Legal question regarding corp network logins

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Big bank outsources the jobs of one of its tech depts. as well as two other tech depts. it was not the IT helpdesk but the telecom and router/data guys and another tech fcn that will remain unamed.

all in all over 1000 jobs were outsourced to XYZ company over 5 years ago.

To perform these jobs, access to big bank's network is required.

the outsourcing comapny (XYZ) starts to outsource too, and relies on contractors to support users and the daily operations.

even after 5 years, getting logins to big bank's network is difficult and takes months. so when a new consultant starts, he/she can't really do anything for a couple of months until their logins are set up.

So the team lead for this tech team wants to take a week off and leaves 2 consutants at the helm while he takes off. He violates the big bank's policy by giving the consultants his login credentials so that they can work while he is off.

Foolishly he does this w/out his boss's knowledge or consent. while he is off one of the consultants goes to a pron site with his login. he gets fired when he returns to work for sharing his login with the consultants.

a few months later, an email is sent out by his former boss. the email was sent to two new consultants that are doing the same job now. in this email the boss says it is okay to share the one working login between the two guys as long as the guy whose login it is keeps an eye on the other guy.

isn't this totally wrong? a man just got fired for doing that and now they are telling them that it is okay? we take IT security training telling us never to let anyone use our logins, and I would never give out my password, but we still have to do our jobs.

who is responsible? the big bank or XYZ company or just the low level team lead that got canned? doesn't he have a case given all the facts? what do you think?


 
T

Tim

If big bank, XYZ, or said subs had its policy violated, then they had every right to fire the parties involved.

If the policy is later changed by ANY of the parties (big bank, XYZ, or subs) after the fact, then that has no bearings on said person being fired beforehand.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: theplaidfad

If the policy is later changed by ANY of the parties (big bank, XYZ, or subs) after the fact, then that has no bearings on said person being fired beforehand.

the policy did not change at all, this was just a workaround to get the job done.
just like what the tech that got fired did, but from his boss unofficially on the down low.

 

torpid

Lifer
Sep 14, 2003
11,631
11
76
Was the "one working ID" created specifically for the purpose of being a shared account between the two?
 

EagleKeeper

Discussion Club Moderator<br>Elite Member
Staff member
Oct 30, 2000
42,589
5
0
either the policy was changed or needed to be clarified.

The lead violated proper procedures (at the time) and paid for it.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: torpid
Was the "one working ID" created specifically for the purpose of being a shared account between the two?

no it was not a shared acc't, it was a personal login for one person in both cases.



Originally posted by: Common Courtesy
either the policy was changed or needed to be clarified.

The lead violated proper procedures (at the time) and paid for it.

yes but that policy was still being violated untill recently with the bosses knowledge and permission, all in the name of getting the job done and supporting the users ~ just like the team lead did and got fired for it. nobody sees how wrong this is?
 

EagleKeeper

Discussion Club Moderator<br>Elite Member
Staff member
Oct 30, 2000
42,589
5
0
Originally posted by: Stifko
Originally posted by: torpid
Was the "one working ID" created specifically for the purpose of being a shared account between the two?

no it was not a shared acc't, it was a personal login for one person in both cases.



Originally posted by: Common Courtesy
either the policy was changed or needed to be clarified.

The lead violated proper procedures (at the time) and paid for it.

yes but that policy was still being violated untill recently with the bosses knowledge and permission, all in the name of getting the job done and supporting the users ~ just like the team lead did and got fired for it. nobody sees how wrong this is?

The key is the boss's permission.

That covers the person doing the sharing.

The lead did not have the permission.

 

DaveSimmons

Elite Member
Aug 12, 2001
40,730
670
126
Moral: If you're going to violate company policy, get permission to do so in writing and have HR sign off on it. Don't rely on undocumented understandings that might be disputed later.
 

dawp

Lifer
Jul 2, 2005
11,347
2,709
136
Originally posted by: Stifko

Foolishly he does this w/out his boss's knowledge or consent. while he is off one of the consultants goes to a pron site with his login. he gets fired when he returns to work for sharing his login with the consultants.

I think that may have been the main issue, and both should have been fired. where I work porn is not tolerated at all, and if I was to go to such a site, I'd be out of a job.


And why is a Large bank outsourcing the IT anyways? Seems to me it would be more secure to have it in-house.
 

SacrosanctFiend

Diamond Member
Oct 2, 2004
4,269
0
0
Originally posted by: Common Courtesy
Originally posted by: Stifko
Originally posted by: torpid
Was the "one working ID" created specifically for the purpose of being a shared account between the two?

no it was not a shared acc't, it was a personal login for one person in both cases.



Originally posted by: Common Courtesy
either the policy was changed or needed to be clarified.

The lead violated proper procedures (at the time) and paid for it.

yes but that policy was still being violated untill recently with the bosses knowledge and permission, all in the name of getting the job done and supporting the users ~ just like the team lead did and got fired for it. nobody sees how wrong this is?

The key is the boss's permission.

That covers the person doing the sharing.

The lead did not have the permission.

Now, the question becomes "Is the boss at a policy-making decision level?" If the answer is no, then the boss should be disciplined. Not doing so would be inconsistent with company policy, and inconsistency leads to large pay-outs.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: SacrosanctFiend

Now, the question becomes "Is the boss at a policy-making decision level?" If the answer is no, then the boss should be disciplined. Not doing so would be inconsistent with company policy, and inconsistency leads to large pay-outs.

that is what I am saying. it was my friend that got fired. he was a great worker and always had the user's best interest in mind. I think that he got a really raw deal. there really is no way to do this job done w/out a login. during this whole horrific outsourcing debacle we have been just an afterthought. we were thrown into the deal at the last minute to reduce the payroll count for that year. there was no thought as to how this would work out and there still isn't 5 years later! all of our bosses have been remote and we have had 4 of them over the past 5 years. we are expected to get the job done and keep everyone happy and only have limited tools to do so. the team lead did a dumb thing but he meant well.
 

SacrosanctFiend

Diamond Member
Oct 2, 2004
4,269
0
0
Originally posted by: Stifko
Originally posted by: SacrosanctFiend

Now, the question becomes "Is the boss at a policy-making decision level?" If the answer is no, then the boss should be disciplined. Not doing so would be inconsistent with company policy, and inconsistency leads to large pay-outs.

that is what I am saying. it was my friend that got fired. he was a great worker and always had the user's best interest in mind. I think that he got a really raw deal. there really is no way to do this job done w/out a login. during this whole horrific outsourcing debacle we have been just an afterthought. we were thrown into the deal at the last minute to reduce the payroll count for that year. there was no thought as to how this would work out and there still isn't 5 years later! all of our bosses have been remote and we have had 4 of them over the past 5 years. we are expected to get the job done and keep everyone happy and only have limited tools to do so. the team lead did a dumb thing but he meant well.

Your friend didn't get a raw deal. He violated company policy to a degree that warranted termination. What I am saying is that, pending on the decision-making level of "the boss,"
"the boss" should also be disciplined.

Your company needs to hire a consulting firm to look at your structuring, policies, and training. It sounds like you have huge gaps in all of those.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: SacrosanctFiend

Your friend didn't get a raw deal. He violated company policy to a degree that warranted termination. What I am saying is that, pending on the decision-making level of "the boss,"
"the boss" should also be disciplined.

Your company needs to hire a consulting firm to look at your structuring, policies, and training. It sounds like you have huge gaps in all of those.

The network doesn't belong to my comapy. it is the client's network. getting the two together is very difficult and cooperation is almost non existant. just getting out of this network and into my company's network is hard to do. the bank will not reset or help out with proxy password, but we need to access our company's site to do all our HR functions and time tracking. everything is done remotely. we don't even get hardcopies of our check stubs.

by the way, not only was a pron site visited, but content was downloaded to a memory stick and from a desktop and a laptop! the consultant that did it is still employed by his company but on another contract. he did appologize to the guy that lost his job.

someone above asked why the bank did all this outsourcing. it reduces cost for them. eventually I imagine that only bankers will work for this bank. all other support staff will be outsourced.
 

tefleming

Golden Member
Dec 1, 2003
1,128
0
0
it was possible to turn a blind eye to the acct/pw sharing UNTIL a paper trail got started by the pron downloading. At that point some action had to be taken because of the compound violation.

Also, clients aren't usually able to discipline consultants directly and since they don't communicate, nothing happened.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: tefleming
Also, clients aren't usually able to discipline consultants directly and since they don't communicate, nothing happened.

the client can escort the consultant off of the job site and not let them back on location, and they did.
 

tefleming

Golden Member
Dec 1, 2003
1,128
0
0
so, you friend is an employee of the IT firm and was sacked for sharing his pw while the non-employee/ contractor faced only token corrective action?
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Banks take security extremely seriously. I'm not surprised we was fired for such a gross violation of security. It's probably in your contract that if the bank feels anything is compromising or if employees do anything they don't like then action can be taken.

This should be your friends first lesson. Never give out your username/password. 2ndly never give it out if it is for a banks system that you don't own.

-edit-
And what do you mean "have a case", you can be fired for just about anything that isn't protected. Giving out the ID/password which you said is clear violation of banks policy is a pretty darn good reason.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: tefleming
so, you friend is an employee of the IT firm and was sacked for sharing his pw while the non-employee/ contractor faced only token corrective action?

yes my friend is the person that lost his job. the tech that went to an adult site got a slap on the wrist.

the thing that bothers me is that our boss was still telling the consultants to share their logins up to a few weeks ago. he knew full well that the former team lead was fired for doing the same thing. there is no other way of doing business considering how long it takes to get a login config'd. this whole deal has been a huge mess from the jump.

spidey07, I agree with your post above and you are right. the bank gives us no alternative and expects no lapses in service.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: spidey07

-edit-
And what do you mean "have a case", you can be fired for just about anything that isn't protected. Giving out the ID/password which you said is clear violation of banks policy is a pretty darn good reason.


what I mean by that is our boss was unofficially authorizing the subcontractors to do exactly what he was fired for doing.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: Stifko
Originally posted by: spidey07

-edit-
And what do you mean "have a case", you can be fired for just about anything that isn't protected. Giving out the ID/password which you said is clear violation of banks policy is a pretty darn good reason.


what I mean by that is our boss was unofficially authorizing the subcontractors to do exactly what he was fired for doing.

So? He's the boss and his authorization is OK.

Things change, maybe your boss complained about having to fire the dude and tried to come up with a solution both he and the bank could accommodate.
 

Scarpozzi

Lifer
Jun 13, 2000
26,391
1,780
126
They probably just canned the guy cause they didn't like him....or they needed an excuse to downsize. It happens sometimes.
 

OutHouse

Lifer
Jun 5, 2000
36,410
616
126
we just fired two guys for doing this. but they took it a step further by logging each other out of Kronos (online timeclock). the logs were very clear and HR gave them the chance to fess up but they didnt so Hr showed them the logs, then they confessed but it was too late and they got canned.

im a pretty laid back sys admin but sharing logins is a huge pet peeve of mine. with the industry my company is in we have to keep control of who has access to what resources.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: spidey07
Originally posted by: Stifko
Originally posted by: spidey07

-edit-
And what do you mean "have a case", you can be fired for just about anything that isn't protected. Giving out the ID/password which you said is clear violation of banks policy is a pretty darn good reason.


what I mean by that is our boss was unofficially authorizing the subcontractors to do exactly what he was fired for doing.

So? He's the boss and his authorization is OK.

Things change, maybe your boss complained about having to fire the dude and tried to come up with a solution both he and the bank could accommodate.

no, I bet nothing has changed and he doesn't have the bank's okay to do this. as I said above his authorization was totally unauthorized by the bank. it was a quick and dirty solution, just like when the former team lead did it, but he got fired for it. now the same thing was going on due to a total lack of any proper fix and due to nobody caring to implement a fix.
 

darkxshade

Lifer
Mar 31, 2001
13,749
6
81
who is responsible? the big bank or XYZ company or just the low level team lead that got canned? doesn't he have a case given all the facts? what do you think?


The Pr0n is responsible.
 

Stifko

Diamond Member
Dec 8, 1999
4,799
2
81
Originally posted by: Scarpozzi
They probably just canned the guy cause they didn't like him....or they needed an excuse to downsize. It happens sometimes.

downsizing had nothing to do with it. a new hire was brought in and 2 additional subs. they needed more help at the time, not less. he was well liked too, the users were ape$hit over him and so was his boss.