Conversation

Never, EVER, do anything that might create personal legal liability for yourself on behalf of your org.

No matter what anyone says, you are not "family." You are not "in this together." And most importantly they do NOT "have your back."

5
10
0
@malwarejake (Not so) funny story: banks around here test critical systems on prod because testing on test would risk being non-compliant if the regulator doesn't find the test system "similar enough" (whatever that means) to prod. Regulation also mandates that users on prod must be "real" because anti-laundering and whatever. In the end you either test with a real account on prod or you don't work for that client anymore.

As a company owner, I took one for the team and set up a personal bank account for testing. Surely enough, it resulted in me getting fucked *at another bank* (costing me considerable money).
0
1
19

@malwarejake If your employer ever even hints at asking you to do something illegal your next step should be to find another job. Even if you answer "no" working there is unlikely to work out well in the long run

1
1
0

@ithoughtisawa2 @malwarejake There are many things you can be asked to do which could create personal liability that are not illegal.

1
1
1

@malwarejake When I worked in a home mortgage call center for a certain "Well" known bank, they made you sign a document stating you agree to pay up to $4,000* towards any legal dispute between the customer and them that involved your call.

Just working there in customer service put a personal legal liability on you. I'm not talking about being a certified broker agent. It was regular customer service for home mortgages.

*I can't remember the exact amount, but it was several thousand dollars, which was significant when you only made $16/hr!

3
2
0

@malwarejake can you provide an example of something that could create liability?

1
0
0

@lnogue Sure - when someone says "it's okay, just say we have a vulnerability management program on the insurance underwriting form. We did a vuln scan in 2022, so it's cool."

0
1
0

@malwarejake and remember: should an attorney ever be involved, ask if they are advising you as your attorney.

1
0
0

@dank I would *not* trust a company-provided attorney to have *your personal* best interests at the forefront.

If an attorney becomes involved, then get your own. Yes, I know they are generally expensive. Yes, I'm sure your employer will tell you it's unnecessary. But simply the fact that an attorney *is* involved with something you're asked to do at work should tell you plenty.

@malwarejake

1
0
0

@mkj @dank I hate to say it, but I agree with you. I would hate to spend money on an attorney, but I've seen first hand what happens when you don't.

0
1
0

@catsalad @malwarejake that “well” known bank is a known pos so that almost doesn’t surprise me. What a huge yikes

0
1
0