Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/2/2021
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

WFH: A Smart Time to Revisit Employee Use of Social Media

Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization's core values.

It's a complicated time to be an employer. From ensuring compliance with state-by-state employment law regulations, to providing an OSHA- and EEOC-compliant workplace in the new "work-from-home/now-come-back-to-work" normal, human resources departments have their hands full.

Related Content:

4 Predictions for the Future of Privacy

Special Report: Building the SOC of the Future

New From The Edge: rMTD: A Deception Method That Throws Attackers Off Their Game

Layer on the due diligence that employers are undertaking to ensure that their workers are not plotting nefarious activities or propagating extremist disinformation online that could negatively affect the brand, core values, codes of conduct, and safety of individuals both inside and beyond the workplace and that complexity becomes even more cumbersome.

Financial institutions uncovering and exiting employees for administration of extremist websites sound like prime-time dramas. However, they are real-world examples of where having a strategy for exiting dangerous employees from the workplace is a best practice now that home and work boundaries are increasingly blurred. And with most employers monitoring their workforces, it's becoming increasingly important to understand why more workers are under review.

The Cost of Free Speech
While the First Amendment grants all Americans the right to free speech, few corporate, legal, or HR teams have the appetite to proactively monitor their employees' non-work-related social media presence. This so-called Online Disinhibition Effect (ODE), coupled with the perceived anonymity of the Internet, can empower people to freely express their opinions about almost anything, from restaurants and political candidates, to foreign policy and ethnic groups, forcing employers to rethink traditional HR modalities that keep work and private domains separate.

Organizations must consider their public reputation — the brand, the company's board, and executives — who all have a stake in ensuring that extremism and other hate-based sentiments stay far from the workplace. When does it make sense to investigate reported behavior and when does it make sense to turn a blind eye? While extremely fact-specific, the ability for investigations to be actionable depends on whether extremist online content violates the company's policies embedded in its employee handbook, code of conduct, onboarding materials, or state-based privacy laws.

Once these policies are in place, a transparent culture of "see something, say something" can often be fruitful, allowing others within the organization to point to behavior that requires a deeper review. 

Building a Compliance Framework
Legal and human resources are aware of the need to update employee handbooks to advise employees that all company-owned equipment will be subject to reclamation, monitoring, and examination, in line with a legitimate business purpose, which is necessary given federal laws that restrict workplace monitoring. However, not all in-house counsel and operation teams include proper language in handbooks to ensure that remedial action can be taken for social media postings by employees when not on company equipment or time.

Legal and HR practitioners must notify their employees of the company's ability and intentions to monitor, investigate, and take action for behavior that crosses the line, whether it takes place on corporate devices or online. If the notification language gets embedded in the code of conduct or BYOD policy, make sure there is a nexus between such policies and the employee handbook so that consent can be demonstrated.

Effective Monitoring in the Workplace
In reality, few companies have an appetite for devoting resources to monitoring employees' non-work-related social media proactively for threats, and such an approach would be ill-advised.

However, an agile security team that quickly responds to reporting on threats can benefit from focusing on:

  • Disinformation
  • Outlets that can be prioritized
  • Account(s) or handle(s) being used
  • Technical signatures cloaking true identities

While these elements may appear more manageable, corporate devices are the most efficient means to determine if an employee violated code of conduct or use of corporate systems by engaging in illicit or suspicious activity. Internal investigations and security teams must have visibility into appropriate endpoint, network, chat, email, and application log traffic to engage these types of investigations. Finally, they have to maintain a robust "outside the firewall" external threat-hunting capability, including open source and Dark Web intelligence attribution research, technical signature analysis, and direct threat actor engagement.

When to Take Action and When to Stand Down
After policies are established, tested, and the security team implements a monitoring strategy, they will be operationalized. Threats of violence using corporate or personal devices can justify termination of the offending employee. However, if an investigation finds allegations of membership in a known extremist group, even with robust policies in place, termination can still be controversial, therefore needing a stronger security, legal, and HR coordination. Depending on how robust corporate policies are and subject to state privacy laws, termination can typically occur when a corporate asset is used to participate in or solicit violent extremist activity during work or in off-work hours, including use of company email.

However, participating in or soliciting online extremist activities without the incitement of violence after work hours on personal devices may present an edge case that may not be actionable. In this situation, additional monitoring may prove necessary, to a point. The question of when to stop monitoring an employee is another issue that employers will have to address on a case-by-case basis. 

Within any investigation, fact patterns are rarely black and white. It's important to get ahead of these issues before a significant event or violence occurs and an employee shows up on the front page of the news, forcing the company to do damage control. Close coordination between human resources, legal, and security functions within an organization, in conjunction with an open culture that empowers the reporting of abusive or threatening behavior, can stop violence and negative brand impact before it happens.

Jennifer DeTrani is General Counsel/EVP, Corporate Secretary and Head of Culture of Nisos, a Managed Intelligence™ company that focuses on helping clients develop an effective response to advanced cyber threats.  Jennifer is a visiting ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33035
PUBLISHED: 2021-09-23
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the all...
CVE-2021-34767
PUBLISHED: 2021-09-23
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that V...
CVE-2021-34768
PUBLISHED: 2021-09-23
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected dev...
CVE-2021-34769
PUBLISHED: 2021-09-23
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected dev...
CVE-2021-34770
PUBLISHED: 2021-09-23
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a deni...