Jake WilliamsNever, EVER, do anything that might create personal legal liability for yourself on behalf of your org.
No matter what anyone says, you are not "family." You are not "in this together." And most importantly they do NOT "have your back."
buherator@malwarejake (Not so) funny story: banks around here test critical systems on prod because testing on test would risk being non-compliant if the regulator doesn't find the test system "similar enough" (whatever that means) to prod. Regulation also mandates that users on prod must be "real" because anti-laundering and whatever. In the end you either test with a real account on prod or you don't work for that client anymore.
As a company owner, I took one for the team and set up a personal bank account for testing. Surely enough, it resulted in me getting fucked *at another bank* (costing me considerable money).
As a company owner, I took one for the team and set up a personal bank account for testing. Surely enough, it resulted in me getting fucked *at another bank* (costing me considerable money).
Simon Flett@malwarejake Excellent advice. Which in the context of British legal & financial services companies means if you volunteer to be COLP (compliance officer) or MLRO (money laundering reporting officer) you're, frankly, a big of a mug.
Amber 
@malwarejake yeah i've seen countless times people learning this lesson the hard way as the organization leaves them to the wolves.
Dan@malwarejake and remember: should an attorney ever be involved, ask if they are advising you as your attorney.
I Thought I Saw A 2 
@malwarejake If your employer ever even hints at asking you to do something illegal your next step should be to find another job. Even if you answer "no" working there is unlikely to work out well in the long run
Jargoggles@malwarejake
Always ask for the request in writing, too.
Always ask for the request in writing, too.
Cat ππ₯ (D.Burch) 
β @malwarejake When I worked in a home mortgage call center for a certain "Well" known bank, they made you sign a document stating you agree to pay up to $4,000* towards any legal dispute between the customer and them that involved your call.
Just working there in customer service put a personal legal liability on you. I'm not talking about being a certified broker agent. It was regular customer service for home mortgages.
*I can't remember the exact amount, but it was several thousand dollars, which was significant when you only made $16/hr!
@catsalad That's horrific.
Alex@catsalad @malwarejake (has worked in a few call centers)
That does not surprise me.
rail [see pinned posts]@malwarejake always insist to have any sketchy requests sent to you via email
always archive your emails in a way that org IT can't manipulate
Leta_Darnell@malwarejake Please send this, and an emphasis on making sure you don't look dumber than a first-grader to my health insurance.
groff πΊπ¦
Ms. Que Banh@malwarejake Especially if your employer is the government / public service employer. They'll not only hang you out to dry - they'll try to place blame on you too, if you're foolish enough to agree to do shady things for them. Do not do it. Quit. Find a new job - staying around doesn't help in the long run.
@malwarejake can you provide an example of something that could create liability?
@lnogue Sure - when someone says "it's okay, just say we have a vulnerability management program on the insurance underwriting form. We did a vuln scan in 2022, so it's cool."
Orca π» | π | πͺ | π΄π³οΈββ§οΈ@malwarejake And they won't do things "for your own good" π
barnaba@malwarejake unless your org is a mob
silfra@malwarejake Truer words were never said.
This is Hell@malwarejake @GuyDudeman π―π―π―
Eric McCorkleOne of you is going to be on the witness stand, and the other is going to be the defendant. You only get to pick who's who.