Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

// // //

WFH: A Smart Time to Revisit Employee Use of Social Media

Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization's core values.

It's a complicated time to be an employer. From ensuring compliance with state-by-state employment law regulations, to providing an OSHA- and EEOC-compliant workplace in the new "work-from-home/now-come-back-to-work" normal, human resources departments have their hands full.

Related Content:

4 Predictions for the Future of Privacy

Special Report: Building the SOC of the Future

New From The Edge: rMTD: A Deception Method That Throws Attackers Off Their Game

Layer on the due diligence that employers are undertaking to ensure that their workers are not plotting nefarious activities or propagating extremist disinformation online that could negatively affect the brand, core values, codes of conduct, and safety of individuals both inside and beyond the workplace and that complexity becomes even more cumbersome.

Financial institutions uncovering and exiting employees for administration of extremist websites sound like prime-time dramas. However, they are real-world examples of where having a strategy for exiting dangerous employees from the workplace is a best practice now that home and work boundaries are increasingly blurred. And with most employers monitoring their workforces, it's becoming increasingly important to understand why more workers are under review.

The Cost of Free Speech
While the First Amendment grants all Americans the right to free speech, few corporate, legal, or HR teams have the appetite to proactively monitor their employees' non-work-related social media presence. This so-called Online Disinhibition Effect (ODE), coupled with the perceived anonymity of the Internet, can empower people to freely express their opinions about almost anything, from restaurants and political candidates, to foreign policy and ethnic groups, forcing employers to rethink traditional HR modalities that keep work and private domains separate.

Organizations must consider their public reputation — the brand, the company's board, and executives — who all have a stake in ensuring that extremism and other hate-based sentiments stay far from the workplace. When does it make sense to investigate reported behavior and when does it make sense to turn a blind eye? While extremely fact-specific, the ability for investigations to be actionable depends on whether extremist online content violates the company's policies embedded in its employee handbook, code of conduct, onboarding materials, or state-based privacy laws.

Once these policies are in place, a transparent culture of "see something, say something" can often be fruitful, allowing others within the organization to point to behavior that requires a deeper review. 

Building a Compliance Framework
Legal and human resources are aware of the need to update employee handbooks to advise employees that all company-owned equipment will be subject to reclamation, monitoring, and examination, in line with a legitimate business purpose, which is necessary given federal laws that restrict workplace monitoring. However, not all in-house counsel and operation teams include proper language in handbooks to ensure that remedial action can be taken for social media postings by employees when not on company equipment or time.

Legal and HR practitioners must notify their employees of the company's ability and intentions to monitor, investigate, and take action for behavior that crosses the line, whether it takes place on corporate devices or online. If the notification language gets embedded in the code of conduct or BYOD policy, make sure there is a nexus between such policies and the employee handbook so that consent can be demonstrated.

Effective Monitoring in the Workplace
In reality, few companies have an appetite for devoting resources to monitoring employees' non-work-related social media proactively for threats, and such an approach would be ill-advised.

However, an agile security team that quickly responds to reporting on threats can benefit from focusing on:

  • Disinformation
  • Outlets that can be prioritized
  • Account(s) or handle(s) being used
  • Technical signatures cloaking true identities

While these elements may appear more manageable, corporate devices are the most efficient means to determine if an employee violated code of conduct or use of corporate systems by engaging in illicit or suspicious activity. Internal investigations and security teams must have visibility into appropriate endpoint, network, chat, email, and application log traffic to engage these types of investigations. Finally, they have to maintain a robust "outside the firewall" external threat-hunting capability, including open source and Dark Web intelligence attribution research, technical signature analysis, and direct threat actor engagement.

When to Take Action and When to Stand Down
After policies are established, tested, and the security team implements a monitoring strategy, they will be operationalized. Threats of violence using corporate or personal devices can justify termination of the offending employee. However, if an investigation finds allegations of membership in a known extremist group, even with robust policies in place, termination can still be controversial, therefore needing a stronger security, legal, and HR coordination. Depending on how robust corporate policies are and subject to state privacy laws, termination can typically occur when a corporate asset is used to participate in or solicit violent extremist activity during work or in off-work hours, including use of company email.

However, participating in or soliciting online extremist activities without the incitement of violence after work hours on personal devices may present an edge case that may not be actionable. In this situation, additional monitoring may prove necessary, to a point. The question of when to stop monitoring an employee is another issue that employers will have to address on a case-by-case basis. 

Within any investigation, fact patterns are rarely black and white. It's important to get ahead of these issues before a significant event or violence occurs and an employee shows up on the front page of the news, forcing the company to do damage control. Close coordination between human resources, legal, and security functions within an organization, in conjunction with an open culture that empowers the reporting of abusive or threatening behavior, can stop violence and negative brand impact before it happens.

Jennifer DeTrani is General Counsel/EVP, Corporate Secretary and Head of Culture of Nisos, a Managed Intelligence™ company that focuses on helping clients develop an effective response to advanced cyber threats.  Jennifer is a visiting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2242
PUBLISHED: 2022-08-10
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).
CVE-2022-20792
PUBLISHED: 2022-08-10
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. ...
CVE-2022-20816
PUBLISHED: 2022-08-10
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulne...
CVE-2022-20820
PUBLISHED: 2022-08-10
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advis...
CVE-2022-20827
PUBLISHED: 2022-08-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Detai...