Replying to an inappropriate email by manager

Question

There is a fresh joined candidate in our team and during screen share in a meeting my manager claims to have seen Netflix open in new teammate's browser window. As a result the manager sent me and the new teammate the following email:

I understand that our office was potentially exposed to virus because of opening irrelevant files / websites. Fortunately IT team traced and fixed it. The IT team is still trying to find out the cause behind but as a precaution, please do not click on any email / links which are not related to office work. Please take a serious note of this and do not open any doubtful email irrespective if it is a personal or office laptop connected to our servers.

Also strictly do not use any websites which are not needed during the work – for eg Netflix, gaming websites, hotstar, shopping etc. For further details please refer out IT Policy or you can contact with HR

While I am not defending the new teammate here but the email was sent to me as well with IT in cc. IT might feel it was me or both of us. I have never misused office hours by browsing irrelevant websites or on Netflix etc.

I know the e-mail he sent is wrong on several levels. I just wanted to clarify that "hey it's not me, IT can check my browsing history if in doubt ".

Is it appropriate to reply this way? What is the best way for me to defend myself on the email?

Are you sure you were sent the email as someone to blame? Maybe it's because you were just in the same meeting. Or maybe you've been working most closely with the new teammate. Or maybe you were the only person the boss mentioned the Netflix thing to when he saw it. Either way, the boss's email is relatively polite and seems like a harmless reminder in the long run. — TylerW, May 11 '21 at 18:40
The email isn't "wrong on several levels". Actually ist it's a pretty professional way of getting the problem fixed. — DonQuiKong, May 11 '21 at 19:05
Is there more than the two of you in the office that are under your manager? If there are others who have not gotten a similar email from the manager then that dramatically changes the best answer. — Anketam, May 11 '21 at 19:33
"my manager claims..." and "as a result the manager sent me..." seems to be missing details for context. How were 'claims' made? How do you know this was as a result of that (the first part seems like something else not even netflix)? Providing additional details on those communications may help us help you more — Michael Durrant, May 11 '21 at 20:31
btw sending and remind policies to all team members is generally seen as avoiding singling out one — Michael Durrant, May 11 '21 at 20:32
You make it sound like the email was sent directly to you and only to you (and the teammate and IT cc'd) is this correct? Or was it sent to all staff? — Aequitas, May 12 '21 at 01:16
While there's strictly nothing inappropriate nor even unreasonable in that email, security seems to be a good excuse... I don't see how opening Netflix or Amazon or actually many other sites that are not work-related could present a security issue. Usage of company resources, certainly, but that doesn't seem to be the point of this email... — Laurent S., May 12 '21 at 06:48
I know the e-mail he sent is wrong on several levels. I find it excellent. The recipients are not (should be either BCC or "everyone") but the content is very well balanced. — WoJ, May 12 '21 at 11:26
@LaurentS. Security isn't being used as an excuse. Two different issues are being addressed. One is security relating to scam emails. The other is improper use of workplace resources. Two different issues, two different paragraphs. — Kevin, May 12 '21 at 13:18
The manager's e-mail sounds a bit like it's implying that company computers systems got a virus because someone visited Netflix.com, which is not likely. — Paul D. Waite, May 12 '21 at 13:49
Setting aside everything else, it's really totally incredible that a newb would turn on Netflix at a new job, not to mention knowing a zoom was coming up. It's amazing the newb was not just let go. — Fattie, May 12 '21 at 18:13
@DonQuiKong: What is the advantage of almost passive aggressively making this vague (and clearly untrue) statement about security when the manager could have just directly told the employee in question "hey, don't watch Netflix at work or there will be consequences?". — Peter, May 13 '21 at 10:38
I'd phrase it differently, but your manager is spot on. After a company wide event like this, it is a good time to remind everyone that the single greatest IT threat is people being careless. Everyone should be reminded. — Issel, May 13 '21 at 11:34
Netflix use would be easy enough to verify just by looking at the VPN traffic log. Netflix requires a stupendous volume of network traffic. — Harper - Reinstate Monica, May 14 '21 at 15:49
I think whether the email is appropriate depends on multiple factors, mainly whether employees use the company's computers or their own, whether they work at an office or from home, and whether the working hours are flexible or not. Regardless, it seems that at most companies it is considered normal if employees do some non-work related things while at work, as long as this is minimal or moderate and not abusive. — Jake, Sep 12 '21 at 21:22

Kilisi · Answer 1 · 2021-05-12T14:46:27.507

158

Replying is just inviting a dialogue. There is no need and no positive side to that.

The email is just stating policy, there's no accusation or anything like that in it that needs to be addressed.

It's clear that any infection came through opening an email attachment or clicking a malicious website link in an email (still to be determined). The Netflix portion is just a statement of policy and separate to that, it's not cited as a source of infection.

So the first part was a warning about email security, and the second part was clarifying company policy on other issues.

edited May 12 '21 at 14:46

answered May 11 '21 at 10:09

Kilisi

222,118
122
486
793

2

Certainly, 'putting it on record that it wasn't me' is the thing I was looking for. – chrono_tachy May 11 '21 at 13:11
45

Ignoring it is implying that it has nothing to do with you. I see a reply as being an recognition that it is an issue of some sort. Obviously no one would admit it. – Kilisi May 11 '21 at 13:14
14

@chrono_tachy If it isn't too late, please take Kilisi's advice and do not reply with a message that "it wasn't me, boss!" Just let it be. Trust me on this. – Michael Geary May 12 '21 at 07:24
I do feel on balance the OP should send a quick note back. Even a very minimal, hit reply and "got it, never do never will!" Aspersions have been cast and a tiny response puts something on record. (The "security" stuff the manager also mentioned in the same email is totally bizarre / idiotic, completely ignore it.) The issue here is OP was "Netflix'd" and even other parties were copied. – Fattie May 12 '21 at 18:17
3

It sounds very similar to my apartment complex's rules about drugs: if any are reported, management has to [initially] post a notice on everyone's door reminding them about the policy, even if they know exactly who it was and are eagerly counting down the policy steps before involving the police. (Not to mention that, given IT's capabilities, it's almost certain that the manager either already knows or doesn't care to know whodunit.) – JamesTheAwesomeDude May 12 '21 at 19:01
10

If I'd sent the email and got a reply denying it, I'd either question why they'd sent me a pointless email or wonder if they had a guilty conscience. – matt freake May 12 '21 at 21:07
That's why I'd suddenly why they are bothering to email me. I start to wonder if there was stuff going on I was unaware of.... – matt freake May 13 '21 at 07:44
1

This is about right: it's quite likely that the manager is as uninterested as anyone else in stopping you surfing Netflix, but IT has said something and he/she has to satisfy IT and it's policy to send a warning, which has been done, and that's the end of it. – Stuart F May 17 '21 at 19:21

score 79 · Answer 2 · answered May 11 '21 at 18:28

There was absolutely nothing "inappropriate" about your manager's email. A situation arose that needed to be addressed and they chose a common and perfectly acceptable method of dealing with it.

Not only is no reply is necessary, no reply is appropriate. Do not reply at all.

Fattie · Accepted Answer · 2021-05-13T02:19:11.113

56

Here's one way to look at it:

The manager is being "polite" by emailing everyone, rather than, just the culprit.

So you don't have to worry.

Reply language?

If you do really want to reply, here's the language to use.

Reply only to Boss:

Thanks boss, just to assure you. I have never, and would never, open Netflix at work. Cheers Jane

the key points are

make it very short as in the example
without saying anything at all about anyone else
putting it on the record that you certainly did not do this

I feel that replying to "boss + IT" would be going too far. That would be crossing the line to subtly "correcting your boss".

IMO replying only to boss "puts it on record" - and that's enough.

It's a tricky issue whether to reply or not. If you do reply, I suggest language following the three points above.

edited May 13 '21 at 02:19

answered May 11 '21 at 11:37

Fattie

32,594
12
67
99

57

"I have never, and would never, open Netflix at work" <-- This is basically "outing" the other employee. I don't think creating the opportunity for repercussions is a wise one. – Xavier J May 11 '21 at 16:16
1

@XavierJ you're right, that's a danger. On the other hand, the OP has received a near-accusatory email - AND cc'd to HR - and the OP is perfectly innocent. So, it's tricky. – Fattie May 11 '21 at 17:27
27

@Fattie not to HR, to IT. Which has more likely than not seen worse abuses from several people than simply watching Netflix on the side during a meeting. I think responding at all is a mistake, if you're going to - be vague and short "thanks for the cyber security reminders, I've always followed these policies, but doesn't hurt to be reminded" - but even that is excessive/pointless/not worth it (imo) – TCooper May 11 '21 at 18:11
1

All good points. Guys note that the OP is literally asking what to write if indeed OP does reply. As I say (in bold!) "If you do really want to reply, here's the language to use." – Fattie May 11 '21 at 18:30
9

I'd be careful with the explicit Netflix mention, that can be read as overly specific denial - like "certainly not netflix but I didn't say a thing about Spotify, that is just music after all" ;). And on the other hand, it can also get you into additional trouble, should you somewhen in the future - perhaps accidentally because a colleague shares a "funny link" click on a Netflix url and it just happens to be the one case where someone sees your screen or traces your traffic. It's something I would find fine to say to a boss one knows, but regarding writing I'd be a bit more careful. – Frank Hopkins May 11 '21 at 20:59
Basically to back up @TCooper that something more vague "politician speaky" might fit better, but obviously your answer, your choice, it's just pointing out - well improvement potential from our pov I guess;) Your general points I agree with, so imho not worth to open up another answer that is largely overlapping. – Frank Hopkins May 11 '21 at 21:01
2

@FrankHopkins Exactly what I was thinking, in general I agree with the answer, I think I would just add a fourth point that is: "don't be specific", and eliminate the Netflix mention in the sample text. Re-reading my first comment, I'd change out "doesn't hurt to be reminded" to "I appreciate your reminder" – TCooper May 11 '21 at 21:09
hi @FrankHopkins and guys - literally the question is seeking "language as an answer" - so don't hesitate to put in an answer with some language!!! I believe that, as my brother says, "Life is word combinations". Many of the high ranked answers on here are literally language (here's an example from a handsome list member! https://workplace.stackexchange.com/a/93713/22844 ) Go for it. The subtleties you mention are very important and true. How to handle? tricky. – Fattie May 11 '21 at 22:05
13

"not to HR, to IT. Which has more likely than not seen worse abuses from several people than simply watching Netflix on the side during a meeting." Speaking as someone in IT, they probably had to pause Netflix to read the email. – Chris Bouchard May 12 '21 at 02:12
1

Only reply this way if you are absolutely sure that you haven't misused the system even slightly. Don't get caught in a lie, lying is probably worse than a slight misuse. – Mattman944 May 12 '21 at 12:58
3

Yet another aggressive response from Fattie. The correct answer is from Kilisi below... Fattie, what happened to you to make you so aggressive against all employers? – SnakeDoc May 12 '21 at 16:31
12

had my +1 up til "it's a tricky issue". It's not tricky. The question asked was "is it appropriate to reply?" and the answer is "no". – Alex M May 12 '21 at 16:52
2

If the boss cares to know the identity of the perpetrator, I have little doubt that this hasn't already been discussed with IT and HR. "Have never will never yadda yadda", when the manager didn't ask (and is likely only CC'ing everyone to prevent an escalation with the known perpetrator and possibly to comply with internal policies) is nothing but defensive and suspicious. – JamesTheAwesomeDude May 12 '21 at 19:05
You were correct that the manager likely included several recipients to avoid calling anyone out specifically. Continuing that theme, they mentioned several topics and websites to avoid mentioning any specific incident. It's basically a gentle nudge and a free pass for any past incidents. So, your suggestion to defend yourself and mention a specific website (Netflix) feels contradictory.. – nick May 13 '21 at 17:01
well @nick the email was only to the two guys, and that's it. it wasnt to the whole company. just the perp. and our OP. The OP was there and the OP say sthe email was inappropriate; per the question. Just to repeat though "All good points. Guys note that the OP is literally asking what to write if indeed OP does reply. As I say (in bold!) "If you do really want to reply, here's the language to use." " – Fattie May 13 '21 at 17:07
@Fattie fair enough, I just feel we missed a chance to provide meaningful guidance by simply writing what OP wanted to hear. OP's last question of "how do I defend myself" would've best been answered simply "you don't", rather than providing the language. – nick May 13 '21 at 18:55
It may not have been Netflix in the case of the OP. Banking, shopping, medical, etc. Probably not a good idea to deny a specific usage as it may require explicitly identifying your transgression. – mckenzm May 14 '21 at 06:15

score 22 · Answer 4 · answered May 11 '21 at 11:18

It looks like a quite appropriate email from that manager, as long as what he states is within company policies. Maybe the email should ideally have been sent by the corporate IT security department rather than your own immediate manager, but that depends on your corporate culture.

If you feel it applies to you because you're in a habit of using work time and equipment for personal entertainment maybe you should change your habits. If you don't feel it applies to you there's no reason to be alarmed or offended by it.

score 10 · Answer 5 · edited May 13 '21 at 22:51

Don't reply. This email is nearly exactly how i would write it.

It uses a passive form "we were exposed" instead of "somebody did"
It doesn't threaten, but it kindly asks
It merely reinstates what probably are the rules already
It serves as a document that your manager did her/his job to remind employees (especially new ones) about behavior
The only critique which I have here is that I feel that it dresses a disciplinary question into something else

Replying to an inappropriate email by manager

5 Answers5

Reply language?