remember the WSJ article...?

[goose-entity.livejournal.com]

This one - http://community.livejournal.com/techsupport/1450953.html - ?

I emailed the author to say " If you were being strictly accurate, you should have sub-titled it
"Ten sure ways to get yourself fired with extreme prejudice"."


.. she emailed me back...

**********************************************************************
Hi goose_entity,
Thanks for the candid feedback. As it turns out, I think there might be room for a follow-up story on things IT departments wish employees knew. Want to take a stab at offering some thoughts on this? I'm looking for specific tips - along the lines of the last story - highlighting what people can do to keep themselves and their companies secure and prevent legal and regulatory trouble. I would especially welcome any horror stories you can offer that illustrate why these tips are important.
Along with the note, can you confirm your full name, your location, the full name of your firm and your title there?
Let me know what you think, and thanks, in advance,
V
**********************************************************************


...!!!

Wow, Clue is still in the WSJ!


EDIT TO ADD
Another reply from V -
I appreciate it! To be clear, I'm looking for specific helpful tips
along the lines of the last story - simple things employees can do to
keep themselves and their companies safe, rather than general
information about IT security. Thanks very much, V
************************************

So, anyone got anything they would like to share? If you leave a comment here I will treat your comment as anonymous when sending it on, unless you say otherwise.

Comments

[falnfenix]

nice. very nice.

[ptomblin-lj.livejournal.com]

I just got the same letter.

[falnfenix]

i do wonder, however, if you will be paid for your ideas...?

[goose-entity.livejournal.com]

I can honestly say that this had not crossed my mind. I am more interested in dispelling myths than in some financial reward.

Knowing that I have contributed to lowered blood pressure in my fellow sysadmins is enough reward for me.

[falnfenix]

fair enough. :)

[outcastspice.livejournal.com]

i dont have anything useful to share (i do domain admin, so the best i could do is tell people that if their domain is crucial to their business, please research before making changes, and don't forget to renew it). anyways the purpose of this comment is to say dude, that rocks! you should totally write back, get yourself into the WSJ! and then frame a copy!

also, please post if something comes of it :)

[ihateemo.livejournal.com]

I love your icon.

[outcastspice.livejournal.com]

thanks :) i'ts based on a comic from http://www.qwantz.com.

[prozacnation.livejournal.com]

I emailed her too and got this response:

Thanks for the candid feedback. As it turns out, I think there might be room for a follow-up story on things IT departments wish employees knew. Want to take a stab at offering some thoughts on this? I’m looking for specific tips – along the lines of the last story – highlighting what people can do to keep themselves and their companies secure and prevent legal and regulatory trouble. I would especially welcome any horror stories you can offer that illustrate why these tips are important.

Along with the note, can you confirm your full name, your location, the full name of your firm and your title there?

Let me know what you think, and thanks, in advance,

Vauhini

--------------

I wonder if she's aware of the WSJ's computer policies while she's on the network.





Vauhini Vara
Reporter, The Wall Street Journal
vauhini.vara@wsj.com
415-765-8281 (desk)
206-423-3232 (cell)

[jamoche]

My question is- why do some software development companies *not* let developers be local admins? I can see it for sales guys (it's *always* a sales guy who plugs his virus-infected laptop into the net and brings down the company; I'd bet it even happens with virus software salesguys) but developers? I had a Solaris box *under my desk* but I wasn't allowed to have the root password - so I couldn't shut it down nicely, but I could *yank the power cord*. Yeah, that works.

[squigit.livejournal.com]

Because they don't trust the devs not to destroy it, and install harmful software just like anyone else.


Personally, I set up a separate VLAN for all the machines where the users are local admin, and monitor the outgoing traffic much a much finer comb. Even better is to have a 2 machines, one on the VLAN, and one locked down one thats on the regular lan.

[mashiroikaze.livejournal.com]

One thing I would suggest is discussing the importance of proper backups. This means having a copy on the servers, as well as keeping a local copy of important files in case the servers go down. I've been trying to get my customers to do this for a while now.

And while my office doesn't do filtering for apps (man, I wish we did), it might be helpful to explain why companies prohibit applications such as P2P software (backdoors into the network, easy vector for viruses, easy target for lawsuits).

I can provide more info on these ideas if desired, and wouldn't mind being attributed or quoted - contact me if more info is desired at my username at gmail.com. Not that I'm after publicity, but I also don't have a problem being a quoted source - can't hurt when I start looking for a new job.

[ihateemo.livejournal.com]

Haha, unless your company looks down on its employees speaking to the press without authorisation (the company I work for - think orange - would pitch a fit if I did that).

[ihateemo.livejournal.com]

My thoughts:

- Don't write your passwords down on post-it notes and leave next to your workstation
- Don't print something out and take it to someone if you can e-mail it to them
- Don't install software on your laptop unless there is a genuine business need
- If you think you screwed something up...SAY SOMETHING or you'll make it worse

Better yet:

- Go back to waiting tables, you're too stupid to be around computers. :)

[licon.livejournal.com]

Don't print something out and take it to someone if you can e-mail it to them

I actually disagree with this, depending where you're working. I work at a university and would much rather have someone hand me a printout than email the details - all too often, the details include items like SSN, student number, employee number, DOB, name or any combination of them. And no matter how much I ask people not to email them... they do it anyway.

off the top of my head

[yndy.livejournal.com]

Top 5 Luser Tips
---------------------

1) Always lock your workstation when you step away - CTRL/ALT/DEL enter takes less than 2 seconds - seriously, it's not rocket science.

2) Never give your password to anyone - not the temp, not your secretary, not the guy on the phone telling you he's from IT - if it's an IT person, they either have admin rights or can reset your password if necessary, or at the worst will have you type it in, anyone else needs to have their own password and access. Sharing passwords is like sharing a condom.

3) Don't put your frakking password on a yellow sticky note under your mouse pad, under your keyboard, or in the desk drawer.

4) Never ever ever click on "okay" or "yes" or "install" unless you have a clue what the little popup box is actually saying - if you don't, either click "no" or "cancel" or call your IT person to see what the heck that is

5) Yes, that must be a funny thing your a/best friend/ex-coworker sent you - look at how many other people 'fwd: fwd: fwd:'ed it too! But if it's an attachment that isn't business related? DON'T OPEN IT! Because when it turns out to be a worm, or a trojan, or porn or all of the above rather than a singing puppy, you are screwed.

Re: off the top of my head

[japester.livejournal.com]

windows-key + L for screen locking. it's quicker and possibly easier to remember.

and my big bug bear. Keep work email distinct and separate from personal email. That means get a yahoo/gmail/aol account and use it for your personal mail. Do not use your work address. 4 words. We. Read. Your. Email.
Company time means company work. You're not being paid to read emails from you long lost brother's twin salamander.

Re: off the top of my head

[mariasama16.livejournal.com]

As an addendum to #1, since my computer tends to be slow about bringing up the option to actually lock the computer, I find winkey + l to be faster :)

Re: off the top of my head

[neferde.livejournal.com]

RE: #1

This was drilled into me at my last government job. Despite being in a secured access building the very real possibility existed that not only could someone look at our screens and see confidential information, but (as I witnessed more than once) if someone left their workstation unlocked and their helpdesk phone rang someone else would just plop into their chair and take the call, entering all the information into the unlocked computer. Since the computer logged who entered/changed information based on the initial login you can imagine the utter mess that resulted when inappropriate comments or inaccurate information was posted by someone who was, in their words, just trying to help.

[japester.livejournal.com]

For xDSL users:
If you're running a (home) business get a business grade account!
With SLAs!
and QoS!
don't be a cheapskate.

[irishmasms.livejournal.com]

http://www.cert.org/tech_tips/home_networks.html
and
http://www.cert.org/homeusers/HomeComputerSecurity/

[ihateemo.livejournal.com]

Oh yeah, and don't lie about your project deadlines in order to get me to prioritise you over other, more important things I'm working on.

[gracewanderer.livejournal.com]

I think one of the biggest things - and I glanced over the responses and didn't see it - would be a bit on how to talk to IT about issues. For example:

If you think you screwed up, admit it. We're going to find out anyway, and it will lower our blood pressure and make us like you if you can fess up.

Try not to dwell on the fact that you "know nothing". Trust me, we can tell.

When asked a question, answer directly and honestly. Do not give a ten minute story about your cat. Yes or no is best.

That kind of thing.

[ateji.livejournal.com]

When asked a question, answer directly and honestly. Do not give a ten minute story about your cat. Yes or no is best.

Knowing the difference between a yes or no question and one asking for further information is a valuable, wonderful skill.