Posts

Showing posts with the label IT

What Employers Should Do in the First 48 Hours After a Key Employee Resigns

Often, in the first 48 hours after a key employee resigns, the employer must decide whether to address the departure as a manageable issue or escalate it into a legal or business dispute. While many resignations might appear routine on the surface, issues involving confidential information, customer relationships, and post-employment obligations frequently emerge after the employee has left . For employers, early action is less about assuming misconduct and more about preserving options . Delays, inconsistent responses, or poorly documented decisions often weaken a company’s ability to protect its interests if problems arise later. Why the first 48 hours matter The period immediately following a key employee’s resignation is critical because certain damage cannot be undone once it occurs. If confidential information is disclosed or customers are improperly solicited, the harm may already be done, and as a practical matter, it is very difficult for employers to reverse the damaging eff...

Managing the Managers: Governance Risks and Considerations for Employee Monitoring Platforms

In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These tools—offered by a growing number of vendors—can monitor everything from application usage and website visits to keystrokes, idle time, and screen recordings. Some go further, offering video capture, geolocation tracking, AI-driven risk scoring, sentiment analysis, and predictive indicators of turnover or burnout. While powerful, these platforms also carry real legal and operational risks if not assessed, configured, and governed carefully. Capabilities That Go Beyond Traditional Monitoring Modern employee management tools have expanded far beyond “punching in,” reviewing emails, and tracking websites visited. Depending on the features selected and how the platform is configured, employers may have access to: Real-time screen capture and video recording Automated t...

Privacy Tip #416 – Impersonation is the Most Prolific Phishing Tactic in 2024

  A new report published by the software company Egress this month,   Phishing Threat Trends Report ,  is a must-read. It outlines the proliferation of phishing toolkits on the dark web (that basically allows any Tom, Dick, and Harry Hacker) to launch successful phishing campaigns, how “commodity phishing attacks are overwhelming security teams,” the anatomy of advanced persistent threats, the most prolific phishing tactic in 2024, and how AI-assisted attacks are becoming more challenging to detect. Presently, I would like to focus on one piece of the Egress report that is near and dear to me:, the latest phishing tactics. Phishing continues to be one of the most prevalent c auses of security incidents and data breaches . There are some fascinating statistics in the report for all of us to process and internalize. First, the “most phished day of the year so far” was June 10th, 2024, and the most common time to receive a phishing email is at 12:37 p.m. This means that we ...

If a Cybersecurity Firm Can Fall For the Latest AI Workplace Scam, So Can You: 10 Steps to Protect Your Business

  A prominent cybersecurity training company just fell victim to an increasingly common scam when it hired a remote worker who turned out to be a North Korean cybercriminal that used AI deepfake tools to fake his identity and infiltrate the organization. The Florida-based company caught the would-be thief before he was able to steal any data, but he did attempt to load malware and execute unauthorized programs on firmwide systems in what could have been a damaging attack. “If something like this can happen to us, it can happen to almost anyone,” the CEO said in the wake of the cyberattack. What are the 10 things you can do to ensure you don’t fall for the same scam? What Happened? The Florida-based firm, which specializes in providing cybersecurity training across the globe, was hiring a remote software engineer for its internal IT AI team. It ended up hiring a remote worker for the job after a typical hiring process. It selected resumes from the applicant pool, conducted four vide...

CISA Issues Advisory on Black Basta Ransomware

 On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint  Cybersecurity Advisory relating to Black Basta ransomware affiliates "that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. Black Basta uses double extortion tactics, encrypts data and threatens to leak it and has links to Conti and FIN7 threat actors. The  Black Basta Advisory  provides information on how the threat actors gain initial access to victim's systems, which primarily use spear phishing tactics. The Advisory lists indicators of compromise, file indicators, and suspected domains used by Black Basta.  This can be helpful for IT professionals to compare against company systems.  Mitigations listed by the Advisory include current patching, MFA, training, securing remote access sof...