Well, I talked with the manager over the customer service people. He feels that as theres only about a half-dozen people there, that its sorta like family no one is going to go to someone elses computer and attempt to frame them for something. As for sharing email, Ive set it up, but we take orders via email sometimes, so it would be confusing to try and figure out who was supposed to be entering that order. I think its a lost cause for customer service. When/if we get more people, I might raise the prospect again, but for now, I think well just keep the distribution list internal and hope that the ladies in customer service dont try to frame each other for their misdeeds.
John-AldrichTile-Tools From: Alan Davies [mailto:[email protected]] Sent: Friday, August 27, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Password sharing policy Fair enough .. and that's part of the risk assessment you do for conducting business at that level. Nothing too far wrong with it if you understand and accept the risk and have no legal/regulatory necessity to comply. There are other controls you may wish to put in place ... from a very basic level a paper based system of held records for use of particular credentials. For every solution there are many nuts to crack ... or cats to skin ... or something .. a _____ From: John Aldrich [mailto:[email protected]] Sent: 27 August 2010 15:40 To: NT System Admin Issues Subject: RE: Password sharing policy A couple problems our email is hosted, and while I can share email usernames/passwords, thats about all I can do. Second, we dont have a lot of money right now to spend on IT, or anything much. Third, were privately held, and dont process credit cards so theres very little regulatory compliance of which Im aware, that we could fall afoul of. John-AldrichTile-Tools From: Alan Davies [mailto:[email protected]] Sent: Friday, August 27, 2010 10:02 AM To: NT System Admin Issues Subject: RE: Password sharing policy What's wrong with sharing mailboxes, etc. instead so there's some prospect of auditing? Same with folder ACLs. If you have the money, there are enterprise solutions to ease the pain ... There's nothing I can think of that would cause me to allow an employee to do this. Particularly since it's a hard regulatory requirement not to. a _____ From: John Aldrich [mailto:[email protected]] Sent: 27 August 2010 14:40 To: NT System Admin Issues Subject: RE: Password sharing policy Necessary evil among customer service here We have people out one day/week on a rotating basis, and the person that is covering their area for them has to be able to log in as that user. I strongly discourage anyone outside that area from sharing their passwords, but we have no active policy regarding it. John-AldrichTile-Tools From: Bob Fronk [mailto:[email protected]] Sent: Friday, August 27, 2010 8:43 AM To: NT System Admin Issues Subject: OT: Password sharing policy Good morning list . I am interested in seeing any written password sharing policies you have in place. It seems ours is written in Latin, since no one seems to understand it. I am going to draft a new policy, but would like to see how others handle this and get opinions from the list on how big of a deal sharing passwords is in other businesses. (Personally, I think it is a BIG deal) Thanks, BF **************************************************************************** ******** WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" **************************************************************************** ******** WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9076906 or send a blank email to leave-9076906-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
<<image001.jpg>>
<<image002.jpg>>
