Thursday, January 19, 2006

I am the computer police

Today was Policy Writing Day. I have to update the Web Publishing Policy as well as write a brand new Web Design Guidelines for the faculty.

Basically, the policy states that this is a university site, so watch what you put on there. We are legislated by the Copyright Protection Act, the Trademark Act, BC Privacy Act, Canada Criminal Code, and any other university policy that falls under web content. You cannot plagerize, give out advice or sell anything, information only. And no pictures of your dogs are allowed. Oh, and you need to put on the university logo and the faculty's logo (affectionately know by insiders as "The Frog"). Can't do it? I get the perverse pleasure of shutting your site down and removing it from Internet-land.

I also had somehow volunteered myself to doing up a plan to help educate end users as to why they need to practice better computer security. The thing is that they simply don't. It's like giving a thief the keys to your house and opening up the door and saying, "Come right in, I don't mind if you take everything!"

Two common end user practices that drive us IT people crazy:
  • People writing down their passwords and sticking them on their monitors or under their keyboards. That is just like giving someone your key to your house. Many times, information is stolen from the inside, either a janitor or some disgruntled employee. Or someone just walking off the street and into your office. The office we work at is a very large open space, and lots of people come and go, you can't always know who should be there and who is an interloper.
  • People leave their computers unlocked when they step away from their desk. Now I have to admit, while I'm usually good a locking my computer, I have on occasion forgotten to lock the computer. As a joke, my co-workers had sent out a joke email to a few select people on my team. This has happened to me twice already, and I've been there less than a year. Not good. You can thus imagine the kind of mischief that can go on if someone happens to walk by your computer when you're not there, and your computer happens to be unlocked.
Don't even get me started on the rest of the stuff users do.

I was doing a bit of research today, and I ran across this article. Needless to say that I was horrified. Do people really disregard security that much? It's like a teen who's sexually active and believing that they would never get STDs. No that would never happen to me. People, it's a ticking time bomb, waiting to explode.

One more word. Those of you who think that if no one is looking, they can't tell how long you've been surfing on the net at work, or which site you're visiting. Let me tell you how wrong you are. Your IT staff don't need to be in the same room, or the same building, or even in the same country for them to find out. If they really want to know, they have their ways, trust me. You may be on the company's bad list and not even know about it. And yes, they can read your email too.

You have been forward.

No comments: