January 19, 2011, 11:11 AM — There are perks to working IT, as in all jobs. Golf outings, dinners or little gifts from vendor reps. "Free" demo products; software on personal machines with serial numbers that, technically, are assigned to the company.
Between pulling cable, building apps to specs that change every time a unit manager says "Mmm, you know what..." and lusers who still don't know the difference between the computer and the monitor, it's not a gig lacking in frustration -- even before you get into interdepartmental budget talks that are more like domestic disturbances than business meetings.
So if a copy of Office finds its way home instead of staying on the shelf, that's understandable. It doesn't mean IT people are budget-robbing, advantage-taking manipulators out only for their own good.
Computerworld's Tam Harbert reports on a company surprised to find itself targeted by the Business Software Alliance for software piracy, and finding the cause was a sysadmin who not only pirated the software, but also ran a commercial porn site form a corporate server and pulled 400 customer credit cards from the company's e-commerce server.
If you ever find yourself tempted, that one is definitely over the ethical line.
Three quarters of data-loss and sabotage comes from insiders rather than outsiders, according to studies from CERT (the Software Engineering Institute at Carnegie Mellon University). Most keep the crimes quiet to avoid embarassment.
That's a big mistake, according to CSO security guru Bill Brenner not only because it doesn't get all the bad apples out of the barrel, it also doesn't address the problem of spending most of your security budget keeping people out when the biggest problem is already on the inside.
It's possible to respond internally with extra training on where the ethical line is and how -- if you're a manager -- to spot those dancing on the wrong side of it.