Problem: Senior Gen X so called "IT" install crack Office software in the company computer in one branch

[DaveMedan]

This is a continuation of the last post,

but it has been solved under that branch, 
no more torrenting

 

but I discovered that my branch that I seldom visit due to my nature of work,

has violated the company rule, the PC I set for them,

but the senior (earlier) employee requested Microsoft Office to be installed, 

Even though I ask them if they use Macro or not, and they say no. 

So I command them to use LibreOffice.

However, this so-called "IT" employee got used to being under my dad's leadership,

that don't care about security and legality, was accustomed to using crack software.

 

But since I took over, 2 branches are already under my control regarding the tech.

 

Since the senior so-called IT, know each admin password for the computer, 

he helps them install the cracked Microsoft Office.

 

How do you resolve this? 

 

 

 

 

 

[Needfuldoer]

Uninstall the cracked software, make sure the PC is clean, take away administrator access, and formally reprimand the employee responsible.

[Fasauceome]

11 minutes ago, DaveMedan said:

How do you resolve this? 

In a professional setting where you are the one establishing the rules and operational protocol, you absolutely do not take "no" for an answer in matters of cyber security.

 

12 minutes ago, DaveMedan said:

don't care about security and legality

If violating the security of the business causes legal problems, and especially if it was done flippantly (which it sounds like it was in this case) I would definitely warn that legal action is a possible repercussion to this individual.

[Levent]

Complete reinstall. Don’t risk anything else. 

[Dillpickle23422]

26 minutes ago, DaveMedan said:

This is a continuation of the last post,

but it has been solved under that branch, 
no more torrenting

 

but I discovered that my branch that I seldom visit due to my nature of work,

has violated the company rule, the PC I set for them,

but the senior (earlier) employee requested Microsoft Office to be installed, 

Even though I ask them if they use Macro or not, and they say no. 

So I command them to use LibreOffice.

However, this so-called "IT" employee got used to being under my dad's leadership,

that don't care about security and legality, was accustomed to using crack software.

 

But since I took over, 2 branches are already under my control regarding the tech.

 

Since the senior so-called IT, know each admin password for the computer, 

he helps them install the cracked Microsoft Office.

 

How do you resolve this? 

 

 

 

 

 

Do you have the authority to fire this person, or talk to someone who can? If so, do it. Not to be harsh, or brash, but obviously these people have a history of doing this. They ignored you, the person in charge of what they use, to potentially risk whatever it is that you're doing. If you're not going to fire them, you need to seriously lay them out, because if you're in his position and are willing to risk security just to use Microsoft Office, they really shouldn't be in that position

[tkitch]

I'm fairly loose with some security things, but things you'll never see me do:

1) Ask anyone for their password.  "No I don't care that I'm IT.  Do not give anyone your password!"

2) Install cracked software.  There's no such thing as "safe" cracked software.  Most keygens and related cracks carry viruses / spyware / malware.  This is a HARD no.

 

A subordinate may get to have conversations with you, but if you have a hard rule for the company?  Tell him to follow the rules, or pound sand and leave.

[Lurking]

I suppose a company large enough to have branches also has solid work rules. Illegal and insecure activity sound like a fire-able offense. At least for repeat offenders.

 

Our IT is really strict. Overly so I think. They use applocker to shut all unapproved software out. This creates new issues since for software updates or other changes this often requires support if there is a new unknown sub routine already approved software uses. But I bet people like in your example forced them to put down the hammer.

[Erioch]

9 hours ago, tkitch said:

1) Ask anyone for their password.  "No I don't care that I'm IT.  Do not give anyone your password!"

I've had people do this even after I specifically told them not to.  I expire their passwords.

 

And to OP's question, fire them.  It's a huge liability.

[tkitch]

3 hours ago, Erioch said:

I've had people do this even after I specifically told them not to.  I expire their passwords.

 

And to OP's question, fire them.  It's a huge liability.

As soon as they start talking passwords, I stop listening. and say "What did I just say?  Don't tell anyone your password!"

 

[demonix00]

Nuke the computers from orbit, reinstall the OS and make sure that the so called IT no longer has the access to the admin password.

[Agall]

On 1/29/2024 at 6:41 AM, DaveMedan said:

This is a continuation of the last post,

but it has been solved under that branch, 
no more torrenting

 

but I discovered that my branch that I seldom visit due to my nature of work,

has violated the company rule, the PC I set for them,

but the senior (earlier) employee requested Microsoft Office to be installed, 

Even though I ask them if they use Macro or not, and they say no. 

So I command them to use LibreOffice.

However, this so-called "IT" employee got used to being under my dad's leadership,

that don't care about security and legality, was accustomed to using crack software.

 

But since I took over, 2 branches are already under my control regarding the tech.

 

Since the senior so-called IT, know each admin password for the computer, 

he helps them install the cracked Microsoft Office.

 

How do you resolve this? 

O365 licenses cost nothing when you're talking business expenses, $150/year... If an employee is used to it, its likely cheaper to compensate for that than force someone to learn something new.

 

Even then, one time Microsoft Office purchases are a drop in the pond for a lot of companies.

 

Regarding the guy willing to illegally use software, I'd gather evidence and present it, since he's a liability to the company.

 

Hardest part I've found about civilian IT work is convincing executives that you need to spend money, especially software. Sometimes I've just had to overstep to make sure something the company needs is purchased, sometimes even purchasing it myself.

[tkitch]

12 hours ago, Agall said:

O365 licenses cost nothing when you're talking business expenses, $150/year... If an employee is used to it, its likely cheaper to compensate for that than force someone to learn something new.

 

Even then, one time Microsoft Office purchases are a drop in the pond for a lot of companies.

 

Regarding the guy willing to illegally use software, I'd gather evidence and present it, since he's a liability to the company.

 

Hardest part I've found about civilian IT work is convincing executives that you need to spend money, especially software. Sometimes I've just had to overstep to make sure something the company needs is purchased, sometimes even purchasing it myself.

 

Second comment:

If Microsoft catches your company using cracked software, you're gonna get hit with a 10K USD / Copy *minimum* for the cracked shit.

If paying 150-200$ a year is too much for the company?  Paying 10's or 100's of thousands out in fines is gonna REALLY suck.  

 

REMOVE THAT SHIT immediately.

[dilpickle]

This is not a technical problem. The one and only thing you need to do is gather all the evidence you can and report this person to management.

 

If nothing happens then I would consider finding a better employer.

[Gordon_4]

Uh, dude.  Take this to your management and IT/Cyber Security department.  Because this is not really the place to be airing this kind of laundry.  This isn't "My idiot brother installed bonzi buddy", this is "My criminally inept employee has committed a serious breach of any sensible security framework, and exposed the company to legal liability with illegally obtained and likely compromised software"

 

One of these things is the kind you come to LTT forums for help with.  The other not so much.

[ToboRobot]

On 1/29/2024 at 8:41 AM, DaveMedan said:

This is a continuation of the last post,

but it has been solved under that branch, 
no more torrenting

 

but I discovered that my branch that I seldom visit due to my nature of work,

has violated the company rule, the PC I set for them,

but the senior (earlier) employee requested Microsoft Office to be installed, 

Even though I ask them if they use Macro or not, and they say no. 

So I command them to use LibreOffice.

However, this so-called "IT" employee got used to being under my dad's leadership,

that don't care about security and legality, was accustomed to using crack software.

 

But since I took over, 2 branches are already under my control regarding the tech.

 

Since the senior so-called IT, know each admin password for the computer, 

he helps them install the cracked Microsoft Office.

 

How do you resolve this? 

 

 

 

 

 

Not sure if this is an issue of translation but commanding people to do things, rarely is an effective leadership strategy.  Education is a better approach.

[Kisai]

6 hours ago, ToboRobot said:

Not sure if this is an issue of translation but commanding people to do things, rarely is an effective leadership strategy.  Education is a better approach.

Depends.

 

You pretty much go "Tell them no", "Tell then why", and if they still insist on doing this, take it away from them.

 

If you have employees or staff that for some reason have the admin password, (it's very easy to "break in" to any machine you have physical access to unless the hard drive is encrypted) then you take that access away.

 

When I was doing work for the engineering firm, every single employee would ask for admin access because their software tools often self-updated but could not be installed without admin access. I would not give it to them and also knew that even if I did set their account locally to have it, it would end up reset after a day anyway.

 

If you want to go the malicious route, you could turn them in to the BSA.

https://reporting.bsa.org/r/report/add.aspx?src=us&ln=en-us

 

But that's something you'd only do if you think the business is entirely complicit in it. Eg, they are using pirated software as part of their business workflow, and not as say... "a means to keep an old paid-for product functioning outside the scope it was intended to be used for",  See LTT and the unactivated Windows licenses used on their tech benches. I'm sure if LTT was audited, they'd probably find they have far more windows OS licenses than they have computers.

 

Likewise, and this goes for all content creators, sometimes the only way to run/play a certain program/game is on the original OS or original hardware it was designed for, and thus you might need a modified(pirated) slipstreamed version of that specific OS, because the original Media doesn't work, or a "restore partition" was destroyed. You may have that software on 5.25" diskettes somewhere, but have no hardware in which to read it.

 

Remember when you "were required to" burn backup discs for your new HP/compaq computer because HP/Compaq was too cheap to include media? If you ever formatted the thing, good luck finding those discs. Even stores like futureshop at the time would have binders of HP/Compaq restore media, but if someone brought in any other manufacturer's device, they would resort to using whatever OEM media they had laying around anyway when they had to wipe the machine.

 

Sometimes it doesn't matter as long as the thing has the correct license. So that's would really be my concern. If they are a legitimate business, they should not be downloading torrents of anything except linux disc images.