What do you do you with such incompetent employees if you are a boss in such a situation? Would you then fire him from the company, or arrange a proper training for him. Kindly share your views.
Record SSH Sessions on Linux servers when employees Work from Home( WFH).
We would recommend setting up a Jump Host to record SSH sessions of your staff when they are working remotely. The remote staff would have to hop through the Ezeelogin Jumphost before accessing any Linux servers.
The jumpbox can then be put behind a VPN /Tunnel. The access to the centralised jump server would be authorised only using RSA Keys or using SSH Certificates which would help you achieve security certifications like PCI DSS, ISO 27001, HIPPA, FEDRAMP, NIST and more very easily.
10 features in Ezeelogin Jump server to secure access of remote employees on Linux servers when working via SSH
- Enable SSH Key based access only to your ssh gateway. Disable password based authentication.
- Two factor authentication – Ensure that 2FA is enabled on your jump server gui and for the ssh backend. Enable 2factor authentication such as Yubikey, Google Authenticator or DUO .
DUO 2FA https://www.ezeelogin.com/kb/article.php?id=164
Google 2FA https://www.ezeelogin.com/kb/article.php?id=147 –
- User Access Control – Setup access control for your employees so that they can access only the servers they need access to. For example, developers need to access only the development server and system administrator needs to access only production server etc.
- User Privilege Escalation – Make use of privilege escalation feature to ensure that employees login as a non privileged user only. The administrator can decide if the employee needs to escalate his privileges to root, if yes , it can be granted.
- Record SSH sessions – Monitor all your employee activities and you can always go back in time and search for any investigation. This is a mandatory requirement for being PCI DSS compliance and other.https://www.ezeelogin.com/kb/article…sions-208.html
- Integrate Ezeelogin with Active Directory so that you can easily import your employees into the jump servers. Users management is now very simplified. To enable to disable users, it can be done via your Active Directory.https://www.ezeelogin.com/kb/article.php?id=178
- Enable SAML authenticationif your organisation is already using SAML.https://www.ezeelogin.com/kb/article…erver-273.html
- Enforce Employee Password Rotation and disable inactive employees accounts on the jump server.
- Automated Server Password Rotations Periodically –
Its always good to go for ssh key based authentication, however if you have enabled password based authentication, you can easily rotate then across your server fleet periodically with cronjobs.
- RDP Access & Record RDP Sessions of Employees
I’ve recently joined a rapidly growing small business (from 4 to 20 people in last 12 months) with a very DIY IT setup. It’s fallen to me (I’m a developer so I just happen to be sitting nearest IT world…) to improve their security and specifically we are aiming to achieve compliance with Cyber Essentials (we are in the UK).
The general mode of operation is that every employee is on a MacOS or Windows8+ laptop (some purchased by the company, some personal devices), and all work takes place within Google Workspace. People also connect to Google Apps like Gmail on their personal phones. There is an internet connection and wireless router in the office, but not other infrastructure to speak of.
I have prepared a long list of “to-do’s” for the users of these laptops which would bring them in line with Cyber Essentials requirements, but I wondered what the guidance would be on employees “self-managing” these things (with formal training, assistance and regular check-ins). There is no device management in place and everyone just uses them like their own devices.
It could make sense to recall, wipe, set up device management of some sort, and re-issue the laptops to employees – but this would be incredibly disruptive and met with much resistance so I am keen to either avoid that or make sure I am 100% sure before requesting it.
I wondered if the protections offered by Google Workspace’s endpoint protection/device management would be considered sufficient, given that business data never leaves Google Workspace (and indeed the new policy would be that this act would be a HARD no for employees!). Obviously this leaves tasks like running updates, keeping security features turned on, etc up to the employee – but that’s no different to a BYOD situation – right?
I would be keen to know if anyone out there has been in a similar position. I do feel like the hard way is probably the right way but any advice would go a long way to helping my argument for this with management.
Bitcoin Stack Exchange is a question and answer site for Bitcoin crypto-currency enthusiasts. It only takes a minute to sign up.
Sign up to join this community
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
There are a lot of institutional investors in BTC now, some even having 9 digit figures or higher. How many employees have access to the private key in such institutions and can do a trade?
If I understand Bitcoin correctly, a transaction cannot be traced (at least not to a real person – only to an anonymous wallet) neither can it be undone. So what stops an employee having access to transactions from stealing millions of dollars? Given the amounts at stake it cannot be simply trust. Also if you have a sort of 4-eyes approval for transactions two employees could team up and commit the theft. If every transaction needs the approval of some high management or CEO it would be very unpractical. It would be also very risky to only have very few people in the company have access to the key since it increases the risk of it getting lost, basically also losing all the investment.
Obviously the employee could be identified, but maybe they could fake a robbery and argue their life was at risk. Or even if they go to jail for a couple of years they would still be very well of once they get out. Other options are getting out of the country or event committing the theft while abroad.
Since I haven’t heard of any of these cases I guess, there is some mechanism that prevents this scenario. But how?
If the company follows good security practices no single person would have access to the cold wallet where 90+% of the funds would be stored.
There might be single employees with access to the hot wallets which are the ones that are doing the day to day transactions and when the hot wallets run low transfers from the cold to hot wallets would require multiple participants (for example 6 out of 11 multisig or similar)
We have server with domain controller in our company and all employees are connected to the server through user accounts and have access to specific folders based on their privileges.
Due to COVID pandemic, we need to let our employees work from home for several days.
what is the best practice to achieve this task?
what are the requirements (Real IP, VPN Server or role .. etc) knowing that our server OSis win server 2012 r2.
For PII, we capture mostly emails, mobile and name of users who signup on our website. Along with this purchases made by users are also a sensitive data. Protecting this data for users privacy is as important as not letting any disgruntled employee from selling this data to our competitors.
This data is stored in MySQL database, and some of employees in Tech department need Read Only access to this production database. Some of the reasons why they need it are:
- Debugging a issue that is happening with a specific user and non reproducible in local environment
- Creating one time reports by writing complex MySQL queries
- Dumping email address or mobile for uploading in a third party communication platform like Twilio for sending a broadcast Email or SMS to users
- Dumping users data for cleaning and analytics purpose in excel sheets
- For debugging some high priority issue happening in production environment
While doing these activities, it’s likely that some dump of data may reside in the local computer system, emails etc. And it can be leaked accidentally or deliberately by an employee. We can’t encrypt this data, because various departments in organization need access to it for completing their job effectively.
What are the ways by which we can ensure data safety by taking any technical measures (NDA and legal agreements with employee are already in place)
I think that giving bonuses to employees is a very good idea. You give them a target then provide a bonus to whoever surpasses that target. That motivates them to work hard. Now, I know the pandemic affected businesses really negatively, but employees are still trying to provide the best work and the bonus should still be there. Maybe it can be reduced a little but the motivation should continue.
As some of you may know, I work in the field of Human Resources. Recently, I’ve been offered a job at a Casino managing their HR department (I actually start Monday!). I was hoping to see if some of you would be willing to answer some questions for me for a internal/external equity survey I’m doing!
- What is one job trait you cannot stand in a manager/supervisor? (I.e, micromanaging, doesn’t help, etc.)
- If you could implement one thing in your current job, what would it be? (And what is your current job??)
- How important are medical benefits to you?
- If you could have no PTO for two years, but get offered free medical benefits on a decent medical plan, what would you think?
- How important is a 401k? Would it help you determine if you wanted to work for a company or not?
- Name one thing your company could do right now to improve employee moral?
- What would you want if you were awarded employee of the month?
That’s all! I appreciate everyone who is willing to fill out those questions!
Can anyone recommend a work flow using some kind of web application that my employees can use to submit expenses for reimbursement and also request supplies? We’re not a large company, around 10 people in the field.
I would like to have a queue of expense reimbursement requests and supply requests from my field workers that my admin people can fulfill. Right now people just text me and I send them money or order them stuff. It’s chaos.
I would like something where my field people can submit a request, sometimes with an image or other document (usually a screen shot of a receipt or perhaps a picture of the supply they need), then my admin people can see the list of requests and order supplies or tell me to send monetary reimbursements.
Later on I would like to be able to have some way of seeing how much money and supplies each employee is using/spending. Such as by running a search or report.
I have a requirement where I need to store information on Employees in a company that owns(?) a sports team and also store information on Players from other teams that are not Employees of this company. The Players in the team(i.e owned by the company) are also considered Employees hired by the company.
For the design, what I have done is create two Entities called Employees and Players and have a Player id key as FK in the Employees Entity. The Employee Entity also has Employees that are just employees and not players. With the player id fk, Employees that are Players will have a player id fk, while other employees will not. That way I have information about Employees, player or just normal employees, in Employee entity. And in the Players entity I only have information specific to all the players hired by the company or just other players from other teams(not owned by the company). Is this the right way to go? I haven’t shown the subclass/subtype relation between Employees and Players entity because not every player in the Players entity is an Employee. Am I in the right direction?
I know this is not the very best explanation I guess but please do ask for any clarification. Thank you