I agree. If a payroll department has a policy of direct deposit only, then they assume liability. If it's a choice, they might be able to wiggle out but it's WMU's responsibility to deliver the payment in the manner he chose, paper or direct deposit.
That's some bad security there. Not surprising considering it's a public institution, they're usually the worst. Sounds like they know the employee self service process, get access to the application and make the changes that way. Betcha dollars for donuts he was phished and gave the info up. These days most security requires you to double verify with what you know and with something 'that you have'. That's why you see a double verification where they text or send to an email of your choice and you need to respond with the code, you posses the code in addition to knowing your login credentials. That would have helped.
Very lame of them not to honor that and try to get out of paying. If the prof had his bank account hacked the bank would have been on the hook.
Real low class on the part of WMU. Who's the paper pushing admin who made the call to screw an employee who actually provides value and education?
FWIW, when "self service" was rolled out almost a decade ago as part of HRMS systems, HR/PR department professionals all over had an issue with it for this very reason, but to cut costs (i.e. "head count"), the people at the big tables wanted to roll that functionality out to their employees so they wouldn't have to have headcount available to do these processes.
The irony is that now the employee gets the shaft for something that shouldn't have been available to him in the first place, there was nothing wrong with the process of requesting a change of info and going through a procedure to ensure accuracy and safety of the information.
Gotta love the man. I just smh when I hear this rationalization go on these days. I'm ready to quit and do Walmart Greeting, serious.
(02-02-2014 12:47 PM)DesertBronco Wrote: [ -> ]I'm ready to quit and do Walmart Greeting, serious.
Don't, it's what the GOP wants.
I know a few Computer Science guys who spent their freshmen year hacking the network and got jobs with the University as sophmores in order to protect their own data from others doing the same.
LastPass.
Seriously, you should
not use duplicate passwords for anything in this day and age. They should be as
long and complex as possible! And
enable two-factor authentication anywhere it's available.
Diceware is another great security concept.
...and for an awesome discussion on web security,
read this piece from James Fallows.
Seriously. Right now. Read the whole thing.
As for this guy, yeah, certainly seems like WMU could/should be doing more to rectify the situation. The prof shouldn't be losing a paycheck because of the security lapse - unless it's shown he actively did something to cause it. That definitely doesn't appear to be the case, based on the article.
