Fired for doing disallowed web searches; how can I show it was outside my control?












7














My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.



I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.



How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?










share|improve this question









New contributor




Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 7




    Possible duplicate of Company policy violation due to browser history syncing
    – yochannah
    Dec 30 '18 at 16:37






  • 7




    Did you not do them (at all) or did you do them on other devices and they may have synced?
    – bruglesco
    Dec 30 '18 at 17:06






  • 5




    I'm pretty sure signing into Maps logs you in to your Google account.
    – bruglesco
    Dec 30 '18 at 18:37






  • 17




    Have anxiety and never read the pop ups. Sorry, but that just makes me upset...
    – Michael
    Dec 31 '18 at 1:57








  • 9




    @Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
    – Seth R
    yesterday
















7














My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.



I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.



How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?










share|improve this question









New contributor




Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 7




    Possible duplicate of Company policy violation due to browser history syncing
    – yochannah
    Dec 30 '18 at 16:37






  • 7




    Did you not do them (at all) or did you do them on other devices and they may have synced?
    – bruglesco
    Dec 30 '18 at 17:06






  • 5




    I'm pretty sure signing into Maps logs you in to your Google account.
    – bruglesco
    Dec 30 '18 at 18:37






  • 17




    Have anxiety and never read the pop ups. Sorry, but that just makes me upset...
    – Michael
    Dec 31 '18 at 1:57








  • 9




    @Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
    – Seth R
    yesterday














7












7








7


0





My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.



I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.



How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?










share|improve this question









New contributor




Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











My employer found that I had been conducting certain prohibited web searches on my work devices, and fired me.



I had no screen locks or passwords on any of my work devices - and didn't know I was supposed to have them. So it's possible anyone could have got on them, without my permission. I know for sure I didn't do those searches myself. To the best of my belief, I never let anyone use my work devices, for company policy said it was illicit or inappropriate use.



How can I prove whether the websites showed up on work devices because of a browser sync, and not because they were actually searched from that device?







termination






share|improve this question









New contributor




Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 28 mins ago









PKG

1054




1054






New contributor




Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Dec 30 '18 at 16:26









Confused so bad

5012




5012




New contributor




Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Confused so bad is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 7




    Possible duplicate of Company policy violation due to browser history syncing
    – yochannah
    Dec 30 '18 at 16:37






  • 7




    Did you not do them (at all) or did you do them on other devices and they may have synced?
    – bruglesco
    Dec 30 '18 at 17:06






  • 5




    I'm pretty sure signing into Maps logs you in to your Google account.
    – bruglesco
    Dec 30 '18 at 18:37






  • 17




    Have anxiety and never read the pop ups. Sorry, but that just makes me upset...
    – Michael
    Dec 31 '18 at 1:57








  • 9




    @Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
    – Seth R
    yesterday














  • 7




    Possible duplicate of Company policy violation due to browser history syncing
    – yochannah
    Dec 30 '18 at 16:37






  • 7




    Did you not do them (at all) or did you do them on other devices and they may have synced?
    – bruglesco
    Dec 30 '18 at 17:06






  • 5




    I'm pretty sure signing into Maps logs you in to your Google account.
    – bruglesco
    Dec 30 '18 at 18:37






  • 17




    Have anxiety and never read the pop ups. Sorry, but that just makes me upset...
    – Michael
    Dec 31 '18 at 1:57








  • 9




    @Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
    – Seth R
    yesterday








7




7




Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37




Possible duplicate of Company policy violation due to browser history syncing
– yochannah
Dec 30 '18 at 16:37




7




7




Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06




Did you not do them (at all) or did you do them on other devices and they may have synced?
– bruglesco
Dec 30 '18 at 17:06




5




5




I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37




I'm pretty sure signing into Maps logs you in to your Google account.
– bruglesco
Dec 30 '18 at 18:37




17




17




Have anxiety and never read the pop ups. Sorry, but that just makes me upset...
– Michael
Dec 31 '18 at 1:57






Have anxiety and never read the pop ups. Sorry, but that just makes me upset...
– Michael
Dec 31 '18 at 1:57






9




9




@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
yesterday




@Confusedsobad, wait, wait, wait, are you saying you let random people in your house use your work device while you aren't even around, you routinely keep it in your unlocked car, and can't even keep track of where you left it?
– Seth R
yesterday










4 Answers
4






active

oldest

votes


















35














The only real advice anyone can give you is to contact a lawyer and see what they say.



You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.



In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.






share|improve this answer

















  • 14




    This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
    – Criggie
    Dec 30 '18 at 21:57






  • 5




    In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
    – Gabe Sechan
    Dec 31 '18 at 2:25






  • 6




    @GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:14






  • 5




    @LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
    – Gabe Sechan
    Dec 31 '18 at 3:16






  • 4




    @GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:30





















15














Someone else was probably on your machine



In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.



It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.



What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.



In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.




I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.




Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.






share|improve this answer



















  • 2




    This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
    – bruglesco
    Dec 30 '18 at 18:35






  • 2




    wait are you implying that someone can't be fired for a misunderstanding on the companies part?
    – bruglesco
    Dec 30 '18 at 19:33






  • 1




    @bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
    – 520
    Dec 30 '18 at 19:53








  • 1




    @stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
    – 520
    yesterday








  • 1




    @520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
    – David Thornley
    17 hours ago



















2














Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.



From the perspective of someone working in information security, your situation is not uncommon.



First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.



This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.



You need to understand this context of yours first.





In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".



We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).



We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.



Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.



There are many cases where ABC does not match the human:




  • we were hacked and someone used account ABC for that

  • an administrator acted as ABC

  • someone used ABC account when the human was not at the keyboard

  • someone saw the human typing their password and later that someone connected to ABC account

  • ... and plenty of other cases


These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)



It can be that we/the authorities prove that the human was the one using account ABC. Case closed.



It can be that we see that the human was not using the account ABC. In that case we need to determine whether




  • it is their fault (did not lock the device while explicitly asked to - for instance)

  • or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)


As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".



To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further




Have anxiety and never read the pop ups




Please do, this makes everyone's life easier and more secure.






share|improve this answer





















  • I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
    – Confused so bad
    Dec 31 '18 at 23:07










  • I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
    – Confused so bad
    18 hours ago



















-4














The issue is the policy itself.



Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.






share|improve this answer








New contributor




Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 5




    This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
    – dwizum
    yesterday











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "423"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: false,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






Confused so bad is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f125553%2ffired-for-doing-disallowed-web-searches-how-can-i-show-it-was-outside-my-contro%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown




















StackExchange.ready(function () {
$("#show-editor-button input, #show-editor-button button").click(function () {
var showEditor = function() {
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
};

var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True') {
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');

$(this).loadPopup({
url: '/post/self-answer-popup',
loaded: function(popup) {
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');

pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
}
})
} else{
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true) {
showEditor();
}
}
});
});






4 Answers
4






active

oldest

votes








4 Answers
4






active

oldest

votes









active

oldest

votes






active

oldest

votes









35














The only real advice anyone can give you is to contact a lawyer and see what they say.



You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.



In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.






share|improve this answer

















  • 14




    This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
    – Criggie
    Dec 30 '18 at 21:57






  • 5




    In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
    – Gabe Sechan
    Dec 31 '18 at 2:25






  • 6




    @GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:14






  • 5




    @LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
    – Gabe Sechan
    Dec 31 '18 at 3:16






  • 4




    @GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:30


















35














The only real advice anyone can give you is to contact a lawyer and see what they say.



You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.



In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.






share|improve this answer

















  • 14




    This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
    – Criggie
    Dec 30 '18 at 21:57






  • 5




    In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
    – Gabe Sechan
    Dec 31 '18 at 2:25






  • 6




    @GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:14






  • 5




    @LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
    – Gabe Sechan
    Dec 31 '18 at 3:16






  • 4




    @GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:30
















35












35








35






The only real advice anyone can give you is to contact a lawyer and see what they say.



You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.



In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.






share|improve this answer












The only real advice anyone can give you is to contact a lawyer and see what they say.



You do have a basic responsibility to keep work devices and data secure, so not password protecting them is fairly irresponsible of you.



In future, keep your work and home devices separate. Don't sign into your personal stuff on work devices and vice versa. Always lock your devices when you step away from them to prevent others from using them without your permission. And don't ever search for porn, drugs or anything else which could be possibly frowned upon on a work device or on the work network.







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 30 '18 at 16:29









user1666620

10.9k103536




10.9k103536








  • 14




    This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
    – Criggie
    Dec 30 '18 at 21:57






  • 5




    In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
    – Gabe Sechan
    Dec 31 '18 at 2:25






  • 6




    @GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:14






  • 5




    @LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
    – Gabe Sechan
    Dec 31 '18 at 3:16






  • 4




    @GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:30
















  • 14




    This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
    – Criggie
    Dec 30 '18 at 21:57






  • 5




    In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
    – Gabe Sechan
    Dec 31 '18 at 2:25






  • 6




    @GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:14






  • 5




    @LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
    – Gabe Sechan
    Dec 31 '18 at 3:16






  • 4




    @GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
    – Lightness Races in Orbit
    Dec 31 '18 at 3:30










14




14




This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57




This, but more bluntly obvious, like "NEVER EVER mix work and personal accounts." I have a separate work and personal cellphone for this reason.
– Criggie
Dec 30 '18 at 21:57




5




5




In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25




In the future, you should both work at better places. If they have a problem with me logging in to non-adult accounts on my work laptop, then I don't want to work there. You're talking about a routine action, done by 99.99% of the professional world. And by any non-completely insane company, totally ok as you would otherwise leave work early to do it at home.
– Gabe Sechan
Dec 31 '18 at 2:25




6




6




@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14




@GabeSechan You've misunderstood the advice. Nobody's saying you shouldn't want work for a company that doesn't let you do that sort of thing, nor that it is unusual to do so. The point is that doing so without adequate due diligence leaves you completely vulnerable to the sort of attack that the OP has allegedly suffered.
– Lightness Races in Orbit
Dec 31 '18 at 3:14




5




5




@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16




@LightnessRacesinOrbit No, I understood it and fully disagree with it. If a company is that unreasonable, you don't want to work there. Stop helping people treat workers like shit, and start helping people stand up to it.
– Gabe Sechan
Dec 31 '18 at 3:16




4




4




@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30






@GabeSechan Your response just confirms you're talking about a claim that was not made. Even if it had been, you're still on the wrong side: leaving your workstation unsecured is unprofessional and negligent, and it's completely commonplace to put rules in place to encourage people not to do that, and to punish them when they break those rules. If you don't want to work at such a place that's fine but you'll find the remaining workplaces to be few and far between.
– Lightness Races in Orbit
Dec 31 '18 at 3:30















15














Someone else was probably on your machine



In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.



It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.



What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.



In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.




I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.




Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.






share|improve this answer



















  • 2




    This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
    – bruglesco
    Dec 30 '18 at 18:35






  • 2




    wait are you implying that someone can't be fired for a misunderstanding on the companies part?
    – bruglesco
    Dec 30 '18 at 19:33






  • 1




    @bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
    – 520
    Dec 30 '18 at 19:53








  • 1




    @stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
    – 520
    yesterday








  • 1




    @520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
    – David Thornley
    17 hours ago
















15














Someone else was probably on your machine



In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.



It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.



What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.



In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.




I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.




Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.






share|improve this answer



















  • 2




    This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
    – bruglesco
    Dec 30 '18 at 18:35






  • 2




    wait are you implying that someone can't be fired for a misunderstanding on the companies part?
    – bruglesco
    Dec 30 '18 at 19:33






  • 1




    @bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
    – 520
    Dec 30 '18 at 19:53








  • 1




    @stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
    – 520
    yesterday








  • 1




    @520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
    – David Thornley
    17 hours ago














15












15








15






Someone else was probably on your machine



In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.



It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.



What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.



In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.




I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.




Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.






share|improve this answer














Someone else was probably on your machine



In a lot of employment contracts, you are considered to be responsible for anything done under your corporate account/devices even if you yourself weren't at the keyboard.



It is unlikely that this was caused by syncing your Google Account with Chrome. Chrome has a tendency to identify what devices conducted what action. Plus the ability to synchronise histories would prove that the History data can be altered, and thus would typically not be trusted for the firing of an employee. Regardless, this was still a bad move.



What probably happened is that actual attempts to conduct those searches by your account and/or devices was picked up by network security devices as it was being performed. You'll notice I said 'by your account and/or devices' and not 'by you'.



In a lot of places, you'll see a culture for pranking people who leave devices unlocked. Most of the time, this is just a harmless 'beers are on me email' but more juvenile/malicious people may do things that stir up a bit more trouble, unaware (or possibly fully aware) of what their actions might bring.




I had no screen locks or passwords on any of mine or work devices. So it's possible anyone could have got on them, without my permission. I never even knew I was required to have screen locks, not did I care if people used my devices.




Locking your devices and accounts should not be something that needs to be spelt out. It should be, and needs to be from this point on, common sense. Your devices likely hold a lot of company-sensitive information. What if someone got onto your machine and accessed something they shouldn't have access to? What if someone trespassed into the building and got access to your computer? You could have been potentially looking at a lot worse than just getting fired for inappropriate searches.







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 30 '18 at 17:59

























answered Dec 30 '18 at 17:53









520

1,480213




1,480213








  • 2




    This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
    – bruglesco
    Dec 30 '18 at 18:35






  • 2




    wait are you implying that someone can't be fired for a misunderstanding on the companies part?
    – bruglesco
    Dec 30 '18 at 19:33






  • 1




    @bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
    – 520
    Dec 30 '18 at 19:53








  • 1




    @stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
    – 520
    yesterday








  • 1




    @520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
    – David Thornley
    17 hours ago














  • 2




    This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
    – bruglesco
    Dec 30 '18 at 18:35






  • 2




    wait are you implying that someone can't be fired for a misunderstanding on the companies part?
    – bruglesco
    Dec 30 '18 at 19:33






  • 1




    @bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
    – 520
    Dec 30 '18 at 19:53








  • 1




    @stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
    – 520
    yesterday








  • 1




    @520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
    – David Thornley
    17 hours ago








2




2




This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35




This isn't clear. That is why I asked for clarification. It's absolutely possible that the searches were done by OP and synced when they logged into Google Maps.
– bruglesco
Dec 30 '18 at 18:35




2




2




wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33




wait are you implying that someone can't be fired for a misunderstanding on the companies part?
– bruglesco
Dec 30 '18 at 19:33




1




1




@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53






@bruglesco if the device itself was being investigated, it would have to have been done by someone with a very specific technical competence. After all, you'd have to find a way onto their machine without their password (as apps on windows are managed on a per-machine basis, not by accounts), find a way to get to their (account) browser history on that machine and find a way to read it, yet not be technical enough to know the nuances of Google Chrome. Or they could just look at firewall/proxy logs. Not saying the first is impossible, but the second is MUCH more likely and bulletproof.
– 520
Dec 30 '18 at 19:53






1




1




@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
yesterday






@stannius even in an at-will state there is defamation lawsuits to think about too. You cant just conduct a sloppy-ass investigation that wouldn't even hold up in a small claims court, make an accusation and be immune to legal repercussions
– 520
yesterday






1




1




@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
17 hours ago




@520 In an at-will state, an employer can conduct a sloppy-ass investigation and dismiss an employee. That isn't defamation. Telling others that OP was searching for My Little Pony websites (or whatever else is off-limits) could be defamation. Most employers will just dismiss an employee and let it go at that to avoid legal issues.
– David Thornley
17 hours ago











2














Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.



From the perspective of someone working in information security, your situation is not uncommon.



First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.



This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.



You need to understand this context of yours first.





In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".



We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).



We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.



Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.



There are many cases where ABC does not match the human:




  • we were hacked and someone used account ABC for that

  • an administrator acted as ABC

  • someone used ABC account when the human was not at the keyboard

  • someone saw the human typing their password and later that someone connected to ABC account

  • ... and plenty of other cases


These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)



It can be that we/the authorities prove that the human was the one using account ABC. Case closed.



It can be that we see that the human was not using the account ABC. In that case we need to determine whether




  • it is their fault (did not lock the device while explicitly asked to - for instance)

  • or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)


As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".



To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further




Have anxiety and never read the pop ups




Please do, this makes everyone's life easier and more secure.






share|improve this answer





















  • I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
    – Confused so bad
    Dec 31 '18 at 23:07










  • I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
    – Confused so bad
    18 hours ago
















2














Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.



From the perspective of someone working in information security, your situation is not uncommon.



First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.



This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.



You need to understand this context of yours first.





In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".



We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).



We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.



Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.



There are many cases where ABC does not match the human:




  • we were hacked and someone used account ABC for that

  • an administrator acted as ABC

  • someone used ABC account when the human was not at the keyboard

  • someone saw the human typing their password and later that someone connected to ABC account

  • ... and plenty of other cases


These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)



It can be that we/the authorities prove that the human was the one using account ABC. Case closed.



It can be that we see that the human was not using the account ABC. In that case we need to determine whether




  • it is their fault (did not lock the device while explicitly asked to - for instance)

  • or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)


As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".



To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further




Have anxiety and never read the pop ups




Please do, this makes everyone's life easier and more secure.






share|improve this answer





















  • I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
    – Confused so bad
    Dec 31 '18 at 23:07










  • I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
    – Confused so bad
    18 hours ago














2












2








2






Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.



From the perspective of someone working in information security, your situation is not uncommon.



First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.



This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.



You need to understand this context of yours first.





In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".



We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).



We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.



Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.



There are many cases where ABC does not match the human:




  • we were hacked and someone used account ABC for that

  • an administrator acted as ABC

  • someone used ABC account when the human was not at the keyboard

  • someone saw the human typing their password and later that someone connected to ABC account

  • ... and plenty of other cases


These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)



It can be that we/the authorities prove that the human was the one using account ABC. Case closed.



It can be that we see that the human was not using the account ABC. In that case we need to determine whether




  • it is their fault (did not lock the device while explicitly asked to - for instance)

  • or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)


As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".



To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further




Have anxiety and never read the pop ups




Please do, this makes everyone's life easier and more secure.






share|improve this answer












Note: this answer is written in less than optimal circumstances (31 December...) so I will be back with edits when time permits. Do not hesitate to suggest changes or edit them yourselves.



From the perspective of someone working in information security, your situation is not uncommon.



First - anything mentioned in the answers (mine included) must be put in context of the country you are in. You may be in a place where anything you do is company property and you have zero expectations of privacy - up to places where your private activities on a company device are protected.



This also covers the case of your responsibility when using your device (except for gross misconduct): from places where you are responsible for protecting your devices yourself and take responsibility for that - to places where your liability is limited and the burden of the protection relies on the company.



You need to understand this context of yours first.





In the text below "we" refers to "the company" and "they", to the employees. It is centered around the case where they claim they "did not do it" but we believe they "did".



We have systems which record activity of employees (please keep the legal context in mind - in some places this is fine, in other not, in yet others nobody cares whether this is legal or not, and in yet another nobody cares to record).



We would present the employee evidence of their activity (with the "go" from legal/HR) in the course of the interaction with them. This evidence would show that user ABC did XYZ at time TTT.



Please note that we just know that the user ABC, as registered in our systems, did something. This does not mean that the actual human who is normally associated with the account ABC did it.



There are many cases where ABC does not match the human:




  • we were hacked and someone used account ABC for that

  • an administrator acted as ABC

  • someone used ABC account when the human was not at the keyboard

  • someone saw the human typing their password and later that someone connected to ABC account

  • ... and plenty of other cases


These are all reasonable claims which can be done - not to counter the evidence, but to challenge the link. (the evidence can certainly be tempered with in some cases, and this is also something which can be investigated)



It can be that we/the authorities prove that the human was the one using account ABC. Case closed.



It can be that we see that the human was not using the account ABC. In that case we need to determine whether




  • it is their fault (did not lock the device while explicitly asked to - for instance)

  • or not (the company was hacked, they were tricked into an action they could realistically fall for ( we are all humans), ...)


As you see such cases are not obvious and, sure, there are the easy cases (which end with eyes rolling or jail) but a lot are not that obvious. They often land in the gray zone, especially in places which are either not clean-cut in terms of company vs. user responsibility, or extremely specific and then the employee and the company have a ping-pong game of "it is your responsibility", "no, it is yours".



To be honest, I have a hard time understanding your question which jumps from "I have no password on my device", to "I let everyone use them", and to some kind of sync between searches. If I may recommend to clean that up (and stick to facts - and their consequences), I would be glad to comment further




Have anxiety and never read the pop ups




Please do, this makes everyone's life easier and more secure.







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 31 '18 at 9:30









WoJ

2,549912




2,549912












  • I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
    – Confused so bad
    Dec 31 '18 at 23:07










  • I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
    – Confused so bad
    18 hours ago


















  • I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
    – Confused so bad
    Dec 31 '18 at 23:07










  • I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
    – Confused so bad
    18 hours ago
















I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07




I was never aware of screen lock. Was never told about it or told by them to put it on. The work logins required passwords. I think only logged into Google maps when my Garmin GPS broke on the job. Called in. They told me just use maps on the work devices. Didn't know you could use maps with out logging in. I live 1/4 mile off road. At a dead end. In a farm house. I'm last house back. 4 neighbors in front. The kids at end of road could have walked back. Is there anyway to prove if searches performed from a certain phone or tablet. ????????????
– Confused so bad
Dec 31 '18 at 23:07












I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
18 hours ago




I have never had screen locks. Or shut my computers down. At my home or on my personal devices. Never even heard of screen locks. Just never had an issue. This was first company ever worked for that used more then just phone or text or pager. I was not aware of sync. Or ever assume someone I let in my home or property would search that if they did. Or if anyone even searched it. My Google seemed hacked. I'm not sure. But know I was asleep when done. What they printed out. I'm innocent of doing it. Never searched it. But ignorant to fire me. First offense for being not technology smart..
– Confused so bad
18 hours ago











-4














The issue is the policy itself.



Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.






share|improve this answer








New contributor




Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 5




    This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
    – dwizum
    yesterday
















-4














The issue is the policy itself.



Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.






share|improve this answer








New contributor




Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 5




    This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
    – dwizum
    yesterday














-4












-4








-4






The issue is the policy itself.



Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.






share|improve this answer








New contributor




Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









The issue is the policy itself.



Either you hire self motivated employees, and give them meaningful work, or any other policing effort will be waste.







share|improve this answer








New contributor




Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer






New contributor




Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered yesterday









Alberto Salvia Novella

1




1




New contributor




Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Alberto Salvia Novella is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 5




    This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
    – dwizum
    yesterday














  • 5




    This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
    – dwizum
    yesterday








5




5




This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
– dwizum
yesterday




This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
– dwizum
yesterday










Confused so bad is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















Confused so bad is a new contributor. Be nice, and check out our Code of Conduct.













Confused so bad is a new contributor. Be nice, and check out our Code of Conduct.












Confused so bad is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to The Workplace Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f125553%2ffired-for-doing-disallowed-web-searches-how-can-i-show-it-was-outside-my-contro%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown











Popular posts from this blog

Eastern Orthodox Church

Zagreb

Understanding the information contained in the Deep Space Network XML data?