Fired for doing disallowed web searches; how can I show it was outside my control?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.
I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.
How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?
termination
edited Jan 4 at 12:57
PKG
1054
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
|
show 10 more comments
My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.
I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.
How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?
termination
edited Jan 4 at 12:57
PKG
1054
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
8
Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37
7
Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06
5
I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37
18
Have anxiety and never read the pop ups.Sorry, but that just makes me upset...
– Michael
Dec 31 '18 at 1:57
10
@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
Jan 2 at 16:20
|
show 10 more comments
My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.
I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.
How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?
termination
edited Jan 4 at 12:57
PKG
1054
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.
I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.
How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?
termination
termination
edited Jan 4 at 12:57
PKG
1054
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
edited Jan 4 at 12:57
PKG
1054
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
edited Jan 4 at 12:57
PKG
1054
edited Jan 4 at 12:57
PKG
1054
edited Jan 4 at 12:57
PKG
1054
1054
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
asked Dec 30 '18 at 16:26
Confused so badConfused so bad
6012
6012
8
Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37
7
Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06
5
I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37
18
Have anxiety and never read the pop ups.Sorry, but that just makes me upset...
– Michael
Dec 31 '18 at 1:57
10
@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
Jan 2 at 16:20
|
show 10 more comments
8
Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37
7
Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06
5
I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37
18
Have anxiety and never read the pop ups.Sorry, but that just makes me upset...
– Michael
Dec 31 '18 at 1:57
10
@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
Jan 2 at 16:20
8
8
Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37
Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37
7
7
Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06
Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06
5
5
I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37
I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37
18
18
Have anxiety and never read the pop ups. Sorry, but that just makes me upset...– Michael
Dec 31 '18 at 1:57
Have anxiety and never read the pop ups. Sorry, but that just makes me upset...– Michael
Dec 31 '18 at 1:57
10
10
@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
Jan 2 at 16:20
@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
Jan 2 at 16:20
|
show 10 more comments
4 Answers
4
active
oldest
votes
The only real advice anyone can give you is to contact a lawyer and see what they say.
You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.
In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
18
This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57
6
In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25
6
@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14
6
@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16
4
@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30
|
show 6 more comments
Someone else was probably on your machine
In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.
It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.
What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.
In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.
I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.
Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.
answered Dec 30 '18 at 17:53
520520
5,044827
2
This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35
2
wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33
1
@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53
1
@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
Jan 2 at 22:27
2
@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
Jan 3 at 20:02
|
show 4 more comments
Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.
From the perspective of someone working in information security, your situation is not uncommon.
First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.
This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.
You need to understand this context of yours first.
In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".
We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).
We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.
Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.
There are many cases where ABC does not match the human:
- we were hacked and someone used account ABC for that
- an administrator acted as ABC
- someone used ABC account when the human was not at the keyboard
- someone saw the human typing their password and later that someone connected to ABC account
- ... and plenty of other cases
These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)
It can be that we/the authorities prove that the human was the one using account ABC. Case closed.
It can be that we see that the human was not using the account ABC. In that case we need to determine whether
- it is their fault (did not lock the device while explicitly asked to - for instance)
- or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)
As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".
To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further
Have anxiety and never read the pop ups
Please do, this makes everyone's life easier and more secure.
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07
I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
Jan 3 at 18:36
add a comment |
The issue is the policy itself.
Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "423"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: false,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f125553%2ffired-for-doing-disallowed-web-searches-how-can-i-show-it-was-outside-my-contro%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
StackExchange.ready(function () {
$("#show-editor-button input, #show-editor-button button").click(function () {
var showEditor = function() {
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
};
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True') {
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup({
url: '/post/self-answer-popup',
loaded: function(popup) {
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
}
})
} else{
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true) {
showEditor();
}
}
});
});
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
The only real advice anyone can give you is to contact a lawyer and see what they say.
You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.
In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
18
This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57
6
In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25
6
@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14
6
@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16
4
@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30
|
show 6 more comments
The only real advice anyone can give you is to contact a lawyer and see what they say.
You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.
In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
18
This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57
6
In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25
6
@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14
6
@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16
4
@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30
|
show 6 more comments
The only real advice anyone can give you is to contact a lawyer and see what they say.
You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.
In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
The only real advice anyone can give you is to contact a lawyer and see what they say.
You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.
In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
answered Dec 30 '18 at 16:29
user1666620user1666620
13.7k104053
13.7k104053
18
This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57
6
In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25
6
@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14
6
@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16
4
@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30
|
show 6 more comments
18
This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57
6
In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25
6
@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14
6
@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16
4
@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30
18
18
This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57
This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57
6
6
In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25
In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25
6
6
@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14
@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14
6
6
@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16
@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16
4
4
@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30
@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30
|
show 6 more comments
Someone else was probably on your machine
In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.
It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.
What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.
In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.
I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.
Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.
answered Dec 30 '18 at 17:53
520520
5,044827
2
This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35
2
wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33
1
@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53
1
@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
Jan 2 at 22:27
2
@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
Jan 3 at 20:02
|
show 4 more comments
Someone else was probably on your machine
In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.
It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.
What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.
In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.
I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.
Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.
answered Dec 30 '18 at 17:53
520520
5,044827
2
This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35
2
wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33
1
@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53
1
@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
Jan 2 at 22:27
2
@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
Jan 3 at 20:02
|
show 4 more comments
Someone else was probably on your machine
In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.
It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.
What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.
In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.
I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.
Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.
answered Dec 30 '18 at 17:53
520520
5,044827
Someone else was probably on your machine
In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.
It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.
What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.
In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.
I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.
Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.
answered Dec 30 '18 at 17:53
520520
5,044827
edited Dec 30 '18 at 17:59
answered Dec 30 '18 at 17:53
520520
5,044827
answered Dec 30 '18 at 17:53
520520
5,044827
answered Dec 30 '18 at 17:53
520520
5,044827
5,044827
2
This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35
2
wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33
1
@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53
1
@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
Jan 2 at 22:27
2
@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
Jan 3 at 20:02
|
show 4 more comments
2
This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35
2
wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33
1
@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53
1
@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
Jan 2 at 22:27
2
@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
Jan 3 at 20:02
2
2
This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35
This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35
2
2
wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33
wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33
1
1
@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53
@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53
1
1
@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
Jan 2 at 22:27
@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
Jan 2 at 22:27
2
2
@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
Jan 3 at 20:02
@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
Jan 3 at 20:02
|
show 4 more comments
Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.
From the perspective of someone working in information security, your situation is not uncommon.
First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.
This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.
You need to understand this context of yours first.
In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".
We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).
We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.
Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.
There are many cases where ABC does not match the human:
- we were hacked and someone used account ABC for that
- an administrator acted as ABC
- someone used ABC account when the human was not at the keyboard
- someone saw the human typing their password and later that someone connected to ABC account
- ... and plenty of other cases
These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)
It can be that we/the authorities prove that the human was the one using account ABC. Case closed.
It can be that we see that the human was not using the account ABC. In that case we need to determine whether
- it is their fault (did not lock the device while explicitly asked to - for instance)
- or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)
As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".
To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further
Have anxiety and never read the pop ups
Please do, this makes everyone's life easier and more secure.
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07
I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
Jan 3 at 18:36
add a comment |
Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.
From the perspective of someone working in information security, your situation is not uncommon.
First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.
This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.
You need to understand this context of yours first.
In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".
We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).
We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.
Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.
There are many cases where ABC does not match the human:
- we were hacked and someone used account ABC for that
- an administrator acted as ABC
- someone used ABC account when the human was not at the keyboard
- someone saw the human typing their password and later that someone connected to ABC account
- ... and plenty of other cases
These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)
It can be that we/the authorities prove that the human was the one using account ABC. Case closed.
It can be that we see that the human was not using the account ABC. In that case we need to determine whether
- it is their fault (did not lock the device while explicitly asked to - for instance)
- or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)
As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".
To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further
Have anxiety and never read the pop ups
Please do, this makes everyone's life easier and more secure.
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07
I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
Jan 3 at 18:36
add a comment |
Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.
From the perspective of someone working in information security, your situation is not uncommon.
First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.
This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.
You need to understand this context of yours first.
In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".
We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).
We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.
Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.
There are many cases where ABC does not match the human:
- we were hacked and someone used account ABC for that
- an administrator acted as ABC
- someone used ABC account when the human was not at the keyboard
- someone saw the human typing their password and later that someone connected to ABC account
- ... and plenty of other cases
These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)
It can be that we/the authorities prove that the human was the one using account ABC. Case closed.
It can be that we see that the human was not using the account ABC. In that case we need to determine whether
- it is their fault (did not lock the device while explicitly asked to - for instance)
- or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)
As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".
To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further
Have anxiety and never read the pop ups
Please do, this makes everyone's life easier and more secure.
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.
From the perspective of someone working in information security, your situation is not uncommon.
First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.
This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.
You need to understand this context of yours first.
In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".
We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).
We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.
Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.
There are many cases where ABC does not match the human:
- we were hacked and someone used account ABC for that
- an administrator acted as ABC
- someone used ABC account when the human was not at the keyboard
- someone saw the human typing their password and later that someone connected to ABC account
- ... and plenty of other cases
These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)
It can be that we/the authorities prove that the human was the one using account ABC. Case closed.
It can be that we see that the human was not using the account ABC. In that case we need to determine whether
- it is their fault (did not lock the device while explicitly asked to - for instance)
- or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)
As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".
To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further
Have anxiety and never read the pop ups
Please do, this makes everyone's life easier and more secure.
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
answered Dec 31 '18 at 9:30
WoJWoJ
2,617913
2,617913
I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07
I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
Jan 3 at 18:36
add a comment |
I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07
I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
Jan 3 at 18:36
I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07
I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07
I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
Jan 3 at 18:36
I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
Jan 3 at 18:36
add a comment |
The issue is the policy itself.
Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
add a comment |
The issue is the policy itself.
Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
add a comment |
The issue is the policy itself.
Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
The issue is the policy itself.
Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
answered Jan 2 at 15:16
Alberto Salvia NovellaAlberto Salvia Novella
1211
1211
add a comment |
add a comment |
Thanks for contributing an answer to The Workplace Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f125553%2ffired-for-doing-disallowed-web-searches-how-can-i-show-it-was-outside-my-contro%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
8
Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37
7
Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06
5
I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37
18
Have anxiety and never read the pop ups.Sorry, but that just makes me upset...– Michael
Dec 31 '18 at 1:57
10
@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
Jan 2 at 16:20