04-06-2022 01:47 PM - edited 04-06-2022 01:49 PM
A thread in an MSP Facebook group discussion that I read this morning surfaced a memory from a few years back. I served as an IT director at a manufacturing company, and it was my job to create a security program. One of the greatest lessons I learned was to walk around and speak with people, informally, and never be judgmental. You can learn a lot when people trust you.
It took spending time with customer service (and donuts) to learn there was no process for covering for an agent (or manager) who was out rather than sharing physical machines and passwords. That was an immediate "red flag," even if they didn't see it that way. We set up shared aliases and delegates to address some of those issues as well as more defined processes for OoO, involving forms and notifying IT. This may not sounds like a big deal, but custom service had access to important company/customer information that had to remain confidential.
The same held true for server room access. An alarm would go off on occasion, so everyone in that area had the door code. There was no auditing for who accessed when, or at the very least controls physical security. We've not have learned that by staying up in IT and passively making policies or responding to tickets. Our previous MSP made no mention of any of it and the IT team that I took over for either didn't ask or care to look beyond its nose. It was my responsibility to learn how things really operated.
There's much more to cyber security than buying "stuff."
Have you had similar encounters in your work?
04-07-2022 09:42 AM
You make an excellent point about everyone having a door code. Especially if it's a platform that has the ability to do auditing. I think far too often, as admins, we make the mistake of having a singular administrator password that gets used for everything. It's typically not that difficult to create distinct accounts that generate a paper trail of who is accessing what and when so that you can ask why. It's easy for us to sit back in our offices and never touch anything, but there is a lot of value in just taking a stroll and getting to know people. Just say hi, ask if they have any issues they regularly face and see if there's a process you could improve on. Nothing will ever be perfect, but it's a bit lazy for us to just sit at our desks and assume everything is working smoothly just because we do not hear any noise. People who work with the technology and infrastructure all day are often an untapped source of immense knowledge.
Get some donuts and some coffee and step up your small talk. You never know what disasters you might head off before they happen.
04-07-2022 10:14 AM
I was in IT at a place where we called it "making a lap" and it usually served multiple purposes. First it was a chance to get up away from your desk, which was extra helpful when you were stuck on something. That was just a bonus though, the opportunity to be available to talk to people who would say "it wasn't worth a ticket/call but since you're here..." helped build that relationship. I personally am always interested in how other people solve problems, so seeing the solution someone uses to Do The Thing is always useful. Plus having the vaguest idea what your users do helps plan for what they need in the future. My job is remote now, and I love it, but I do miss getting to make a lap every so often.
04-08-2022 12:16 PM
Making a lap was really helpful in elevating people's trust in me over the years before the pandemic. We've been work from home for over two years now and seeing a lot of the low level issues stack up for people where when they finally reach out, it's with four problems all at once. What are people doing to keep in touch with remote employees?
04-27-2022 03:56 PM
You raise a great point about remote work. There's so much communication that occurs when people are face-to-face that appears to be more difficult to replicate online. I like your "office hours" approach.
04-08-2022 12:55 PM
When I worked in student services, getting a chance to go to the lab and actually see how people were using the site was incredibly helpful. Like @kelly said, seeing how someone else solves a problem is useful, so seeing how they navigated the student website was as well. I had many "aha!" moments especially when we had freshmen registration sessions all in a room during orientation. Not quite the same now.
@krichard, I think you have to be more creative. We have a lot of Slack channels to keep in contact with people. Office hours and drop in sessions are another good way, but so is just scheduling some 1:1 meetings with people every now & again to see how things are going or ask what they would change / might need in the future.
Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.
04-08-2022 01:00 PM
Definitely keep up in Slack channels and 1:1 meetings with people that know me, but we've hired a good 20% of the company that doesn't know pre-pandemic me. I'm intrigued by office hours or drop-in sessions. What technology are people using to facilitate that? Just a recurring Zoom/Teams meeting or some other forum?
04-26-2022 04:50 PM
Usually just whatever the meeting software du jour is. When I have done them I will keep the meeting open in the background for anyone who stops by with questions. A recurring meeting invite so anyone can drop in.
Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.
05-15-2022 06:40 PM
I agree knowing what staff are doing and issues with workflow are important. I have found the best approach to this is someone that is a people person, doesn't always speak geek and can explain things in layman's terms without being condescending.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.