Is Downloading WPS Office on My Work PC a Fireable Infosec Violation?

I downloaded a third-party app, WPS Office, without knowing that it's an infosec violation on my office PC because the firewall did not restrict me. Is this grounds for termination due to an infosec violation?

Dear Karthikeyan, Every company has Industrial Standing Orders approved by the labor department. In the standing orders, misconducts are well defined. Please check the standing orders and find out whether downloading a third-party app is considered misconduct. If yes, then the company is empowered to take action against the defaulting employee.

Definition of Misconduct and Domestic Enquiry
Apart from defining misconduct, the company must conduct a domestic enquiry. The enquiry must be conducted as per the procedure, and if the blameworthiness of the employee is established, then only can the company award a suitable punishment, which could include termination from employment.

In your case, did the company conduct a domestic enquiry?

Thanks,

Regards, Dinesh Divekar

Hi, Normally in IT and ITES sectors, violations of IT policies are viewed very seriously because unauthorized downloads may cause licensing issues during surprise audits by respective channel partners who are authorized to issue software licenses. Another major threat is that, at times, some malware may also be downloaded automatically, which can harm the data on the server. For these reasons, many companies are very strict in enforcing such policies. However, in your case, direct termination seems a bit harsh since your act of downloading WPS Office was not preplanned and intentional. Can you provide more details about the content of the termination letter?

I have not received a termination letter nor a domestic inquiry yet, as this just happened yesterday. Should I contact the HR department regarding the disciplinary action they are about to take against me?

Since you have not received any disciplinary letter from management, please wait. You can also discuss this with the HR person or team leader.

Hi, Yes, you should. Please contact HR in person and explain to them that it was not intentional and that you were unaware of the IT policy when you did so, etc. If it is the first time, I don't think they will move to the termination level; they might ask for an apology letter. If so, provide them with the apology letter.

There is nothing to feel bad about regarding this incident. You have learned a lesson from this which you should not repeat anywhere.

Hi, Generally, companies have an IT policy in place, and the same is explained to the employee during induction. A few companies include their policies in the employee handbook. In case such policies were not clearly defined by your company, please feel free to talk to the concerned stakeholders and clarify your stand. Saying that the firewall did not restrict the network traffic is like absolving yourself from the act intended or otherwise.

Regards, Suresh Natarajan