he told me I should be closing my tabs and shutting the machine down anyway,
like I say... you only need to leave one tab open 🙂
There’s no way the boss will let him have a secret, only know to him password. If he up’s and leaves, falls ill or similar the computer, and any work on it is completely inaccessible.
Look at my posting history to discover what can happen if you don't have a known only to you password. Brief synopsis - Mrs C had a mare when her line manager and company director logged on as her whilst she was on holiday using her password she was forced to share and caused a very large data breach. In a small industry where everyone knows everyone within a reasonable geographical radius and with a MD and director refusing to publically take the blame it nearly ended my wife's career and has taken a couple of years to restore her reputation. Even now there are business associates that went cold and she suspects that's the reason. She ended up leaving the business as the working environment became so toxic. She should really have gone legal but didn't have the stomach for it. Fortunately she is now happier in a much better firm doing work she far prefers paid significantly more so it ended well and was the nudge from a crap situation she probably needed.
Long and the short of it, employees should not be forced to share their passwords. In small companies without IT support I'd imagine it must be harder to sort and still have access to files if the worst happened but there must be a way to not give day to day access to anyone but the specific employee.
Why are people thinking Frosty has shared his password? he said "their dad has logged into the admin user account"... the ADMIN account. Maybe the boss knows the password for this and Frosty doesn't! Frosty's account can have admin rights still.
IIRC someone on here was sacked years ago from a big company because his kids downloaded innocent stuff on his works laptop
@DezB - You’re spot on. I know the password for the machine, but it is not MY password, it is just the password for that machine.
A few people have suggested I simply change the kids privacy settings and change the password etc. This is such a direct move,it would only be seen as passive aggressive and wouldn’t go down well.
You’re spot on. I know the password for the machine, but it is not MY password, it is just the password for that machine.
Wow world of bad there!! Probably should have been an early alarm bell there!!
This is such a direct move,it would only be seen as passive aggressive and wouldn’t go down well.
Hmm I assume this means you still want to work there?
It isn't your machine but I would get my own keyboard and mouse to use - I assume that it is USB connected - just swap them in and out when not in the office, stick them in a locked draw.
Stop stressing about it - different account, different keyboard and mouse and get some anti-bacterial wipes on expenses if they leave a mess.
YOu have to tell the boss in no uncertain terms this is not acceptable because of the potential damage to the company if the kids download something nasty onto the computer. ( forget the snot issue) ~Emphasise the security issues
Depending on his response to that for me would depend on whether I resign or not.
IIRC someone on here was sacked years ago from a big company because his kids downloaded innocent stuff on his works laptop
yes, maybe get an email or something with the bosses say so that they can use the machine.
If they are using a different account then any dodgy downloads should be traceable.
You’re spot on. I know the password for the machine, but it is not MY password, it is just the password for that machine.
you shouldn't be using a shared account for reasons of traceability and accountability.
It isn’t your machine but I would get my own keyboard and mouse to use – I assume that it is USB connected – just swap them in and out when not in the office, stick them in a locked draw.
Cyrillic keyboard? Hebrew? Just swap a few keys around?
There’s no way the boss will let him have a secret, only know to him password.
Except in every sensible corporate environment ever.
In over 35 years of working in and around IT (and in a number of relationships) I've never divulged my passwords to anyone ever, other than in exceptional circumstances and have then immediately changed them. As soon as one other person knows your password you may as well set the password to blank as it no longer serves any meaningful purpose.
If he up’s and leaves, falls ill or similar the computer, and any work on it is completely inaccessible.
Only if there's no centralised file storage or backups. In which case you've got much bigger issues than Fortnite.
I know the password for the machine, but it is not MY password, it is just the password for that machine.
Change it.
This is such a direct move,it would only be seen as passive aggressive and wouldn’t go down well.
And? What's he going to do, sack you? You'll be rich if he does.
Actually, you know what? Just show him this thread. I'll go on record right now and tell him that he's a ****ing idiot. I'll say with absolutely no hyperbole, I'm telling you that he is two steps away from facilitating a disaster which could wind up leading the company into liquidation.
From what you are describing it seems you don't have an IT person on site. Do you have an IT contract or consultant? If so, are they aware of what's goin on? Do you have off-site secure backups? It might be worth asking the boss to consult with an expert given the changes to data protection legislation, with an overall security/storage audit by same person. If that person doesnt/can't convince the boss that the potential costs in penalties and lost productivity/work product due to the current arrangements are way more than buying his own kids a computer then that person is not much of an IT bod and your boss will surely do something to destroy the business if not this.
employees should not be forced to share their passwords
Password sharing is explicitly and absolutely prohibited in our workplace and everywhere I've worked. It's a MAJOR no.
I know the password for the machine, but it is not MY password, it is just the password for that machine.
Another MAJOR no. You really need to sort out your IT. No matter how small you are, you cannot just wing it. Something will happen at some point and you'll be exposed as a bunch of cowboys and your reputation will be shot, if you aren't all prosecuted for this cavalier approach to work.
What those two said. ^^
When his kids hit 14 years old and start downloading pron, *you* are going to be the one getting the blame.
Following on from cromolyoly, you can get this stuff outsourced these days. They set everything up for you and fix stuff when it goes wrong etc. Ask P-Jay about it 🙂
IIRC someone on here was sacked years ago from a big company because his kids downloaded innocent stuff on his works laptop
That was Jedi from BT iirc. On the plus side, thats a positive-ending sacking story all things considered!
Place I worked at before had a bit of a vendetta against one chap so they got the IT admin dude to change his password to stop his access and allow them to have a couple of days to scout through his mail. Don't need his password if you got the rights. 😉
Same place had three of the latest I phones on the company tab so their three boys could be ahead of the Joneses - major ructions if not upgraded pronto.
I am so, so happy not to still be there - I'd need a compelling reason to work for a small family-owned company ever again.
Place I worked at before had a bit of a vendetta against one chap so they got the IT admin dude to change his password to stop his access and allow them to have a couple of days to scout through his mail. Don’t need his password if you got the rights.
Why would they need to do that they could just have downloaded it or read it as admin anyway? Your contract should also have reflected that - as with any other IT plan.
BUT in this case the OP has no ability to defend it was not me, by the sounds of it the bosses kids could send an email or DL porn and nobody would be able to prove or defend it.
I've worked for small places but I'd walk if those were the terms it's a complete nightmare. Nobody expects a full on IT department for a small business but we do expect a degree of professionalism
that probably costs money….
True. Usually it is a LOT cheaper than the alternatives. The problem is people look at it from the perspective that if I pay for good advice it will definitely cost me money but if I keep doing what I am doing it only might cost me money.
Which is why there are laws requiring you to have vehicle insurance.
Nobody expects a full on IT department for a small business but we do expect a degree common sense to seek professional advice instead of clicking your heels three times and hoping for the best
Ftfy
cromolyolly have you worked for a small business?
Why would they need to do that they could just have downloaded it or read it as admin anyway? Your contract should also have reflected that – as with any other IT plan.
Should have but didn't. You'll have to ask em why, I'd rather nail my own tongue to the wall that speak to those ****ers again.
Big, small, advised, consulted, run. Done a bit of it all. Small business is a tough gig but they do tend to try and save money in the wrong places. Or the short-term places. Good IT advice doesn't have to be expensive but not getting it because you can keep you equipment running without help often is.
Thanks again for all of the various responses.
Do those calling for me to resign on principle even have a job?! I mean, do people just routinely turn their backs on jobs that took them years to land? Just strikes me as an OTT ‘internet forum’ response which serves no purpose other than to prove a point.
I sat down with the boss yesterday morning after arriving to find another load of the kids stuff scattered all over my desk, and the computer logged in to the kids account.
I explained to him the potential risk of allowing the kids access to these machines. I mentioned liability, personal and corporate, I mentioned phishing emails, malware and the lack of any current web usage policy and the lack of any formal approach full stop. I made it clear I was incredibly uncomfortable working on any machine that the children had access to, and that I thought we should be bringing in an external company to give us the once over, but he insisted that he had antivirus installed and that the kids only use online games and that they don’t have access to any of our files (mostly Dropbox and stored on a custom web based platform thing)
I’m going to write a formal email to him and my Hr guy today outlining my concerns, in lieu of any official policy, and I think that is about all I can do.
I can’t afford to make too many waves, but I do need to make my point.
Any further advice is always welcome. Thanks again
I have walked away from two jobs without anything to go to that were toxic for various reasons - however my situation is perhaps very different as I have skills that mean another job is easy to find.
Frosty, his claim that having AV is enough is really poor. How do the kids not have access the drop box files if they’re using the same account as you?
I used to do IT audits of companies ranging from tiny subsidiaries up to massive enterprises. In all cases I can think of, if a computer account was being shared by more than one person and it had access to company files or could in any way shape or form influence the financial data of the company is was a straight up fail. If employees were found to be sharing account log on details it was a fail.
I’m no longer doing that kind of work but where I am now, sharing log on details is a disciplinary offence. He needs to get his company’s IT sorted out as he’s being really careless.
You’re doing the right thing in raising it in person and then following it up in writing. If he can’t be arsed to protect his company then you need to protect yourself for when it all goes tits up.
Well, you've basically done everything you can at this point. He is not grasping the gravity. The only other thing you can try :. You mentioned the HR guy was a bit of a brown noser. If you mention to him,casually, that since the company has got to size it is, P&P manuals would be the next logical step. This might involve outside advice on IT/legal etc. You are sure it is an area the HR guy has thought about. Send him links to interesting articles on the internet about this stuff. See if you can make him think it is his idea. See if he can persaude the boss to let him run with it. Emphasise to HR guy the IT security bit
The "we have antivirus, we don't need IT" is telling. I wonder if his accountant knows the house apace and IT equipment he is writing off is doubling as personal use.
You don't have to leave over this but I would recommend keeping your CV updated and your feelers out.
If you cant change the situation all you can do is change how you deal with it. Invest in cleaning supplies, spend the first part of everyday cleaning up instead of your actual work, try to develop a let it slide attitude otherwise it'll drive you crazy.
You did the right thing OP, and writing an email is a good idea. You should also print it out and keep it just in case. Maybe also email yourself with a list of your concerns and what you've tried to do, so your arse is covered.
Of course, simply having antivirus is not enough but I think you realise that.
Biological warfare? Any young kids you know with chickenpox, measles, conjunctivitis?
As above I used to work in an industry where passwords were sacrosanct. We even had removable hard drives and no one ever thought to use someone else's machine.
In current job it's disciplinable if someone gains access to your account as there is the potential to get to sensitive info.
Have a look at these:
https://www.gov.uk/government/publications/cyber-essentials-scheme-overview
https://www.cyberessentials.ncsc.gov.uk/
You can self assess for the basic Cyber Essentials. Might be worth doing to highlight exactly the risk your boss is accepting.
I think it is reasonable to expect a professional working environment. The fact that the office is part of your bosses house makes that harder.
You need to chat with your boss and say you dont feel its professionally appropriate for children to be playing in your work space in the evenings. You find it very stressful and not very professional and hope that he understands.
Every small company that I've ever worked for, you're given a computer on day one and provided with a password, and that's what you use.
If you're off sick or whatever, and you have something of importance on there, one of your colleagues will login and work from your machine.
I think it is reasonable to expect a professional working environment. The fact that the office is part of your bosses house makes that harder.
I think from the OP's perspective, this comes above anything (the security issues shouldn't be his concern).
A little respect from your employer goes a long way, and in this instance all it involves is buying a computer for their kids which might cost them £200. Is it really worth the tension to scrimp on that?
Unfortunately it doesn't look like the employer really sees it this way, so not sure what you can do other than look for another job.
If you’re off sick or whatever, and you have something of importance on there, one of your colleagues will login and work from your machine.
Even is small places this has always been a no. Modern cloud tools make it not needed really, if your work is only on that machine and not accessible by others that need it then something is wrong. Also more than. One person can log in and access shared files.
Even is small places this has always been a no. Modern cloud tools make it not needed really, if your work is only on that machine and not accessible by others that need it then something is wrong. Also more than. One person can log in and access shared files.
There has always been access to shared files, but in the real world unfinished work does not always exist amongst them. Neither does everyone always have access to the same software.
Not saying it's right or wrong, but in a small business it happens. They don't necessarily have the knowledge or resources to do otherwise, and when working closely together you may even be sharing machines to some degree anyway.
the kids only use online games
Any idea what games specifically? An online game could be a browser based game (a lot of them use Flash which is notorious for being a security nightmare) or something like Fortnite which you play online but installs a lot of files locally.
If it's just browser based games then a cheap computer would work fine for that (if he's got a house big enough for 6 people to work from can't he afford £400 for a computer for his kids?).