ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Ransomware Management versus IT Decision Making Fork

    Water Closet
    4
    28
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in Cerber virus/ransomware making the rounds...:

      @wirestyle22 said in Cerber virus/ransomware making the rounds...:

      Ransomware is so annoying. It doesn't matter how much I train my users they ultimately don't care.

      Which means that ultimately, you should not either.

      This is over stating... You should care as long as management cares, not the users.

      S 1 Reply Last reply Reply Quote 1
      • S
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said in Cerber virus/ransomware making the rounds...:

        @scottalanmiller said in Cerber virus/ransomware making the rounds...:

        @wirestyle22 said in Cerber virus/ransomware making the rounds...:

        Ransomware is so annoying. It doesn't matter how much I train my users they ultimately don't care.

        Which means that ultimately, you should not either.

        This is over stating... You should care as long as management cares, not the users.

        If HR doesn't make them care, then that is what management wants. He's a "user" to HR just like everyone else. If HR doesn't care, they represent management. It's not overstating. IT should never take on HR's job or care more than HR. Never. Unless the object is to get HR fired, and that's only if the business is somehow unable to see what HR is doing.

        D 1 Reply Last reply Reply Quote 1
        • D
          dafyre @scottalanmiller
          last edited by dafyre

          @scottalanmiller said in Cerber virus/ransomware making the rounds...:

          @Dashrender said in Cerber virus/ransomware making the rounds...:

          @scottalanmiller said in Cerber virus/ransomware making the rounds...:

          @wirestyle22 said in Cerber virus/ransomware making the rounds...:

          Ransomware is so annoying. It doesn't matter how much I train my users they ultimately don't care.

          Which means that ultimately, you should not either.

          This is over stating... You should care as long as management cares, not the users.

          If HR doesn't make them care, then that is what management wants. He's a "user" to HR just like everyone else. If HR doesn't care, they represent management. It's not overstating. IT should never take on HR's job or care more than HR. Never. Unless the object is to get HR fired, and that's only if the business is somehow unable to see what HR is doing.

          One of the goals of IT is to support the business, right?

          That means we have to protect the company's data... How can we do that if we simply let every Crypto, Trojan, Worm, or other malware into our networks?

          If management doesn't care, then should we use backups?

          If we ask for AV software or backup software and management wants to know why, and we explain it, and they say yes, go get it...isn't that a sign that they care at least a little? Why would we sit on our thumbs instead of protecting our data? I say our data because it doesn't matter who actually gets the virus that eats all their files, IT is responsible in the user's eye. So when Joe User clicks the "Infect me now" link on a web site or email, it's somehow magically IT's fault.

          S 4 Replies Last reply Reply Quote 0
          • S
            scottalanmiller @dafyre
            last edited by

            @dafyre said in Cerber virus/ransomware making the rounds...:

            One of the goals of IT is to support the business, right?

            Correct, so that means supporting what the business wants. Not trying to define what it wants.

            1 Reply Last reply Reply Quote 0
            • S
              scottalanmiller @dafyre
              last edited by

              @dafyre said in Cerber virus/ransomware making the rounds...:

              That means we have to protect the company's data...

              No, it does not. that's for the business to determine. Supporting the business means supporting it, not taking it over with our own ideas.

              D D 2 Replies Last reply Reply Quote 0
              • D
                dafyre @scottalanmiller
                last edited by

                @scottalanmiller said in Cerber virus/ransomware making the rounds...:

                @dafyre said in Cerber virus/ransomware making the rounds...:

                That means we have to protect the company's data...

                No, it does not. that's for the business to determine. Supporting the business means supporting it, not taking it over with our own ideas.

                How can you have a business with out the data that belongs to the business?

                That would be akin to opening a Walmart without stocking the shelves.

                S 2 Replies Last reply Reply Quote 0
                • D
                  DustinB3403 @scottalanmiller
                  last edited by

                  @scottalanmiller said in Cerber virus/ransomware making the rounds...:

                  @dafyre said in Cerber virus/ransomware making the rounds...:

                  That means we have to protect the company's data...

                  No, it does not. that's for the business to determine. Supporting the business means supporting it, not taking it over with our own ideas.

                  If the business has some really poor ideas on how to do something technical, wouldn't it be our job to provide more sound solutions and sway the wants of the company to that better solution?

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    scottalanmiller @dafyre
                    last edited by

                    @dafyre said in Cerber virus/ransomware making the rounds...:

                    How can you have a business with out the data that belongs to the business?

                    That's for the business to decide, not IT. You aren't being supportive, you are trying to take charge.

                    D 1 Reply Last reply Reply Quote 0
                    • S
                      scottalanmiller @DustinB3403
                      last edited by

                      @DustinB3403 said in Cerber virus/ransomware making the rounds...:

                      If the business has some really poor ideas on how to do something technical, wouldn't it be our job to provide more sound solutions and sway the wants of the company to that better solution?

                      If management is making ANY technical decisions, they are taking over IT. If management wants to make IT decisions, that's their prerogative, not ours. IT can inform management of IT principals, but ultimately it is management's and only management's job to determine if they want to apply them.

                      1 Reply Last reply Reply Quote 0
                      • S
                        scottalanmiller @dafyre
                        last edited by

                        @dafyre said in Cerber virus/ransomware making the rounds...:

                        That would be akin to opening a Walmart without stocking the shelves.

                        And if Walmart management decides that not stocking shelves is their business plan and IT decides to do it behind their backs, against their instructions, that is insubordination, not support.

                        1 Reply Last reply Reply Quote 0
                        • D
                          dafyre @scottalanmiller
                          last edited by

                          @scottalanmiller said in Cerber virus/ransomware making the rounds...:

                          @dafyre said in Cerber virus/ransomware making the rounds...:

                          How can you have a business with out the data that belongs to the business?

                          That's for the business to decide, not IT. You aren't being supportive, you are trying to take charge.

                          Only the technology stuff. My boss would have to fire me before I'd sit down and shut up about not protecting out data. I may find myself out on the street, but one disaster later, I'd expect that management guy to be on the streets next to me because he discovered that backups are necessary.

                          S 1 Reply Last reply Reply Quote 0
                          • S
                            scottalanmiller @dafyre
                            last edited by

                            @dafyre said in Cerber virus/ransomware making the rounds...:

                            If management doesn't care, then should we use backups?

                            If they don't care if you do or do not, that means they are leaving it up to you if you want to put in the effort. It's a personal call. But no one "doesn't care", not in the real world. Realistically you don't mean "don't care", you mean that they don't want to spend the money on it. In which case, no, you should not care personally at all and you absolutely should not do something you were informed not to do.

                            D 1 Reply Last reply Reply Quote 0
                            • D
                              DustinB3403
                              last edited by

                              But the reason management hire "you" was to be their expert (their guy) so if management isn't listening to your advice why should they bother to have you?

                              I know I'm playing devils advocate again here. So just go along with it.

                              If management says "We want everyone to have 50" tv's for monitors" sure, go buy 50" tv's (hopefully at some kind of bulk discount).

                              But if management is saying "We want the firewall to allow all the downloads" then IT needs to step in and make that clear that it's not a good idea.

                              S 2 Replies Last reply Reply Quote 0
                              • S
                                scottalanmiller @dafyre
                                last edited by

                                @dafyre said in Cerber virus/ransomware making the rounds...:

                                Only the technology stuff. My boss would have to fire me before I'd sit down and shut up about not protecting out data.

                                That's a fine personal position to take, we call it the "AJ Effect"... when IT people feel that their idea of "ideal IT" is more important than supporting the business that they were hired to do. It's not "wrong" per se, but people have been fired over it and it means that you are taking an emotional path to your job where you feel that you should be doing something, that you've determined on your own, other than what the people who own the business want you to do. It's not your job to make the judgement call or to override the people who own the business.

                                D 1 Reply Last reply Reply Quote 0
                                • D
                                  dafyre @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Cerber virus/ransomware making the rounds...:

                                  @dafyre said in Cerber virus/ransomware making the rounds...:

                                  If management doesn't care, then should we use backups?

                                  If they don't care if you do or do not, that means they are leaving it up to you if you want to put in the effort. It's a personal call. But no one "doesn't care", not in the real world. Realistically you don't mean "don't care", you mean that they don't want to spend the money on it. In which case, no, you should not care personally at all and you absolutely should not do something you were informed not to do.

                                  Which leads to me getting in hot water because I wasn't backing up the data. My response of "Well, I told you so, and that I wanted this product that cost X amount of dollars to do it never got approved" still has the net effect of me being out on the street.

                                  I will find some way to back up company data if they say I can't spend money to do it, I can find free ways.

                                  S 2 Replies Last reply Reply Quote 0
                                  • S
                                    scottalanmiller @DustinB3403
                                    last edited by

                                    @DustinB3403 said in Cerber virus/ransomware making the rounds...:

                                    But the reason management hire "you" was to be their expert (their guy) so if management isn't listening to your advice why should they bother to have you?

                                    That's, again, their choice. This is a red herring in this discussion.

                                    1 Reply Last reply Reply Quote 1
                                    • S
                                      scottalanmiller @DustinB3403
                                      last edited by

                                      @DustinB3403 said in Cerber virus/ransomware making the rounds...:

                                      But if management is saying "We want the firewall to allow all the downloads" then IT needs to step in and make that clear that it's not a good idea.

                                      Oh sure, they should. Assuming that they've not been told not to do so (AJ Effect involves people doing it after being told to not give that advice anymore) they should advise. But advising and doing something anyway are not at all the same thing.

                                      As long as the role is truly one of being an advising (which is a big IF, most IT is not in that role), then the advice should be given. In either case, if management decides to not take the advice, IT needs to not do it anyway.

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        scottalanmiller @dafyre
                                        last edited by

                                        @dafyre said in Cerber virus/ransomware making the rounds...:

                                        @scottalanmiller said in Cerber virus/ransomware making the rounds...:

                                        @dafyre said in Cerber virus/ransomware making the rounds...:

                                        If management doesn't care, then should we use backups?

                                        If they don't care if you do or do not, that means they are leaving it up to you if you want to put in the effort. It's a personal call. But no one "doesn't care", not in the real world. Realistically you don't mean "don't care", you mean that they don't want to spend the money on it. In which case, no, you should not care personally at all and you absolutely should not do something you were informed not to do.

                                        Which leads to me getting in hot water because I wasn't backing up the data. My response of "Well, I told you so, and that I wanted this product that cost X amount of dollars to do it never got approved" still has the net effect of me being out on the street.

                                        Actually they can't fire you for that. That would, even in states that allow you to fire for nearly any reason, get them in hot water. An investigation at least. Firing for following instructions is not a valid firing reason anywhere.

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          scottalanmiller @dafyre
                                          last edited by

                                          @dafyre said in Cerber virus/ransomware making the rounds...:

                                          I will find some way to back up company data if they say I can't spend money to do it, I can find free ways.

                                          And if they had a reason why they needed that data not to be backed up? Like it violated data retention laws?

                                          D 1 Reply Last reply Reply Quote 0
                                          • D
                                            dafyre @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Cerber virus/ransomware making the rounds...:

                                            It's not "wrong" per se, but people have been fired over it...

                                            But again being fired for backing up company data... or have no job because the company data vanished... both of those have same net effect of me being jobless.

                                            I've never been in that situation of a company saying "don't backup my data"... nor would I stick around if I discovered that I was working for one that did take that tack... I don't want to work for (or with) people that simply do not care.

                                            S 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post