remember the WSJ article...?

[goose-entity.livejournal.com]

This one - http://community.livejournal.com/techsupport/1450953.html - ?

I emailed the author to say " If you were being strictly accurate, you should have sub-titled it
"Ten sure ways to get yourself fired with extreme prejudice"."


.. she emailed me back...

**********************************************************************
Hi goose_entity,
Thanks for the candid feedback. As it turns out, I think there might be room for a follow-up story on things IT departments wish employees knew. Want to take a stab at offering some thoughts on this? I'm looking for specific tips - along the lines of the last story - highlighting what people can do to keep themselves and their companies secure and prevent legal and regulatory trouble. I would especially welcome any horror stories you can offer that illustrate why these tips are important.
Along with the note, can you confirm your full name, your location, the full name of your firm and your title there?
Let me know what you think, and thanks, in advance,
V
**********************************************************************


...!!!

Wow, Clue is still in the WSJ!


EDIT TO ADD
Another reply from V -
I appreciate it! To be clear, I'm looking for specific helpful tips
along the lines of the last story - simple things employees can do to
keep themselves and their companies safe, rather than general
information about IT security. Thanks very much, V
************************************

So, anyone got anything they would like to share? If you leave a comment here I will treat your comment as anonymous when sending it on, unless you say otherwise.

Comments

[falnfenix]

nice. very nice.

[ptomblin-lj.livejournal.com]

I just got the same letter.

[falnfenix]

i do wonder, however, if you will be paid for your ideas...?

[goose-entity.livejournal.com]

I can honestly say that this had not crossed my mind. I am more interested in dispelling myths than in some financial reward.

Knowing that I have contributed to lowered blood pressure in my fellow sysadmins is enough reward for me.

[falnfenix]

fair enough. :)

[goose-entity.livejournal.com]

I will, in fact, go so far as to say that *if* I get any financial reward from WSJ I will donate it to my local do-not-kill animal shelter :)

[outcastspice.livejournal.com]

i dont have anything useful to share (i do domain admin, so the best i could do is tell people that if their domain is crucial to their business, please research before making changes, and don't forget to renew it). anyways the purpose of this comment is to say dude, that rocks! you should totally write back, get yourself into the WSJ! and then frame a copy!

also, please post if something comes of it :)

[falnfenix]

i think my icon says it all...

[prozacnation.livejournal.com]

I emailed her too and got this response:

Thanks for the candid feedback. As it turns out, I think there might be room for a follow-up story on things IT departments wish employees knew. Want to take a stab at offering some thoughts on this? I’m looking for specific tips – along the lines of the last story – highlighting what people can do to keep themselves and their companies secure and prevent legal and regulatory trouble. I would especially welcome any horror stories you can offer that illustrate why these tips are important.

Along with the note, can you confirm your full name, your location, the full name of your firm and your title there?

Let me know what you think, and thanks, in advance,

Vauhini

--------------

I wonder if she's aware of the WSJ's computer policies while she's on the network.





Vauhini Vara
Reporter, The Wall Street Journal
vauhini.vara@wsj.com
415-765-8281 (desk)
206-423-3232 (cell)

[goose-entity.livejournal.com]

*points to icon* :)

[falnfenix]

and mine...hee

[mashiroikaze.livejournal.com]

One thing I would suggest is discussing the importance of proper backups. This means having a copy on the servers, as well as keeping a local copy of important files in case the servers go down. I've been trying to get my customers to do this for a while now.

And while my office doesn't do filtering for apps (man, I wish we did), it might be helpful to explain why companies prohibit applications such as P2P software (backdoors into the network, easy vector for viruses, easy target for lawsuits).

I can provide more info on these ideas if desired, and wouldn't mind being attributed or quoted - contact me if more info is desired at my username at gmail.com. Not that I'm after publicity, but I also don't have a problem being a quoted source - can't hurt when I start looking for a new job.

[goose-entity.livejournal.com]

aww! Fluffball!

[falnfenix]

yes...his tail is particularly fluffy. he enjoys reminding me by stuffing it in my mouth or up my nose while i'm attempting to talk to him.

the little brat...heh.

[jamoche]

My question is- why do some software development companies *not* let developers be local admins? I can see it for sales guys (it's *always* a sales guy who plugs his virus-infected laptop into the net and brings down the company; I'd bet it even happens with virus software salesguys) but developers? I had a Solaris box *under my desk* but I wasn't allowed to have the root password - so I couldn't shut it down nicely, but I could *yank the power cord*. Yeah, that works.

[squigit.livejournal.com]

Because they don't trust the devs not to destroy it, and install harmful software just like anyone else.


Personally, I set up a separate VLAN for all the machines where the users are local admin, and monitor the outgoing traffic much a much finer comb. Even better is to have a 2 machines, one on the VLAN, and one locked down one thats on the regular lan.

[jamoche]

I'd have been totally happy to have root access and no outgoing traffic at all - it was a dev machine, all it needed to talk to was the source code server. This was not a company known for their logic; I think I actually did have admin access on the PC, but the PC was just for mail and slashdot.

[ihateemo.livejournal.com]

I love your icon.

[ihateemo.livejournal.com]

Haha, unless your company looks down on its employees speaking to the press without authorisation (the company I work for - think orange - would pitch a fit if I did that).

[ihateemo.livejournal.com]

My thoughts:

- Don't write your passwords down on post-it notes and leave next to your workstation
- Don't print something out and take it to someone if you can e-mail it to them
- Don't install software on your laptop unless there is a genuine business need
- If you think you screwed something up...SAY SOMETHING or you'll make it worse

Better yet:

- Go back to waiting tables, you're too stupid to be around computers. :)

off the top of my head

[yndy.livejournal.com]

Top 5 Luser Tips
---------------------

1) Always lock your workstation when you step away - CTRL/ALT/DEL enter takes less than 2 seconds - seriously, it's not rocket science.

2) Never give your password to anyone - not the temp, not your secretary, not the guy on the phone telling you he's from IT - if it's an IT person, they either have admin rights or can reset your password if necessary, or at the worst will have you type it in, anyone else needs to have their own password and access. Sharing passwords is like sharing a condom.

3) Don't put your frakking password on a yellow sticky note under your mouse pad, under your keyboard, or in the desk drawer.

4) Never ever ever click on "okay" or "yes" or "install" unless you have a clue what the little popup box is actually saying - if you don't, either click "no" or "cancel" or call your IT person to see what the heck that is

5) Yes, that must be a funny thing your a/best friend/ex-coworker sent you - look at how many other people 'fwd: fwd: fwd:'ed it too! But if it's an attachment that isn't business related? DON'T OPEN IT! Because when it turns out to be a worm, or a trojan, or porn or all of the above rather than a singing puppy, you are screwed.

Re: off the top of my head

[japester.livejournal.com]

windows-key + L for screen locking. it's quicker and possibly easier to remember.

and my big bug bear. Keep work email distinct and separate from personal email. That means get a yahoo/gmail/aol account and use it for your personal mail. Do not use your work address. 4 words. We. Read. Your. Email.
Company time means company work. You're not being paid to read emails from you long lost brother's twin salamander.

[japester.livejournal.com]

For xDSL users:
If you're running a (home) business get a business grade account!
With SLAs!
and QoS!
don't be a cheapskate.

Re: off the top of my head

[mariasama16.livejournal.com]

As an addendum to #1, since my computer tends to be slow about bringing up the option to actually lock the computer, I find winkey + l to be faster :)

Re: off the top of my head

[mariasama16.livejournal.com]

Well crud, the long call that didn't quite fix the user's problem, but at least let him get the time-sensitive work done (while the actual problem got routed up), meant I didn't suggest this sooner. Oh well, them's the breaks.