When I was working at a previous company, my manager jumped on my PC and used it to send an email from my account to my colleague, while I was out on my lunch break. It was a joke, which I thought was highly unprofessional. I asked my colleague, and he said that he seen the manager use my computer. I confronted the manager and she owned up to it. I've asked her to explain, and her excuse was that I should have locked my PC and I didn't take it anywhere further. However, I could see how a more serious incident could happen, so I wouldn't be surprised if it was the CEO where hubris can run rampant at those levels. Usually companies would have audit logs of who and when the account was accessed, I would start looking there.
At a previous employer I worked at, this was pretty common.
If you left your computer unlocked for any amount of time, you were pretty much guaranteed to be screwed with.
Because it was so common, it wasn't a big deal. If you got an odd email from a co-worker, you assumed they must have forgotten to lock their computer.
It was a security related company, and the general excuse was that the practice was intended as negative reinforcement to push everyone to have better security practices.
I don't know if it was a good or bad culture to have. I can tell you that, to this day, I never leave my computer unlocked.
Pranks are a sign of trust. The trust bit is that you only use it for pranks and not any of the myriad other things you can actually do with a logged in computer. But the pranks should be a reminder they might just as well not have been a prank, and that you should bloody well lock your computer already.
Can't find it at the moment but I remember Adam Savage once saying that him and Jamie Hyneman never play practical jokes on each other. It would end up with one of them duct-taping the windows on the other one's house to fill it with water. Don't prank your sysadmin. It won't end well for you.
For context, the two Mythbusters presenters have famously different personalities and are not exactly friends. This reinforces the idea that pranks are generally done between people who feel they can trust one another.
There was trust between them. Trust does not require compatible personalities. Both of them have spoken at length about their working relationship. Part of that trust was knowing the other one would never condone or sign off on pranking. Adam was pranked once with a cattleprod and it resulted in firing the producer that was responsible (and Jamie was not in on it).
Pranks are cheap laughs, slapstick humor. It does not belong in a work environment.
I've done this, but I would only do it to people I already consider friends. If it ends up being over-stepping, you apologize and move on. It shouldn't be a big deal.
Well, you totally deserved it imho, because you really should lock you PC. If something serious would have happened (missing important data etc.) it still would be mostly your fault, because I'm sure if you read company's IT security policy (that you've probably signed) you will find a clause that demands looking your PC whenever you leave your desk.
Where I work such jokes are even encouraged by IT personnel to help workers to take security seriously. Of course, nothing harmful is allowed, it's on the lines of "I'll bring cake to everyone tomorrow", "free pizza for everyone", "I owe $10 to X" etc. It's fun and, unlike most security practices, it really works as old-timers lock their PC even when going to restroom and mostly newbies still fall for this.
So unprofessional and disrespectful for both people...
Forgery is a crime - and I think sending an email from someones unlocked computer would fall under that if it was pressed in court.
If sysadmins have things set up that way, they can unlock a locked desktop and log in as the user; or even change the users account password and log in. Using these two methods as the example I would think no sane person would think it ok to log in and send an email as described. So why is it OK in this case, when a computer is left unlocked?
A normal person should feel guilty digging in another persons stuff - always; and the person who was violated should also be indignant. Period.
What if a boss or coworker had requested you to take care of something on their computer? Is the fact they gave you the access make it ok to look through their browser history while your there? If not, what exactly is and is not off limits during an 'authorized' entry event? And what is different if they left it unlocked instead?
Hope you can see how this opens a huge pandoras box.
Also, if people are not there to protect the team and coworkers, how can they trust each other when it is really important?? What will happen when there is an attacker from the internet forging things? How will you even know who is telling the truth then?
A professional will take care of the problem with a warning or a note. After so many repeat offenses, give the warnings more teeth, and/or start tracking them and provide punishments. Alternatively lock the desktops with an inactivity timer.
Just realized maybe you are trolling (or hoping you are!).
> So unprofessional and disrespectful for both people...
I know of companies that do this, and I totally agree with you. It's done under the guise of security, but is really just immature hazing. First, if I'm in an office environment with fellow employees why is locking my computer so important? Is it to stop the random person from stealing company secrets or impersonating me? If that's the case why wouldn't the other employees around my computer notice someone, since clearly they had to be close enough to notice if I left it unlocked.
Second, if I'm out in public theft is much bigger issue than locking the computer.
Finally, and something you touched on, is that now it makes it hard to differentiate between authorized and unauthorized. It's much easier to say using someone else's computer without their knowledge is grounds for termination 100% of the time.
> It's done under the guise of security, but is really just immature hazing.
I so agree. I saw things like this in the military. At that time it was tools...
Before aircraft takeoff and between shift changes; all tools must be turned in and accounted for. If one is missing all personnel for that shift and the one coming on have to go together for a tool search at every jet, vehicle, etc. This means every person searches as a team until it is found - this could be 50 or more people, 1/2 staying late from the previous shift! Depending on the supervisor they may also ground the aircraft squadron temporarily- ensuring that the pilots and admin staff also know who lost a tool.
It was extreme hazing - but at least I could assume that it was done for a good reason - true safety. If a jet starts up and a tool gets sucked into the engine bay people can die - not to mention the damage - it would be career ending for those found at fault.
Unfortunately like anything some joker I saw used it as an opportunity to harass someone they did not like. People could pocket a targets tool for a while, and turn it in anonymously at some point into the search when they felt enough damage had been done.
When I saw someone do that and justify it as a lesson - I decided that my integrity is more valuable. I have not regretted that particular decision yet.
Exactly - The reason for security is a weak reason - my coworkers had the same access as I and everyone could see my screen or if there was someone unknown sitting there, they would have spotted them straight away. We were all shoulder to shoulder in a far corner of the company. There was not much secret stuff going on there either.
There are many more important security practices that should be followed, more important than desktop locking, yet they don't attract the same kind of vigilante attention.
In my situation, it was blatant bullying, especially considering the inappropriate content of the email that was sent. The desktop locking was just an excuse. There was no other way you could frame this.
I worked somewhere where the behaviour described in OP's post happened. It was just lighthearted. We worked in desk 'bays', so someone sat next to the unlocked PC would have visuals on what the prankster was doing on the machine. Harmless emails like 'I'm buying the whole office donuts at lunch' were sent. It was very rare for any employee to leave their machines unlocked twice with this unofficial procedure in place.
I could see how a joke like this can accidentally turn into something harmful. Often these incidents are impulsive and the sender may not think twice about the implications.
So, while the computer is not your property, the information as well as access to personal accounts or information might be protected. All of that is personal and depending on jurisdiction can be protected and accessing it would be a violation.
I'm not entirely certain what the legal status of this in the US, but I know of other jurisdictions (Costa Rica, for example), where employers are forbidden from scanning, logging or viewing personal email accounts or even personal email on work accounts/computers. Hell, they can't even make a back-up of your computer without your permission.
The issue would be more like "I see my neighbour left his door open when leaving for work; I go in, leave a note on the kitchen table and shut the door". This might be OK or not depending on community, but at least it wouldn't be always entirely unreasonable.
At a former employer, when someone left their computer unlocked, usually, someone would send a mail from the unlocked computer to a mailing list that most people were subscribed to (including the person that left their computer unlocked, or CCing them if they weren't), with a subject like "I went to urinate" (and the mailing list name was essentially "pee", but in the local language).
That actually worked quite well as an "educative" tool.
This is pretty common in my workplace as well. Usually what gets sent is an e-mail along the lines of "due to leaving my computer unattended today, I'm bringing cake for everyone tomorrow".
I consider it a good method to keep everyone aware of computer security.
When I was working at a previous company, my manager jumped on my PC and used it to send an email from my account to my colleague, while I was out on my lunch break. It was a joke, which I thought was highly unprofessional. I asked my colleague, and he said that he seen the manager use my computer. I confronted the manager and she owned up to it. I've asked her to explain, and her excuse was that I should have locked my PC and I didn't take it anywhere further. However, I could see how a more serious incident could happen, so I wouldn't be surprised if it was the CEO where hubris can run rampant at those levels. Usually companies would have audit logs of who and when the account was accessed, I would start looking there.