IT Tech is guarding company details

claytonchatham · 2017-02-20T21:39:16.000Z

My brother in law owns a company.

He has one IT person who controls the industry specific software and systems. He won’t hand over any passwords or details on the system and won’t accept help from any other company to fix or upgrade any systems.

He won’t take holiday’s as he’d have to let someone else control the systems.

Has anyone come across this situation before and how can my brother in law approach it?

rockn · 2017-02-20T21:47:31.000Z

He is holding the company hostage. Tell him if he doesn’t hand over the credentials he will be fired.

breffni · 2017-02-20T21:49:43.000Z

What do you do if the accountant hides the money?

What do you do if the janitor changes the locks on your building?

You have three options.

Ask the IT guy nicely to turn over credentials because if anything happened to him the business would be in trouble and because the owner of the business wants them, if he refuses, consider steps 2-3.
Bring in expert knowledge who can reset the systems, whilst the IT guy is in a room talking with owner without access. Then revoke his access and put him on gardening leave.
Badges, Guns, Lawyers. He is holding the system hostage from the rightful owner.

maxsec · 2017-02-20T21:53:48.000Z

So what happens if the IT guy gets run over by a bus… passwds should be documented along with anything else.
Irresponsible at best

chrispaden · 2017-02-20T22:00:33.000Z

There’s really not an option. He doesn’t get a choice in handing the info over.

Breffni Potter summed it up.

seanharrigan · 2017-02-20T22:02:18.000Z

Seek legal counsel.
Do what they tell you to do.
Profit!!!

psophos · 2017-02-20T22:05:43.000Z

Assuming your brother in law isn’t being a complete moron (hey, it happens), take Breffnis options 2 & 3.

Unfortunately this admin has already stepped way way over the line. To the extent that any possible working relationship is probably no longer possible.

Best to end the matter swiftly and cleanly.

scottalanmiller · 2017-02-20T22:48:22.000Z

Rockn:

He is holding the company hostage. Tell him if he doesn’t hand over the credentials he will be fired.

I think that you misspelled arrested.

stephenjabs6889 · 2017-02-20T23:00:37.000Z

While most IT will rightfully withhold their individual credentials (admin or otherwise) there should always be a failsafe, be it another person or an envelope in a fireproof safe containing the password. In my case, I have refused to give the owners the administrator password but have told them how they can get access in case of emergency; we have two other trusted backup users (1 internal, 1 consultant) that have their own admin accounts if it becomes necessary to reset my account.

There are always two sides to every story, but it sounds like this guy has allowed his control-freak inner self to overtake what is best for the company. Unfortunately it may come to legal action or termination if he doesn’t back down, even though I’m sure he feels he is doing “what is best” in his mind.

luigi · 2017-02-20T23:31:40.000Z

Yes, this is definitely running the company at risk.

andre-the-giant · 2017-02-21T00:12:28.000Z

"He has one IT person who controls the industry specific software and systems. He won’t hand over any passwords or details on the system and won’t accept help from any other company to fix or upgrade any systems.

He won’t take holiday’s as he’d have to let someone else control the systems."

Robert5205 · 2017-02-21T00:30:58.000Z

Bring in another, trusted IT person with a lot of expertise.

Cameras.
Keylogger.

Recapture the ownership of the system.

Lock the crazy bastard out of the systems. Change the IPs. Change the firewalls. Hand him 2 weeks pay at the door.

claytonchatham · 2017-02-21T03:01:02.000Z

Keylogger was my first thought.

apsutcliffe · 2017-02-21T08:23:07.000Z

“Quis custodiet ipsos custodes”

Your bother-in-law is the owner of the business; he should have his own user account, and a separate admin account, used only for checking things and not for normal daily work. If the IT person has not suggested this, he is not the right person to be allowed the keys to the castle.

I’d strongly suggest that your bother-in-law should immediately get the necessary admin account created, engage someone else that will do the job more appropriately.

weirdfish · 2017-02-21T12:25:42.000Z

Your BIL is the boss, and he needs to act like it.

Either the IT guy hands over all access credentials and maintains a set of records where your BIL can access them, or he’s subject to legal action.

Entrepreneur – 15 Jun 16

What to Do When Your Company Is Being Held 'Hostage' By a Toxic Employee |...

Employees build the organization, run the organization and drive your organization's success. But, employees can also take down the organization.

He needs to do this now, not later. Not hold off because “he’s really a nice guy most of the time” or any other such pap. He may have the skills, but he’s not a cooperative or ethical employee, and that’s the bottom line.

This is your BIL’s business, not his.

kellycorbin · 2017-02-21T12:46:42.000Z

bus factor of 1,

if the tight lipped IT gets hit by a bus and dies… so does the company, so the boss needs to sit down with IT guy and explain to him as if he was 5 that HE is the bus factor of 1, and it will not be allowed to continue further. he may understand at that point and willingly turn over the creds etc…

tazking · 2017-02-21T12:52:11.000Z

Yes unfortunately I have run across this many times. The tech is trying to hide something or insecure in their abilities, or afraid they are going to lose their job if someone else sees what they do, or a combination of the above. Your brother in-law is the owner, he needs to talk to the tech to find out what the issue is. I would say fire the tech and find someone else to do the work, however without knowing how much that would alter his business that may not be the best option right now.

breffni · 2017-02-21T13:37:27.000Z

Clayton.Chatham:

Keylogger was my first thought.

You do realise this is the equivalent of trying to pick pocket the keys off your janitor of the company?

psophos · 2017-02-21T13:48:12.000Z

What industry is said company involved in?

He won’t take holiday’s as he’d have to let someone else control the systems.

In the financial services world this is a major red flag as it is an decent indicator that fraud is involved.

arthurmaloney2 · 2017-02-21T14:13:23.000Z

Legally speaking he has to turn over any passwords to the owner of the company if requested to do so. Your BIL needs to man up and make him do by telling him that he will fire him, have him arrested and press charges. If the guy refuses then he needs to follow through.

If the guy will not give up the passwords at that point then

He’s a moron as anyone facing the threat of being fired and time in jail should give up the passwords
You can call the software vendor. They usually have a backdoor into it.

But it should never get to that point. Once your BIL gets all the password information he should replace this guy. He’s dangerous.