Communication is, indeed, a two-way street. We in IT will try to be clear and explain things users need to know. Is it too much to ask for them to keep us in the loop as well?
Not long ago, our company was hit with a major virus that completely disabled one of our accounting machines. It's the normal virus attempt where a seemingly innocent zip file is sent, someone opens it, they click to execute the program, and boom -- look out.
[ Also on InfoWorld: Is your pay measuring up? The 2014 tech salary guide. | Pick up a $50 American Express gift cheque if we publish your story: Send it to email@example.com. | Get a dose of workplace shenanigans -- follow Off the Record on Twitter. ]
While we were fortunate to isolate it and stop further infection, the data on the machine was unrecoverable. I spent the majority of two days locking down the network for certain executables, blocking zip attachments, and scanning to make sure we wouldn't get hit again.
Damage control -- and education
Since the machine was from accounting, I had to talk to several people, including the accounting boss, and let them know the how, what, when, where, and why of the incident.
I answered their questions, not necessarily in this order:
- Yes, we're covered in the future from this particular virus.
- No, I can't get the machine's data back.
- No, we don't have a recent backup of the machine.
- Yes, the employee should have put the data on the network to make sure it would be backed up.
And so on and so forth.
The accounting department deemed the incident catastrophic, but our department escaped blame due to the user's known lack of computer knowledge. Many people work from home, and we took the opportunity to refresh users on where to put data, to review security best practices, and to remind them to alert us immediately if anything seemed suspicious.
A couple of days later, I was reminiscing with the accounting boss about the hoops I had just jumped through in dealing with this virus. He chuckled a little and said, "Yeah, I got another virus last night, but I cleared it."
Queue my blank stare: "Uh, what?"
"I saw something come up on my screen that didn't seem right. I couldn't clear it with our antivirus tool or Kaspersky, but I finally got it after trying a few things," he replied.
Surprised, I said, "At what point did you think maybe you should tell the IT manager about it?" (That's me, by the way.)
He said, "I didn't want to bother you."
My frustration came through when I replied, "Well, feel free to pop the machine onto the network because you think you've 'cleared' the virus. That's absolutely awesome."
No big deal, don't report it when you have a problem. Go ahead and do what you think is best. Maybe I'll start deciding what my budget should be and start buying whatever I want.
This accounting boss had participated in numerous talks two days previously when we had the first virus incident. You'd think he'd realize I'd very much want to be "bothered" with this news.
In the accounting boss's (lukewarm) defense, I wasn't alerted about the second virus because we use an inferior product mandated by our parent company, which has headquarters in another country. I've expressed my concern on multiple occasions about the lack of reliability about the antivirus product and have been ignored. But hey, it's cheap!
I wonder if my sarcasm got through. I can only hope it did. We ended the conversation having stressed to report if such an event occurred again and to keep the lines of communication open.
Send your own IT tale of managing IT, personal bloopers, supporting users, or dealing with bureaucratic nonsense to firstname.lastname@example.org. If we publish it, we'll send you a $50 American Express gift cheque.
This story, "Sorry about that virus -- I didn't want to bother you," was originally published at InfoWorld.com. Read more crazy-but-true stories in the anonymous Off the Record blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.