internal communication on platforms like Slack is not always private
That's common sense, frankly.
this post was submitted on 10 Sep 2024
504 points (98.8% liked)
News
22877 readers
3843 users here now
Welcome to the News community!
Rules:
1. Be civil
Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.
Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.
3. No bots, spam or self-promotion.
Only approved bots, which follow the guidelines for bots set by the instance, are allowed.
4. Post titles should be the same as the article used as source.
Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.
5. Only recent news is allowed.
Posts must be news from the most recent 30 days.
6. All posts must be news articles.
No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.
7. No duplicate posts.
If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.
8. Misinformation is prohibited.
Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.
9. No link shorteners.
The auto mod will contact you if a link shortener is detected, please delete your post if they are right.
10. Don't copy entire article in your post body
For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.
founded 1 year ago
MODERATORS
But people don't understand it.
Hell, no email sent or received is yours and likely can never be truly deleted off your company's exchsnge. Same with files etc.
It's not common knowledge, let's not pretend it is and educate people.
True that. I have to tell employees regularly to not send any chat or email they don’t want read in court. That usually gets the point across.
I hope I get to read mine someday, I really wanna say
it's okay to be an idiot, just don't be so fucking loud about it...uhhh... your honor
When I worked as a US FedGov contractor, I was greeted with a long warning banner every time I logged into my computer. The tl;dr version of it is "fuck your privacy". Being that I was part of cybersecurity for the site I was working at, I was one of the people doing the fucking. While we didn't read everything from everyone all the time, we were logging it and could pull it up, if we were performing an investigation. We also had some automated stuff scanning for patterns and keywords on a regular basis, which could trigger an investigation.
While I'm no longer in the FedGov space (thank the gods), I still assume that everything I do on my work system or with work accounts is being logged. Also, I'm still working in cybersecurity and am often still the one doing the privacy fucking. Yes, everything is being logged. We may not look at it today, we may not look at it tomorrow. But, when HR and Legal ask us about a user's activity, we can usually be pretty detailed. Act accordingly.
My company is better than most I've worked for. They tell you, upfront, anything on their equipment can be monitored for any reason with no warning.
But then, as part of the HR and acceptable use policy, no one will monitor your activities without just cause and investigation. Meaning in practice, "We're not going to look over your shoulder while you watch YouTube videos but if we notice you're watching a lot of or you start visiting porn sites, we're going to start monitoring you."
Now all that said, I still assume that my company knows every key I type on their laptop.
I would assume they have some basic stuff running 24x7. I can't imagine a network which doesn't have Endpoint Detection and Response (EDR) running 24x7 these days. There's also things like firewall logs, which are almost certainly being captured (or at least netflow). Stuff like screen recording and mouse monitoring is probably saved for extreme cases. That said, my own experience has been pretty close to:
We’re not going to look over your shoulder while you watch YouTube videos but if we notice you’re watching a lot of or you start visiting porn sites, we’re going to start monitoring you.
Quite frankly, no one's got time for that shit. I work at an organization with a bit north of 25,000 employees, and we have less than a dozen security analysts. While I could run a search against our firewall logs and see evidence of folks dicking around. I have much better things to do, like running down abnormal processes and writing up reports on users who got their systems infected while dicking around. And that's really the way it comes to our attention, most of the time. Someone is out trying to download movies or software on their work laptop (you'd think people would know better....) and they pickup malware. We get an alert and start investigating. While trying to determine the source, we pull browser history and see the user out on "SketchyMovieSite[.]xyz". And then their dicking around becomes our problem, mostly because the site had a malicious redirect, which is where the infection came from.
So ya, they may not be looking, but I'd always bet they are recording. Logging isn't useful if it isn't recording at the time of the compromise.
Mines the same way. It's actually kind of difficult to get approval to monitor someone. Has to be approved by two VPs.
What made you leave gov space?
Remote work and pay. I was already interested in getting a remote gig when COVID hit. We went to a hybrid schedule and I realized that I really liked working from home. Also that my job was pretty much built for it. While many of the folks I used to work with are still hybrid, fully remote was never an option. I worked with Classified systems and I could never convince them to put a SIPR drop in my home. I guess you need to get elected President for that.
As the world was opening back up, many companies saw remote work as a carrot to offer cybersecurity folks and I started to see a lot more job postings with it as an option. So, I put my LinkedIn profile to "looking for work" and started getting recruiters messaging me on a regular basis. One hit me up with "REMOTE WORK OPPORTUNITY" (yes, all in caps) as the lead for an offer. What followed that sounded interesting and I started talking with him. A few week later, I put in my notice and started working in the private sector. Got a pay bump in the move as well.
My time in the FedGov space was overall a positive thing. I learned a lot and got to see systems locked down in a way that actually mattered (I never thought I would miss STIGs). At the same time, I don't see myself ever going back. The bureaucratic nature of everything is soul crushing. And sitting in an OSS all day long sucks. It especially sucks when you're the only one in the container and need to go out and take a piss. Clear the room, arm the alarm, spin the lock, sign the sheet, go piss. Open the lock, sign the sheet, disarm the alarm, get back to wishing for the sweet, sweet embrace of death.
OMG the OSS at my first job was like that, but they wouldn't give contractors the lock code. So after I was waiting 30 min to go pee I spun the lock, went pee, came back and waited an hour outside the door. We both got a talking to, him by his command and me by my company. I snapped back and pay, hours, and lack of trust and that if they tried to gig me for this I was walking out and not coming back. That was back in 2012 and I have changed jobs multiple times. I like the team and what I do, openshift and kuberneties is awesome to get teams to update their code. But as you said,no remote, except for development.
It's not OP, but when I left it was because the money and resources were better.
Federal purchasing is fairly rigged you don't end up with decent hardware to do anything. Projects are constantly as complicated and strenuously pushed as possible. Everything has an angle there are too many people with essentially tenure. Don't get me wrong, I liked a lot of the people that I worked with and around, but leaving Federal work for Enterprise was really refreshing.
Thanks, I have been looking and I see pay is better for outside government for the work I do.
Fucking good. I've had to fire people (up in Canada though) and it'd be fucking ridiculous to "Please opt in to not be fired" it violates so many fucking employment laws.
That's why we don't bother having employment laws. So much easier this way!
american-based billionaire attempts to use american capitalist tactics against an employee who is not in america. fails spectacularly.
are workers rights communism now? /s
Worker's rights? More like "Wokers rights," amirite???
Maybe if you pulled yourselves up by your bootstraps, we could all live off our investment portfolios and the margaritas would just serve themselves.
Always have been.
And people wonder why we want encrypted communications