

Anonymous Coward | about a month and a half ago | (#47590415)

I love being an outside software consultant. I get to see everybody else's office politics and leave them behind. The downside is... I have no idea what is going on in my own office. And I dont care.

Re:I've been in your position (2)

KevMar (471257) | about a month and a half ago | (#47590595)

In IT we have access to everything and that means that our trust and integrity means everything. We will see things that are very personal, we will know things that are very sensitive, and people will trust us.

If they question our integrity, our trust worthiness, or even our respect for authority then we lose our value to the organization. Once they start to question that, then you won't be able to get it back.

But if you maintain high standards in IT and gain absolute trust from your coworkers and administration, then you can do some amazing things.

Be a Professional (1)

Anonymous Coward | about a month and a half ago | (#47589987)

Regrettably, it seems you have no one to show you what a "professional" is or how to do "excellent" work. I pity you.

Your job is to do IT work. The person, the persons attitude, the person's opinions and beliefs do not preclude their need for good-to-excellent IT work. Do the work and you will please most people. Do, as a previous poster stated, please your boss and the one who signs your check.

If you do a good-to-excellence job, you may have earned the right to answer questions about your person, your opinions and beliefs IF YOU WANT. Even Democrats and Republicans can wholeheartedly agree about things like the local sports teams or colleges. You don't have to talk about everything that enters your head to every other person.

You don't need to be impartial or neutral to do your job.

A sysadmin has a code of ethics. Check SAGA for the official organization's code. The information you receive through actual IT work is not yours. For example, it may be necessary to see stuff that is confidential but it is not your right to disclose it. Keep your mouth shut. It also means that when the manager wants to look at all his employees files, you refuse unless it is a bona fide emergency (and provable). You have to protect the privacy of all the people on your network.

God help you because nobody else is.

Career options ... (0)

Anonymous Coward | about a month and a half ago | (#47590009)

Just about everyone where I work has a foible that makes them unique ... but they know they can trust me to keep it to myself. There's apparently a coffee-machine crowd that talks, and tells each other who can be trusted, without needing to reveal details ... go figure.

If you want to 'advance' in your career, use all the info and dive into office politics, it's the only way.
If you want to be a professional, your work is to enable their work, and the content of mail is none of your business.

risk vs reward (1)

irond (160758) | about a month and a half ago | (#47590023)

You always need to look at the risk vs reward aspect when determing whether or not you should pay attention or stick your head in the dirt. If the potential consequences are high, but reward is little, then stick your head in the dirt. If the consequences are low, but the reward is high, then I would pay attention.

The hard part for you, is determining what really matters to you and what risks are unnaceptable. And this is also highly dependant on what normative ethical system [wikipedia.org] you subscribe to.
 

There's no "grey area" (5, Insightful)

msobkow (48369) | about a month and a half ago | (#47590049)

As an IT professional, you will have access to data that regular employees don't. You keep your mouth shut and you don't snoop. Period. You only look at as much as you have to diagnose and fix problems; the details are irrelevant.

It's called "being professional."

Think of it as the equivalent of lawyer-client or doctor-patient relationships.

Re:There's no "grey area" (1)

irond (160758) | about a month and a half ago | (#47590133)

Legally speaking, and depending on where you live, lawyer-client and doctor-patient relationships have defined limits, and so should "keeping your mouth shut". For example, if I accidently discovered plans, documents, or other communications that would otherwise be in violation of the law, or indicate conspiracy to violate the law. I would speak up. If I could help spare someones pain and suffering, I would speak up.

Sgt. Shultz from Hogan's heroes ... (1)

urbanotter (773128) | about a month and a half ago | (#47590089)

I see nothing ... I hear nothing ...

I'm really hoping you are smarter than that (5, Insightful)

Vip (11172) | about a month and a half ago | (#47590107)

Never get involved with reading others' emails, documents, etc., that you are not required to be privy to.

Never ever let the temptation allow you to see others' performance reviews, salaries, politics. I've seen how it leads to telling someone else and then they become the go to person for information. And if the information is bad and they didn't share it, even though they had no idea, well, they didnt' say that there was a problem, the @$$#013! Hell, I've seen someone with access to the HR database pull up salaries of EVERYONE and share it out. "Oh, can you tell me how much Jason Mcboogerhead is making? What?!? I'm making $1k less?! WTF, time to march off to the manager!!!" [A manager who was stunned at the level of knowledge! AFAIK, no info was given out about how the salary info was found. I found out later when it was offered to me.]

Ignore any overheard conversations, it'll only be a couple of people talking, who knows the truth and what really is going on? You must throw out any info you "accidentally" pick up too. The obvious is the missing context of the info. As a manager, I've had other directors and managers openly talk about staffing, budget, bonuses, performance or lack thereof, in front of me. In all cases I threw away what I heard, after all, all I'm hearing is a snippet of a longer discussion. It's not my business to try to save John's job if he's pissed someone off, so I'm better off not worrying about it.

Sometimes I received a list of users to be locked out of their accounts. The only reasons to receive such a list is that they are being laid-off/let-go or in a heap of trouble. I never shared such a list with anyone. It was given to me, as a manager, in confidence. Keep that confidence. Even after the firing, I still didn't tell anyone, there's no point or net positive to be gained.

In another instance I was at a company that changed their HR such that you logged into a page, and it told you your salary, OT rates, etc. You could print your confirmation of employment for loans and such there too. But there was a bug. This bug allowed me to view everyone's salary, their bank account info and some other stuff in a nice neat chart. I immediately picked up the phone and called head office IT Security and talked them through the bug. They fixed it, phoned me back to test with me on the phone, thanked me and sent off a thank you cc'd to my manager, director, etc., praising my immediate response and "help" in fixing it.

What I didn't do was say, "Hey everybody, look at this!" and print it off, etc. Nor did I read further than a few lines and then remove it from my screen. To this day, I run into some of the higher-ups from then from time to time, they still remember me, who I was, only because of that email and that to them I was trustworthy.

It's not up to you to solve office politics, who said what to whom, or anything else. You are there to do IT. So do it and maintain your dignity and professionalism and just don't even think of looking.

You, and hopefully everyone else, will hopefully see that you are in a position of trust. You are trusted by many to keep secrets. If you can do that, it only helps your reputation. If someone can actually say you are trustworthy in your IT job then you've accomplished a lot and it only helps down the road when you want to switch jobs.

Vip

So this is how it works (1)

Anonymous Coward | about a month and a half ago | (#47590111)

In either case: how do you deal with the possibility of accidentally learning something you're not supposed to know? E.g. troubleshooting a user's email program when they've left sensitive/eyes-only emails open on their workstation.

Pretty simple really. To do your job professionally and ethically, you avoid discovering sensitive information to the greatest extent. If the situation truly needs exposing you to private information or, you do it accidentally, you keep your mouth shut about it.

Unless, of course, you are someone eating fish tacos inside an NSA control room and delightfully reading all the data that passes through.

Have you ever thought about going to the darkside? (0)

Anonymous Coward | about a month and a half ago | (#47590159)

I have a friend who was in a government IT position and was sometimes required to investigate people for misconduct and ultimately get them fired or jailed. It was basically his job to snoop and it weighed on him very hard. He ended up going working at a little, low stress computer repair shop for about 100k less and was happier for it.

Me, on the other hand :) I always remind people that I don't want to know what they are doing on their computer, and if I do come across something I can't unsee it will stay with me. The implication here is that I'm cool and just want to help them, but in the very back of their minds they know that I AM NOT TO BE FUCKED WITH, because I have a firm grip on all their secrets/balls. This unspoken understanding has kept me employed and duely respected for 17 years in IT now. I've been told many times that I would be pretty dangerous if I decided to use my skills for evil, and I'm always like: "Yah, never forget that. Please don't hesitate to call me if their is anything I can do for you and I hope you have a splendiforous day!"

The mind is a dangerous thing (1)

gwstuff (2067112) | about a month and a half ago | (#47590165)

Just for fun, answer this question and quickly move on to reading the rest of my post. Explanation at the end.

"HOW MANY animals of EACH KIND did Moses take on the Ark?"

The mind is a dangerous thing when presented with incomplete information -- it just extrapolates it, sometimes even substituting the incomplete original version with the extrapolated raw version. You might *think* you saw something noteworthy, but it was only your mind showing you a rabbit on the moon.

This is one of the chief values of privacy - to be able to keep information that was meant for your perspective, and is not ready to show to the outside world, to yourself.

So I would say ask yourself this question: Is there any ambiguity in your mind about your anticipation of the needless loss of life or property based on what you have seen. If there is, then the benefit of doubt goes to the person you spied on. Consider what you saw as an aberration... mangled data that cannot be trusted.

As for that question - Did you answer two? It was Noah, not Moses who gathered animals on an Ark.

Ignore it (1)

1s44c (552956) | about a month and a half ago | (#47590175)

If you were not officially told then ignore it.

Don't backstab anyone. Don't read anything without permission. Don't get involved in anyone's infighting. Do your best to help all your customers, even if they are trying to undermine you. Play politics only as much as you have to, people will try to play you. You have to be aware of it and respond tactfully.

Your duty to report serious criminality overrides these rules. Your duty to report gross immorality may override these rules, you have to decide that one based on what you believe in.

Wow. . . . genuinely surprised. (-1)

Anonymous Coward | about a month and a half ago | (#47590221)

Most posts here are encouraging an IT code of chivalry, or something.

This seems ridiculous, to me, as I sit on the other side of the fence (management).

Being professional does not mean being an ostrich. Being professional means that I don't care if you are gay, or diddling your wife's (or husband's) best friend, or that there is a YouTube video of you painting in your underwear.

Being professional means that during work hours, I/you/we work to the benefit of the company, and ultimately the shareholders, as best as possible, while maintaining high ethical standards. Also, that nothing you do in or out of work substantially harms the company.

This does not mean that you run to your boss every time something fishy turns up, or jump into the water cooler politics pool, or likewise.

As the IT department, however, it is part of your job to enforce company rules on the network, particularly at smaller entities without compliance or security officers. This means: a) trying to protect corporate secrets; including both inadvertent and intended disclosures of information; b) documenting evidence of malicious or illegal conduct; c) monitoring of communications to ensure that they are in compliance with corporate policies.

Employees have NO "right" to privacy or free speech in the workplace, the same way that team mates have no right to do whatever they want on the field.

A good company has channels and forums for complaints, whistleblowing, and airing of grievances and ideas. Sending out emails about your evil boss to the local paper is not one of them, and is something that you should be on the look out for.

As are the more common malicious activities, such as doing something to benefit a competitor/customer/supplier as employees try to secure a better position.

Again, in a well run company, management tries to keep these things to a minimum by keeping people happy, but there are always disgruntled people, and sometimes they fly under the radar.

If you are the lone or senior IT person, you are literally the guardian and caretaker of the companies's INFORMATION systems, upon which the companies most valuable asset is kept, information. Generally, the companies second most valuable asset, process and procedure, is integrated with, and possibly managed by, IT.

There is a reason most well run companies elevate their IT personal to near top tier positions; because the company generally cannot be managed without well run systems.

My advice? Act like this stuff is really important. Remember the fishy things you see, but file them away. Proactively suggest to management about a monitoring system to catch this sort of thing, and at the same time, be fair to your users by publishing the policies under which these systems work.

Be professional, in that you look at your job to contribute value to the company; how can your work contribute to the goals and mission of the entity. Don't just think of yourself as a box herder. You are responsible of the most important thing at the company, Information! What you trade in is as important as what the accounting/financial guys do, if not more important.

CYA (0)

Anonymous Coward | about a month and a half ago | (#47590247)

Cover your ass.

Explain to a user before working on their system that they should close all content (not just E-mail) and that they should save as appropriate to ensure data loss protection. This way, you can also reboot their system as necessary, and if ever something comes back regarding eyes only material, you can say you asked the user to close all content before working on the machine and that this is your personal policy to prevent such situations.

Ostriches sometimes, yes (3, Insightful)

Trepidity (597) | about a month and a half ago | (#47590255)

Other animals that IT personnel may impersonate include canaries and guinea pigs.

Rules for IT is "IT Rules". (0)

140Mandak262Jamuna (970587) | about a month and a half ago | (#47590267)

The main goal of IT is to provide security to the company network. You must accomplish this by any means necessary. If it means stopping every one else from doing their job, so be it. Stop them. Most of these dim wits who think they are working, always create problems for IT. For IT to be efficient they have to be stopped. So stop them.

Once you have established the rule, "IT rules", most people will cower before you and try to get their work done without offending you or getting on the wrong side of you. That means you can celebrate "Mission Accomplished". Your company will have a few that know how networks work and know a smattering of knowledge about Unix or Linux. They might have even served as root of some lab or the other in the grad school. Find them, stop them completely on their tracks. Thwart every one of their moves. Either they leave you alone, or the leave the company. I T should have unquestioned authority over the corporate infrastructure, and ideally there should be no one in the company capable of questioning you.

So the rules for IT is "IT Rules".

You are not Switzerland (0)

Anonymous Coward | about a month and a half ago | (#47590299)

> Do you find yourself deliberately ignoring office politics

It's a slow form of career suicide. The corollary of being neutral is that there are few, if any, people in the higher echelons on your side when it comes to promotions, good assignments, and layoffs.

Information Is Power (0)

Anonymous Coward | about a month and a half ago | (#47590311)

From the 1940s through the 1960s do you know who the most powerful and feared man in Washington was? It sure as hell wasn't the President, or any congresscritter. It was J. Edgar Hoover. This was a man in a position to dig up dirt on anyone and everyone. Every politician from Presidents to lowly clerks feared crossing him for what what he knew could end careers. Many People believe that he may or may not have ordered the assassinations of many high profile figures in the 60s.

The point is use that information for your own benefit. Don't share it, and don't use it unless absolutely necessary. Wait for the right moments to strike. You are in a prime position to find the key players, make friends on all sides and play them against each other. If you play your cards right, in a short period of time, you should have a prime high-paying, do-nothing executive position and nobody would dare fire you.

Also, read some Nicollo Machiavelli some time. Great stuff!

part of the job (1)

markdavis (642305) | about a month and a half ago | (#47590323)

First, I wouldn't say a "50ish" people company is "mid-sized" :) But that isn't really your question.

I can only speak for myself- I can and do see things that are confidential. It is pretty much impossible for me not to. I deal with it by focusing only on my work. Most of the time I don't even really "see" what it is I am looking at... intentionally glancing away or closing things that are not part of the scope of my assistance. Unfortunately that doesn't always work and am exposed to things that get "registered" in my mind. Sometimes I see things that are disappointing or disturbing... but it is my job to retain confidentiality; that is part of being a professional.

The hard parts come when/if I see something that is:

1) Against our IT policies (mostly security practices)
2) Against company policy
3) Against the law
4) Immoral

Thankfully, after doing this for 27+ years, I have yet to consciously run into anything illegal or immoral. I have run into things against policy and there have been times I had to report it or deal with it... just depends on how severe it was.

Think of it this way- it could be MUCH worse... you could be a defense lawyer.

Explains all the introverts.... (1)

djsmiley (752149) | about a month and a half ago | (#47590335)

Well most of us are introverts, maybe thats why we end up with these roles. So yes.

Ignore it and move on (1)

Virtucon (127420) | about a month and a half ago | (#47590371)

Don't read it even if you inadvertently see it. Don't repeat things you may have overheard or seen. Testicles, Spectacles, Wallet and Watch all apply.

Once again... (0)

Anonymous Coward | about a month and a half ago | (#47590377)

Slashdot Beta really sucks. Please...stop trying to f up Slashdot. Everyone, everyone hates it. People who have never seen a computer hate it. For the sake of the world, end this pointless and reckless project.

Tell me more, tell me more (1)

Tablizer (95088) | about a month and a half ago | (#47590447)

So tell us, what's it like working there at the NSA?

a cautionary tale (1)

John_Sauter (595980) | about a month and a half ago | (#47590467)

There is a lot of good advice here, so let me add a cautionary tale. I used to work for a local government as their “computer guy”. I got a call from a user who was unable to watch some video he had on a thumb drive. As part of diagnosing the problem, I logged in to his computer using my own account, copied the contents of the thumb drive to the hard disk, and played it from there. It turned out that playing the video worked from the hard drive and the rear USB connector, but not from the front. I told him this and closed the call, but didn't delete the video from his hard drive. I noted the call in my log, but didn't mention that the video was pornographic.

Much later, about a year after I my employment had been terminated, I got a call from the town's police. One of the detectives wanted to talk to me, and asked me to drop by the police station. It seems that someone had discovered that this user had been watching porn on his computer, and when they examined his computer they found that same porn on his hard drive, under my name. They gave me the third degree, wanting me to admit that I had been the source of the porm. I suspect they wanted me to be the scapegoat, since I was no longer an employee.

I acted calm, pleasant, truthful and stupid. They told me that I could be in big trouble if I didn't cooperate, and I responded by saying if I lied in order to tell them what they wanted to hear, in the long run I would get confused about what lies I had told, and get caught in a contradiction. Of course, it helped that they all knew me, so I had credibility when it came to being stupid. It also helped that these were small-town cops; I probably wouldn't last five minutes in an NYPD interrogation room.

This happened more than five years ago, and I haven't heard anything about it since.

yes and no (1)

adwww (3773285) | about a month and a half ago | (#47590493)

Welcome to the club, it's such a strange position and one that gives us much more de facto power than one would think at first glance. As the systems grew over time from fancy calculators to automating all business processes this issue creeped in and many organizations haven't addressed it directly. Yes you should attempt to be as impartial as possible. However you should consider a serious discussion with your direct supervisor about the reality of having access to all company data. I would go into that meeting with some options you find palatable like: I won't involve myself or notify you unless it's a violation of the organization's fair use policy (which I hope you have). That policy should eliminate any possible crime or directly harmful behavior from a grey area. It is a delicate area but everyone in the organization should be made aware that the systems don't belong to them (likely in the non-profit sector they belong the public with the board as decision makers) and may be actively monitored at any time. This has nothing to do with you directly it's a reality of all modern networks and email. The policy should be clear enough to communicate to all employees so they are aware of your duty. All of this is especially difficult in dysfunctional political environments but I've never had a problem letting them establish the rules and applying them fairly. These matters should be communicated with all the top management and board President if applicable. What they choose to do with their careers isn't our affair unless they misuse the systems or break rules we are responsible for monitoring. I've been primary IT for several non-profits and served many small and medium sized organizations in a similar capacity since 1994.

Some common sense (1)

Livius (318358) | about a month and a half ago | (#47590495)

The problem with reading an e-mail that's incriminating is that it may be out of context. If you do not have the knowledge required to fully understand the implications of the data, then there really is nothing you can do.

For example, at one job I have access to medical files, but I am not the doctor treating the patient and I am not in a position to judge anything about a patient no matter what information I might see. A man could be prescribed Viagra because of a heart condition, or a woman the pill because of the uterine condition.

If something does unambiguously require some initiative from you, you'll know. And when that happens pay for a consultation with your own lawyer before doing anything.

Mouth Closed plus Education (1)

QA (146189) | about a month and a half ago | (#47590503)

This would be a good time to subtly remind your users, or at least the higher up ones that they should never put something in an email they would be afraid to see in court, or directly read to the recipient, face to face. In the same conversation, you would mention that due to your job, you have access to everyone's email account (as you must) because SOMEONE has to administer it.

You cannot evade office politics, ever. Just don't do stupid things like buy a new hire a 27" Dell Ultrasharp while your bosses son in accounting is using a 19" Chinese knockoff. Common sense.

Don't take sides, remain neutral when Sally tells you what an asshole Bill is. DO NOT run over to Bill and tell him. That is what Sally wants.Eventually the peons will stop and perhaps your boss will realize he can share something with you, without the entire company knowing 5 minutes later. Common sense.

Dont play favorites. If the biggest dick head in the company needs a new workstation, get it for him. If you dont, you are only hurting your company, not the dick head.

I could continue, but you probably get the drift by now.

Do you find yourself deliberately ignoring..... (0)

Anonymous Coward | about a month and a half ago | (#47590509)

YES!
You have privileged access, but that is NOT a privilege to read/discuss/gossip about things you see and hear.

The practical answer. (1)

pla (258480) | about a month and a half ago | (#47590537)

We have an awfully lot of boy-scouts in this discussion, and while I only believe about 10% of them, they do actually give the right answer if for the wrong reasons.

The real problem with knowing things you shouldn't comes from your (in)ability to act on them, and the risk of accidentally letting something slip at the worst possible time.

Consider the best possible case - You find out about a major organizational change, and have some ability to position yourself to exploit it. That happens once a decade, at best, and a lot can go wrong (while you position yourself to take over as the regional director of IT after a merger, you later learn that the buying company plans to 100% centralize their IT infrastructure and you don't even have a job - Or the exact opposite, you start looking for a new job and later learn that those employees who stuck it out through the merger got some insane multi-year severance package).

Now consider the worst case - You company's stage four drug looks awesome, highly effective with low side effects, and the FDA will rule on approving it next week. You buy a shitload of stock. Option 1) The FDA approves it, you make a fortune, and the SEC immediately starts breathing down your neck. Option 2) the FDA rejects it for unknown reasons, and you take a bath.

Basically, your FP has the right idea - Play ostrich. Every time you visit Joe's computer, he has facebook/youtube/a game up and you have to clean out hundreds of porn-related spyware sites? You see nothing. Who cares about Joe - Best for your sanity.

Professionalism. (5, Interesting)

ledow (319597) | about a month and a half ago | (#47590543)

In my field, education, it's quite common for the IT guy to be the one with absolute access to more things than anyone else. Nobody else, not even the data-protection officer, or the people on the senior management team, or the people ultimately in charge of the school (the heads and governors) has as much access to information as the IT guy.

Senior-management team files, HR databases, etc. are part and parcel of the job. The web filter logs are generally very revealing and, hence, why I anonymise them by default (Usually squid logs - which only contain source IP addresses, which can only be correlated to a machine using the DHCP logs, which can only be correlated to a user using the Windows event logs on the AD servers - NOT something you can do accidentally, but also allows you to analyse, spot trends and find dodgy things without immediately revealing the source. When I come upon something that worries me, I go to my boss, ask permission to de-anonymise those records, provide them with my results. I've had to do it a couple of times and it turned out to be nothing, but I've also worked with colleagues who've spotted a paedophile on the staff that way and got them prosecuted).

Despite all that data access, tou don't look. It's that simple. If I'm asked to work on a confidential file or database, that's what you do. It's just data. What you see is just numbers and letters and then forgotten. You do not dig. Not only are there alerts and warnings for digging into certain things (and I don't want to KNOW what triggers those alerts or warnings necessarily, but I know that they are in place on the MIS databases, for example - I only trigger them when it's been part of my job to go into that part of the databases), but it's a matter of professionalism.

If I become "exposed" to salary details, or witness protection details (children in schools rarely have as simple a home life as they might at first appear to have), or that some child's father is a Colonel in the Army who's asked for his address details to be maintained private, or whatever... that's what you do. You're not there to suck up data, you just treat it like anything else and move on.

If I suspect illegal activity - there's a lot of activity you CANNOT ignore in a school - I'd go through the proper channels and report it however I'm supposed to. It came up as part of my job, it's not like I was snooping for it.

I *STILL*, fifteen years into my career, look away when I ask people to set their passwords. I don't WANT to know. I want the deniability if someone gets into their account to say "There is no way I could know their password, without triggering a reset of their account, which would lock them out and inform them immediately anyway". My boss keeps trying to tell me his password "to save time". I don't want it. With it, I could - in theory - change my own salary, or modify any amount of details. Chances are it would get picked up eventually but if you were clever enough, you could get away with an awful lot very quickly, or very discretely.

Hence, I don't WANT to know those things. I choose to forget them, unless there is a reason to immediately report them. I suggest you get into the habit of doing the same.

I've been in exactly your position. (4, Interesting)

hey! (33014) | about a month and a half ago | (#47590557)

Long, long ago, early in my career, I spent about fifteen years in the non-profit sector.

You don't ignore office politics, but you don't take sides either unless there is a crisis brewing -- something illegal, highly unethical, or financially dangerous. When you work in IT, you're in a "support" position, rather than a "line" position. Your job is to support. So when there's a big pissing match between two line functions, your job is to support *both* sides.

Often this means documenting business processes that sort of evolved via the lava flow antipattern; 50ish is the size where things start to get out of hand, because it's the size where the amateurishly hacked-together processes that keep the organization running start to break down because everyone can't be aware of everything that's going on in detail, in real-time. Make it your business to understand what business systems (not necessarily computer systems) *accomplish*. That puts you in a position to offer a third way, the one that emerges as obvious to everyone once somebody has figured out what's actually going on.

It's supposedly hard to implement changes in non-profits because of the consensus-driven decision making processes, but I found that I could make that process work for me. Lack of understanding is a vacuum; presented with a clear picture people usually line up behind the obvious solution quickly. But you do have to do your homework. Never surprise anyone with anything in a meeting. Bring people up to speed with things you're going to say about their work *before* the meeting so they don't feel blind-sided.

In a crisis be prepared to do the right thing. If you're in a non-profit they're paying you below market rates, so you can do better elsewhere. There is no call for getting yourself sucked into something that offends your self-respect. I resigned one job because my superior (the COO) was doing things that were financially reckless and improper (spending without proper authorization). I informed the CEO in my exit interview. That was my solution to the problem of not getting drawn into a persistent pattern of dysfunction.

When you handle sensitive information, just ask yourself what is the professional thing to do? Be discreet. Resist the temptation to peek at data, and when you *do* accidentally learn something you're not supposed to know, disclose that to the responsible parties. Be trustworthy, and present a trustworthy face.

Finally, don't let them pay you far below the market rate for your services, and expect a really good benefits package, including 1.5x to 2x the vacation you'd get in a for-profit. Insist on the respect due a professional. Non-profits are full of young people who haven't learned that the IT guy isn't there to be kicked around when they're frustrated, and the fact that you're in a support position rather than a more glamorous line position doesn't make your work any less important.

NYJ! (1)

Chas (5144) | about a month and a half ago | (#47590579)

As an IT worker, your job is to see that the company assets you are assigned are functional and delivering proper service to end users.

It is NOT your job to audit the company's books.
It is NOT your job to Big Brother company e-mail (unless it is).
It is NOT your job to run the company.
It is NOT your job to set business policy for the company.

This is what they have financial wonks, sales wonks and managerial types for.

You never know when something you see "accidentally" is:

A) Blown out of proportion
B) A test
C) Misleading
D) Legit

So going all "I've locked myself into the server room and am calling the police!" could be both wildly inappropriate AND career-ending.

Sure, you don't want to aid, nor abet immoral/criminal activity.

But it isn't your job to arbitrarily decide what that is!

Now, if the feds come knocking on your door, asking for data, go ahead! At that point, you're pretty much safe.

Until then, you're simply a disruptive influence to the company that needs to be let go.

Secretaries (5, Insightful)

patabongo (842730) | about a month and a half ago | (#47590593)

If a secretary with no professional qualifications can take minutes in a senior management meeting and maintain confidentiality about what was said there's no reason you, as a theoretically highly-educated IT worker, can't do the same about the content of emails you happen to read in the course of doing your job.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>