what day is it, boy?
I've been thinking about Christmas at work and how, since 2020's COVID lockdown, our perks have been reduced. I've been in the same job for 20 years and the company has changed hands a few times in that timeframe. It's quite noticeable how less benificent our lords and masters have become.
The first Christmas I was there, we had an office Xmas meal (paid by the employer) at a nice restaurant; at some point in the back half of December the MD would descend from on high and personally deliver a box of chocolates, a couple of bottles of wine and a Christmas card containing a gift voucher - each employee would get a handshake and personal thanks from the dude who owned the company; those who worked Xmas Eve were treated to a hot breakfast delivered to the office (a hot sandwich or bacon/sausage roll/bap/cob) and Christmas Eve consisted of party games, soft drinks and nibbles until the office closed at mid-day whereupon there would be a round of drinks waiting for us, paid for by the MD, at the local pub.
As the years passed and the company changed hands, these treats have eroded away to virtually nothing. Obviously we don't now get the Xmas card and personal thanks from the MD - they've disappeared to live out their retirement in warmer climes - but we don't even get an email from the new dude. The chocs and wine disappeared when COVID hit, as did the hot breakfast - never to return. The office Christmas Meal is now something we pay for ourselves and the Xmas voucher has officially been knocked on the head.
We were told last year that we weren't able to have a company-funded Xmas meal because the company's other offices around the world do not have such a budget for company-funded Xmas meals and it would be unfair to them if we had one.
The company is doing ok, business-wise. It's not a case of belt-tightening to get us through a shaky end-of-quarter. This is evidenced by the fact the company recently attended a massive conference, flying employees in from all over to attend, fed them, put them up in hotels and paid for them to schmooze other company's people. So it's not short of money.
It just means that we are not an important part of the business that requires a small gesture of thanks at the end of the year for all our hard work. The important parts are the ones already getting freebies and jolly boys outings on the company dime.
Over the last two years we've seen our employee benefits reduced across the board, our health cover, insurance, pension contributions have all been reduced - albeit slightly, but reduced all the same. It's not very conducive to doing anything other than coasting.
So... Anyway...
The BBC News website ran a story a couple of months ago about cybercrime, specifically ransomware attacks. It was written by a BBC journalist who reports on tech news for the corporation. He was contacted via email by a hacker group who suggested he supply them with his BBC login, which they would then use to launch a ransomware attack on the BBC systems. He would then get a percentage cut of the ransom payment they would receive - which would amount to around $50,000 for him. He thought they had mistaken him for an actual IT guy at the BBC, rather than a journo that reports on IT stuff. He wasn't a tech guy at all.
Sensing an interesting story, he replied and started a dialogue with them. It was pointed out by the guy he was talking to that a lot of ransomware attacks don't succeed through phishing emails, or the sort of complex remote hacking you see in television dramas. Most ransomware attacks start with a similar exchange like this one, a direct appeal to someone working in the business. It could be someone who wants the money, it could be someone with a grudge against their employeer who, when requested, would hand over their logins to a hacker group who would then log in and compromise their systems.
The company I work for regularly holds training courses for staff, these courses range from recognising and stopping discrimination, to preventing workplace harassment, to internet security - recognising and dealing with phishing and hacking attempts - amongst others. Nowhere in the training for internet security do they mention being aware of employees being approached by hacker groups.
So it seems to me that the best way to safeguard against disgruntled employees selling their login details to hackers is to make your employees happy, make them feel appreciated, make sure they're suitably rewarded for their efforts. So if a hacker group ever comes knocking, they don't immediately say "Yeah, sure, screw those guys; they've cut my travel expenses and dental, I'll take a 5% cut of your $15m ransom money, Russian hacker dude."
I'm not petty enough to do that. But I'm pretty sure there are plenty of people who are and it's possibly something that all employers should be mindful of.
edit I know this sounds like a massively entitled moan, so sue me. Yes, I should be grateful I've got a job, but when your job starts stiffing you and still you're told that it's expected you give 110% each day, when each day it feels like another percent is taken from you? Well that's a bitter fucking pill to swallow.