After self hosting several services for a few users, with SSO, backups, hardware issues etc, I really appreciate how good the IT was in my old company. Everything was connected, smooth, slick and you could tell it was secure. I had very few issues and when I did, they were quickly solved. Doing this all at scale for thousands of employees spread across the world, it is a wonderful sight to see.

Now at my current company, it’s at the opposite end of the scale where I almost believe that I could do a better job by myself! They’ve trying to do everything you would expect but somehow doing it wrong. They are so heavy on security I have a Citrix environment that takes me 3 logins to get to, fails constantly and means I can’t work without internet (like on a long train journey for work purposes recently), and on the other hand they’ve only just turned off admin rights for users so we could’ve installed anything we wanted!!! All our attachments (incoming and outgoing) are saved to a secure website (like OneDrive) and replaced with a link. It doesn’t save the file names on the email so it’s really tricky to find old emails if it’s a document you’re looking for. I could go on but just venting at this point as it’s so frustrating!!!

Thank you to the good IT people out there. Your roles are so important but not appreciated enough!

  • @[email protected]
    link
    fedilink
    English
    429 months ago

    My favorite is when IT deploys software that replaces all the links in your e-mails with https://example.com/phishing/YiCdMdsY so you can’t tell whether the e-mail is phishing or not, frequently sends you very obvious fake phishing e-mails that interrupt your work by going straight to your priority inbox, and punishes anyone caught clicking on phishing e-mails. Then HR sends out e-mails that have all the indicators of low effort phishing and you’re supposed to click on those.

    • Konraddo
      link
      English
      159 months ago

      Omg, my previous company did the same. But you missed a part. If you accidentally left out a real email, thinking it’s a scam, then the client will file a complaint.

      • @[email protected]
        link
        fedilink
        English
        199 months ago

        New action items have been assigned to you:

        • Remedial cybersecurity training (4hr): due by Mar 22
        • @BigMikeInAustin
          link
          English
          69 months ago

          Had one of those. Very convincing. Showed my boss. My boss also thought I could be real. So I clicked it. The landing page was an internal “you’ve been caught” page. Then I got the phishing-email training assignment.

    • @dai
      link
      English
      69 months ago

      Gallagher were great at that, rubbish solution for “teaching” staff about phishing which would infuriate all staff caught in the net. Would come from internal email addresses too which, if one person’s email / credentials are compromised they’ve got bigger fish to fry.