I'm gonna say... boredom?

Boredom.

Well the ADD has to get focussed somewhere,and it's more rewarding researching ways to get round a firewall that it is doing *actual* work.

Because you have dumbass employees who intentionally disregard security and an IT staff who can't or won't prevent it.

Note: The solution to employees doing stupid stuff is not to let them do stupid stuff. It's to get better employees. Get a better IT staff or fire the employees who intentionally circumvent security policy. Solved.

Wife's job has an aggressive policy about "no installing anything" on your work computer. IT scans each computer remotely each night, and if there's new software installed, you're gone. They lose about 20% of their new people to this, despite that they get a talk specifically about the sensitivity of the data they work with, WHY this policy is enacted, and sign a "I know about this, and if I violate it I understand I will be fired" document.

fta...

The simplest and most secure solution, say the study's authors, is for companies to loosen their grip on social media access.

No, firing those who violate AUP seems like a great way to stop it.

Oh the irony:

Hack Patooey: Wife's job has an aggressive policy about "no installing anything" on your work computer. IT scans each computer remotely each night, and if there's new software installed, you're gone. They lose about 20% of their new people to this, despite that they get a talk specifically about the sensitivity of the data they work with, WHY this policy is enacted, and sign a "I know about this, and if I violate it I understand I will be fired" document.


Why make it possible for people to install things then? Is it some kind of test?

Fark_Guy_Rob: Because you have dumbass employees who intentionally disregard security and an IT staff who can't or won't prevent it.

Note: The solution to employees doing stupid stuff is not to let them do stupid stuff. It's to get better employees. Get a better IT staff or fire the employees who intentionally circumvent security policy. Solved.

OnlyM3: fta...

The simplest and most secure solution, say the study's authors, is for companies to loosen their grip on social media access.

No, firing those who violate AUP seems like a great way to stop it.

Which requires offering a competitive salary/benefits package and not making your work environment a hellhole to encourage the best and brightest to show up at your door.

Since that's a lot of work that companies too focused on ever-increasing profit margins have no intention of doing, TFA is right that just opening up social media is the simplest solution.

Because they can't spell?

FTFA: "employees banned from social networks often download software onto company computers allowing them to circumvent firewalls and access forbidden sites."

Ah, here's your problem-- allowing users to have the ability to install software. Lock it down; if they need software they can ask. They certainly won't ask for the stupid non-essential stuff.

WinoRhino: FTFA: "employees banned from social networks often download software onto company computers allowing them to circumvent firewalls and access forbidden sites."

Ah, here's your problem-- allowing users to have the ability to install software. Lock it down; if they need software they can ask. They certainly won't ask for the stupid non-essential stuff.

Yes, nothing like waiting three weeks for IT to approve, script, and install something you need RIGHT NOW to get your job done.

/IT in a regulated environment
//visualize the desktop!

//virtualize the desktop
///damn autocorrect

At what point does it cease to be social media, and becomes social masturbation? If to are willing to risk your job to play Farmville, you have a problem that needs to be dealt with.

I realise I'm about to get flamed to hell and back but... why not take a leaf out of IBM's book?

The LAN is, pretty much, a free for all and none of the user machines are locked down AT ALL (if it's a specialised machine for X then it will be locked down/monitored though). You want the 21st Century version of Bonzai Buddy? Go right ahead. So long as you get your work done it honestly doesn't matter if you use a desktop, laptop or a Speak n' Spell. Desktop grade firewalls and A/V are provided but if you want to use something else, same applies. So yes, you could bring your own machine but it's not supported by IT and it's up to you to make it work with the mail/groupware/etc solutions.

Anything useful/important (mail servers, etc) is hidden away behind firewalls that require authentication to get to and naturally the Internet facing stuff is equally well protected.

The onus is on the user to behave themselves; sure you can surf porn... but if you're caught then security will be escorting you out the door just the same as if you manage to kill/infest a server. If you spend all day surfing and doing no work then you're out the door.

Now sure that's a design headache and a huge multinational can easily brute force the cabling/equipment/man power needed but in this day and age of VLAN's and Virtual Machines I'm pretty sure a smaller scale version of it could be knocked up by a competent Network Engineer with a few Systems bods to do the machines themselves.

/Yes, Xmas day shift spent almost the whole 12hours playing WoW, EVE and other MMO's.
//Nobody was fired, the work got done and that's all that matters.
///The honour system. It works biatches.

A = PC at home with sshd running
B = ssh client on work computer

A + B = web freedom at work.

For the same reason that countries that prohibit addictive drugs have more drug crime?

/ DRTFA, but have noticed that people on social media show similarities to crack addicts.

My company will fire your ass instantly if you use SW that circumvents the firewall/proxy. And I mean"instantly" - as in walked out the door by security the same day. Problem solved. Facebook-addicted morons don't last long in my company. We pay good salaries, buy a friggen smartphone!

RatOmeter: A = PC at home with sshd running
B = ssh client on work computer

A + B = web freedom at work.

At my company, that will get you forever-shortened workday within an hour.

frak21: Hack Patooey: Wife's job has an aggressive policy about "no installing anything" on your work computer. IT scans each computer remotely each night, and if there's new software installed, you're gone. They lose about 20% of their new people to this, despite that they get a talk specifically about the sensitivity of the data they work with, WHY this policy is enacted, and sign a "I know about this, and if I violate it I understand I will be fired" document.


Why make it possible for people to install things then? Is it some kind of test?

Some SW requires that you have admin privs (thanks Microsoft) to run it. Those same privs allow you to install QED.

Hack Patooey: Wife's job has an aggressive policy about "no installing anything" on your work computer. IT scans each computer remotely each night, and if there's new software installed, you're gone. They lose about 20% of their new people to this, despite that they get a talk specifically about the sensitivity of the data they work with, WHY this policy is enacted, and sign a "I know about this, and if I violate it I understand I will be fired" document.

That's interesting. I work at one of the biggest companies in the world and even though we aren't allowed to install anything, they would never fire us over rogue programs. It's kind of ridiculous to get rid of someone just because they have something else on their machine. Everyone around here has FireFox, ftp tools, paint programs, etc.

Now if your computer contains highly classified or secretive information I can see that policy making sense.

I used AIM express to chat since any other type of chat programs wouldn't work.

I guess that's the same.

DontMakeMeComeBackThere: My company will fire your ass instantly if you use SW that circumvents the firewall/proxy. And I mean"instantly" - as in walked out the door by security the same day. Problem solved. Facebook-addicted morons don't last long in my company. We pay good salaries, buy a friggen smartphone!

Just let them get on with it and secure your business critical assets behind a authenticating firewall. Fire them for consistently not getting their job done. It is perfectly possible for someone to do their job, do it well and be a complete World of Warcrack (or similar) addict.

Frankly anything less is just not doing it properly.

If you're so addicted to a website that you're prepared to risk your job to get access to it for a few extra hours a day, you should be seriously considering some therapy. Replace 'twitter' with 'vodka' and see how much sympathy you get. Your employer pays you to work, not update your friends on how bad your hangover is. Do you get to get to feed you addiction to booze, drugs, cigarettes, jerking off, etc at your desk on your employers money?

Fark_Guy_Rob: Because you have dumbass employees who intentionally disregard security and an IT staff who can't or won't prevent it.

Note: The solution to employees doing stupid stuff is not to let them do stupid stuff. It's to get better employees. Get a better IT staff or fire the employees who intentionally circumvent security policy. Solved.

In my own anecdotal experience, it takes at least 8 - 10 months to fill an open IT position. This is from four companies over six years, each of which were eager to get me on board due to having a long vacant position.

Its also why I find it so hilarious when I get threatened with, "Well we'll just replace you."

"Well, you go ahead and do that. Maybe you'll find someone to fill the spot we've had open since February while you're at it. If anyone needs me I'll be working from home the rest of the day"

/no patience for paper tiger authoritarians

If it wasn't for my smartphone I wouldnt have survived work. Have you ever done QA testing?? It eats at your soul. Sometimes checking Fark and twitter makes my day suck less and therefore I do better work. People need something to break up their day, or we would have office killing sprees weekly.

enforcerpsu:
Now if your computer contains highly classified or secretive information I can see that policy making sense.

Having done contracts that took me to a QunetiQ site (think DARPA) there is one rule of thumb to tell if the computer contains REALLY secure information: Is it a Windows computer?

If yes, it's not on the secured network. If it's a PPC based Mac it probably is on the secured network and you REALLY REALLY shouldn't go anywhere near it. The people with guns (or indeed those who can summon them) will STRONGLY object to it.

I can kind of see the logic, sure someone might make code for OS X to get your stuff. Now do it for a PPC Mac... bit trickier isn't it? But very odd to see shiny new x86's sat next to quite old G5 towers.

Hack Patooey: Wife's job has an aggressive policy about "no installing anything" on your work computer. IT scans each computer remotely each night, and if there's new software installed, you're gone. They lose about 20% of their new people to this, despite that they get a talk specifically about the sensitivity of the data they work with, WHY this policy is enacted, and sign a "I know about this, and if I violate it I understand I will be fired" document.

That kind of turnover sounds incredibly expensive.

DontMakeMeComeBackThere: At my company, that will get you forever-shortened workday within an hour.

Sucks to be you

/even when I'm physically at the office, I'm seldom at my desk. I use laptops as dumb terminals to remote into my engineering workstation.

If I forget my laptop, I can just grab someones else's and remote from there.

James!: As long as you get your work done by 5:30 I don't give a shiat about what you do on the internet.

*so long as it's not illegal

yes - and micromanagement is an invitation to mediocrity

Fark_Guy_Rob: Because you have dumbass employees who intentionally disregard security and an IT staff who can't or won't prevent it.

Note: The solution to employees doing stupid stuff is not to let them do stupid stuff. It's to get better employees. Get a better IT staff or fire the employees who intentionally circumvent security policy. Solved.

This....

It amazes me the number of gutless managers who won't fire employees for comromising their employers' systems.

DontMakeMeComeBackThere: frak21: Hack Patooey: Wife's job has an aggressive policy about "no installing anything" on your work computer. IT scans each computer remotely each night, and if there's new software installed, you're gone. They lose about 20% of their new people to this, despite that they get a talk specifically about the sensitivity of the data they work with, WHY this policy is enacted, and sign a "I know about this, and if I violate it I understand I will be fired" document.


Why make it possible for people to install things then? Is it some kind of test?

Some SW requires that you have admin privs (thanks Microsoft) to run it. Those same privs allow you to install QED.

Umm, in almost all cases this is not true. Some old (or non-microsoft standard) software might need extra access to certain folders (commonly its own install directory) or other resources that it shouldn't really need to, but I don't think I have ever seen a case where you literally have to make someone an admin just to run software once it is installed, that is just a quick and dirty workaround to something that can be managed fairly easily without opening up everything.

xria: DontMakeMeComeBackThere: frak21: Hack Patooey: Wife's job has an aggressive policy about "no installing anything" on your work computer. IT scans each computer remotely each night, and if there's new software installed, you're gone. They lose about 20% of their new people to this, despite that they get a talk specifically about the sensitivity of the data they work with, WHY this policy is enacted, and sign a "I know about this, and if I violate it I understand I will be fired" document.


Why make it possible for people to install things then? Is it some kind of test?

Some SW requires that you have admin privs (thanks Microsoft) to run it. Those same privs allow you to install QED.

Umm, in almost all cases this is not true. Some old (or non-microsoft standard) software might need extra access to certain folders (commonly its own install directory) or other resources that it shouldn't really need to, but I don't think I have ever seen a case where you literally have to make someone an admin just to run software once it is installed, that is just a quick and dirty workaround to something that can be managed fairly easily without opening up everything.

Well, anything utilizing ODBC drivers or which relies on DOS environment variables apparently.

Or: How I learned to stop worrying and just shut off UAC.

/ancient and terrible coding on corporate platforms crops up quite often
//I never imagined in college how much DOS batch scripting I would have to know to do my job in 2011

MusicMakeMyHeadPound: /ancient and terrible coding on corporate platforms crops up quite often

Just exile the emperor to Elba. Any application that must run with administrative privileges can be isolated to a highly restrictive sandbox. And nothing says that the sandbox has to be on the user's own workstation. Then lean on the vendor to eliminate the admin requirements (probably fruitless, but it wouldn't hurt).

See, this stuff's why I brought my own laptop and entartube with me since 2006. It was pretty slow back in the EDGE days but email and a little surfing don't need huge bandwidth. 3G made it better and 4G is almost as good as being at home on the cablemodem. And that's at a company with an explicit "we don't block anything ever" policy. It's just common sense to keep your personal stuff off of company equipment.

Now there are dockable 4G phones that are basically Android laptops. There's no longer any reason for people to be doing their personal internet stuff on company machines. Especially when anyone with a brain knows that their company can monitor everything they do on the company equipment and network.

jtown: There's no longer any reason for people to be doing their personal internet stuff on company machines.

I know of companies that have workstations in the cafeteria for personal browsing. Others will open up access to social media sites during lunch and after hours. I even knew one company that had a TZ filled with VMs that people could remote desktop into and access personal files or the Net from; the corpnet had an Internet whitelist, the TZ had a blacklist. You could not transfer files to/from the corpnet to the TZ (or vice-versa). When the user was done, the hypervisor would restore the VM back to stock.

Did they have to provide personal Internet access? Of course not. But you run the risk of gaining a reputation as a company with a fascist Net policy if they didn't. For some lines of business, it doesn't matter. For others, you might be driving good potential workers away.

It is all a balance.

Dinjiin: jtown: There's no longer any reason for people to be doing their personal internet stuff on company machines.

I know of companies that have workstations in the cafeteria for personal browsing. Others will open up access to social media sites during lunch and after hours. I even knew one company that had a TZ filled with VMs that people could remote desktop into and access personal files or the Net from; the corpnet had an Internet whitelist, the TZ had a blacklist. You could not transfer files to/from the corpnet to the TZ (or vice-versa). When the user was done, the hypervisor would restore the VM back to stock.

Did they have to provide personal Internet access? Of course not. But you run the risk of gaining a reputation as a company with a fascist Net policy if they didn't. For some lines of business, it doesn't matter. For others, you might be driving good potential workers away.

It is all a balance.

That's great but none of that takes the personal privacy issue into account. I don't want my company to know what I shop for or what forums I post on. And I don't want to have to wait until I get home to check a NSFW link.

jtown: And I don't want to have to wait until I get home to check a NSFW link.

Yeah, but you run the risk of dropping your iPhone into the toilet while you're fapping to the latest links on Foobies.com. Most of us can wait till we get home so we can watch that stuff on the widescreen.

They probably have 30% more security breeches because they are at least 30% more productive.

Also, an oppressive internet policy generates contempt for the company. I used to work for a company that gave you no admin rights and would review your browser history and then flag anything they deemed unnecessary. Social media, zero streaming videos, no FARK, no forums. Only news sites or Wikipedia. No matter how well you did your job you were still treated like a criminal.

I told that company to f*ck off after three years, the net policy was indicative of the management's treatment of their employees: zero trust.

That company has the highest turnover rate of any company I know. No one who started the same time as I did is still there. It will be interesting to see what happens when the old timers (that remember the good old days) who train all the newbs how to do their jobs retire.

My current company is far better, and I appreciate their lax internet policy and would bend over backwards for them.

I'm going to say those companies suffer more security breaches because they have chosen not to allocate sufficient resources to security, and rather issued edicts against risky behavior as a stopgap.

Or else, when users go ahead and access social media, these events themselves are tallied as security breaches.

I don't understand why more offices don't just host the documents and user profile on a server, and run Returnal or Microsoft Steady State on the PCs every night. It's like re-imaging the PC.

And I do agree, employers who excessively lock down PCs, are definitely sending the message that they think their employees are scum.

Fun fact: A major Telecomunication & inTernet company absolutely forbids it's call center employees from bringing their phones and laptops into the building. You have to leave them out in your car, and hike out to the parking lot to use them on your personal breaks. It's to keep from "overwhelming" the nearby tower, they claim. Or because it's easier to ban all cell phones instead of just camera phones due to their "high security" no-cameras policy. Managers strut around with multiple cellular phones, prominently holstered around their belts.

Public PCs are nice, but inevitably they're tucked someplace far away from employee's desks. They're useless when you have to hike 10 minutes over to the far side of the building, on your 15-minute break, to use one. Ditto for buildings where the bathrooms and cafeteria are all a long hike from the desk areas.