Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Employee Sentiment

Employee Sentiment

Section titled “Employee Sentiment”

5 automated security scanners

Internal Security Process Exposure

Section titled “Internal Security Process Exposure”

Purpose: The Internal Security Process Exposure Scanner is designed to identify unauthorized disclosure of internal security procedures, tool usage, and policy sharing through public sources such as GitHub repositories, LinkedIn profiles, news articles, job boards, and SEC filings. This exposure can lead to vulnerabilities being exploited by malicious actors, posing a significant threat to the organization’s security posture.

What It Detects:

  • Leaked Security Procedures: Identifies mentions of specific internal security procedures or protocols in publicly accessible documents.
  • Tool Disclosure: Detects references to internal tools, scripts, or software used for security purposes.
  • Policy Sharing: Finds instances where company-specific policies are shared publicly.
  • Breach Mentions: Identifies mentions of security breaches or incidents in public records.
  • Tech Stack Disclosure: Detects the disclosure of technology stacks used by the company, which can provide insights into potential vulnerabilities.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: The unauthorized disclosure of internal security procedures, tool usage, and policy sharing can lead to vulnerabilities being exploited by malicious actors, potentially compromising sensitive information and leading to significant financial losses, legal repercussions, and damage to the organization’s reputation.

Risk Levels:

  • Critical: Conditions that directly lead to the exposure of critical security procedures, tools, or policies in public documents.
  • High: Conditions that expose potential vulnerabilities or breach mentions in a way that could be exploited by malicious actors.
  • Medium: Conditions that suggest general tool usage or policy sharing without direct exposure but still pose a risk if not properly managed.
  • Low: Informal mentions of tools, policies, or procedures that do not directly compromise security.
  • Info: Non-specific references to technology stacks which may indicate broader skill sets but does not directly impact security.

Example Findings:

  1. “We identified an unauthorized access incident on our system.” - This finding indicates a critical risk as it involves direct exposure of a security breach.
  2. “Experience with AWS and Azure is required for this role.” - This high-risk finding suggests the disclosure of internal policies or expectations regarding technology usage within the organization.

Layoff Impact Assessment

Section titled “Layoff Impact Assessment”

Purpose: The Layoff Impact Assessment Scanner is designed to identify potential vulnerabilities in an organization’s security posture resulting from layoffs, reductions in security team size, gaps in knowledge transfer processes, and issues with access termination. This tool helps organizations assess the risks associated with workforce changes and ensures that critical security measures remain intact despite organizational restructuring.

What It Detects:

  • Security Team Cuts: Identifies instances where phrases related to layoffs or reductions in security roles are detected within company statements, suggesting potential compromises in organizational security posture.
  • Knowledge Transfer Gaps: Detects mentions of knowledge transfer processes and identifies gaps that may arise from onboarding deficiencies or inadequate documentation during employee transitions.
  • Access Termination Issues: Identifies situations where access rights are terminated without proper procedures, which could lead to unauthorized access and potential data breaches.
  • Security Incident Coverage: Detects any mention of security incidents linked to staff reductions, highlighting the need for immediate attention to prevent future occurrences.
  • Risk Factor Disclosures: Uncovers risk factors disclosed by the company that may be exacerbated due to workforce changes, emphasizing the importance of ongoing risk management and mitigation strategies.

Inputs Required:

  • domain (string): The primary domain of the organization’s website to analyze for relevant statements.
  • company_name (string): The official name of the company used for searching specific terms within their documentation or communications.

Business Impact: This scanner is crucial as it helps in proactively identifying and addressing security vulnerabilities that may arise from layoffs, ensuring that critical knowledge and access controls are not compromised by hasty workforce adjustments. It supports ongoing risk management and compliance with regulatory requirements by highlighting potential gaps and risks associated with organizational changes.

Risk Levels:

  • Critical: Conditions where there is a direct threat to the organization’s security infrastructure due to significant layoffs or reductions in key personnel, leading to immediate attention for strategic planning and corrective actions.
  • High: Situations involving substantial knowledge transfer gaps or abrupt access terminations that could lead to unauthorized activities within the company, requiring urgent review and remediation.
  • Medium: Issues such as partial knowledge loss or delayed access termination procedures that may not directly compromise security but are indicative of larger process issues needing improvement.
  • Low: Minor informational findings related to minor staffing changes or procedural oversights that do not significantly impact organizational security posture but could be indicators for continuous enhancement in HR and IT practices.
  • Info: Minimal findings that provide general insights into company communications, such as routine statements about ongoing training or standard access termination policies, which are informative rather than critical.

If the README does not specify exact risk levels, one might infer that Critical risks are those with immediate operational impact, High risks indicate potential severe consequences requiring urgent attention, Medium risks suggest moderate concerns needing improvement, Low risks may be minor issues for future consideration, and Info findings provide general context without significant security implications.

Example Findings:

  • “During our latest restructuring, we have reduced the size of our cybersecurity team. This change is part of our cost-saving measures to better align with market conditions.” - Security Team Cuts
  • “We are reviewing and updating our onboarding procedures to ensure that new hires can quickly become productive in their security roles.” - Knowledge Transfer Gaps
  • “All terminated employees will have their access rights removed immediately upon departure, as per our standard procedure for maintaining data integrity.” - Access Termination Issues

Post-Employment Activity Monitoring

Section titled “Post-Employment Activity Monitoring”

Purpose: The Post-Employment Activity Monitoring Scanner is designed to proactively identify and mitigate potential security risks associated with former employees by detecting unauthorized access, targeting of ex-employees in malicious activities, and the misuse of lingering credentials. This tool aims to safeguard sensitive company information and prevent future security incidents involving ex-employees.

What It Detects:

  • Alumni Access Detection: Identifies mentions of current or past employees accessing company resources, indicating ongoing use of employee accounts after termination.
  • Former Employee Targeting: Searches for references to former employees being targeted in phishing attempts, social engineering, or other malicious activities, suggesting that ex-employees are being exploited as vectors for attacks.
  • Lingering Credentials: Identifies instances where old credentials may still be active or misused, indicating potential credential reuse or unauthorized access.
  • Security Incident Involving Former Employees: Detects security incidents directly involving former employees, such as data breaches initiated by ex-employees, which are indicative of insider threats.
  • Public Records and OSINT Indicators: Utilizes public records and open-source intelligence (OSINT) to gather information about alumni activities across various platforms like GitHub repositories, LinkedIn profiles, news articles, job boards, and SEC filings for relevant data.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This input is crucial for searching and monitoring the specified domain for any suspicious activities related to former employees.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”) - The company name helps in refining search queries to accurately identify relevant mentions of ex-employees within internal documents, communications, and public records.

Business Impact: This scanner is critical for maintaining the security posture of an organization by proactively identifying potential threats posed by former employees who may still have access to sensitive information or be used as vectors for malicious activities. The ability to detect unauthorized access, targeted attacks on ex-employees, and lingering credential misuse helps in preventing data breaches and safeguarding intellectual property.

Risk Levels:

  • Critical: Conditions that directly lead to severe security incidents, such as significant data breaches initiated by former employees, are considered critical risks.
  • High: Risks involving unauthorized access to sensitive information or ongoing use of ex-employee accounts pose high threats to the organization’s security.
  • Medium: The risk level is medium when there are indications of potential credential misuse or targeting of ex-employees for malicious activities, which could lead to future incidents if not addressed promptly.
  • Low: Informational findings that do not directly impact security but may indicate broader issues warrant an info status, allowing further investigation and monitoring without immediate action.

If specific risk levels are not detailed in the README, these inferred levels should be considered based on the severity of potential impacts identified by the scanner.

Example Findings:

  • A former employee is found accessing company resources via a VPN after termination using old credentials that were never deactivated.
  • There are multiple mentions of ex-employees being targeted in phishing emails, suggesting ongoing engagement with these individuals for malicious purposes.

Review Sentiment Analysis

Section titled “Review Sentiment Analysis”

Purpose: The Review Sentiment Analysis Scanner is designed to identify potential issues within public records and OSINT sources that could impact a company’s security posture and employee sentiment. It detects security complaints, process criticisms, leadership concerns, technical vulnerabilities, and analyzes overall employee sentiment through textual analysis of SEC filings, LinkedIn, GitHub, news articles, and job boards.

What It Detects:

  • Security Complaints: Identifies mentions of data breaches, security incidents, unauthorized access, and compromised systems.
  • Process Criticisms: Detects criticisms related to the company’s technology stack and processes, including specific technologies like AWS, Azure, GCP, Kubernetes, Terraform, Ansible, Docker, Splunk, Datadog, and Elastic.
  • Leadership Concerns: Identifies concerns or criticisms directed at leadership, including management and executives.
  • Technical Vulnerabilities: Detects mentions of specific technical vulnerabilities or security advisories such as zero-day exploits, known vulnerabilities, and unpatched software.
  • Employee Sentiment: Analyzes sentiment related to employee experiences, including complaints about working conditions and management practices.

Inputs Required:

  • domain (string): The primary domain to analyze, e.g., acme.com.
  • company_name (string): The company name for statement searching, e.g., “Acme Corporation”.

Business Impact: This scanner is crucial as it helps in identifying potential issues that could affect the security posture of the organization and influence employee sentiment negatively. Early detection can lead to proactive measures to mitigate risks and improve organizational resilience.

Risk Levels:

  • Critical: Conditions that pose a significant risk to the company’s operations, such as severe data breaches or public disclosures of critical vulnerabilities.
  • High: Conditions that could significantly impact business functions, including notable security incidents or major process inefficiencies.
  • Medium: Conditions that may affect operational efficiency but are less critical in terms of immediate risks, such as minor technical issues or some employee dissatisfaction.
  • Low: Informal concerns or suggestions that do not immediately pose a risk but could be indicative of broader issues needing attention.
  • Info: General information gathering that does not directly impact security or operations but might be useful for strategic planning.

Example Findings:

  • “The company has experienced multiple data breaches in the past year, raising concerns about its cybersecurity practices.”
  • “Employees have expressed dissatisfaction with management practices through anonymous feedback channels, indicating potential issues.”

Work Environment Security Indicators

Section titled “Work Environment Security Indicators”

Purpose: The Work Environment Security Indicators Scanner is designed to detect and report potential security issues related to remote work environments, physical security measures, policy enforcement, technology stack usage, and certification claims. It aims to provide insights into the security posture of organizations by analyzing public records, OSINT sources such as GitHub repositories, LinkedIn profiles, news articles, job boards, and SEC filings.

What It Detects:

  • Remote Work Security Issues: Identifies mentions of data breaches related to remote work setups, detects unauthorized access attempts targeting remote workers, and looks for compromised credentials or systems in remote environments.
  • Physical Security Complaints: Searches for reports of physical security incidents such as theft or vandalism, identifies complaints about inadequate security measures in office spaces, and detects mentions of security breaches that occurred due to physical vulnerabilities.
  • Policy Enforcement Issues: Analyzes breach disclosures for lack of adherence to company policies, checks for instances where policy violations were not addressed adequately, and identifies reports of non-compliance with industry standards or regulations.
  • Technology Stack Disclosure: Detects mentions of specific technologies used by the company such as AWS, Azure, GCP, Kubernetes, proficiency in tools like Terraform, Ansible, Docker, and knowledge of monitoring and logging solutions like Splunk, Datadog, Elastic.
  • Certification Claims: Searches for claims related to SOC 2, ISO 27001, PCI DSS, and HIPAA compliance, verifies the presence of these certifications in public records and job postings, and detects discrepancies between claimed certifications and actual security practices.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial as it helps organizations assess and improve their remote work, physical security, policy enforcement, technology stack usage, and compliance with industry standards, thereby enhancing overall security posture and reducing the risk of data breaches and other security incidents.

Risk Levels:

  • Critical: Conditions that directly lead to severe data breaches or significant compromise of sensitive information.
  • High: Conditions that pose a high risk of unauthorized access, system vulnerabilities, or policy violations with potential impact on business operations.
  • Medium: Conditions that may indicate suboptimal security practices or incomplete policy enforcement but do not immediately threaten critical systems.
  • Low: Informative findings that provide general insights into the company’s technology usage and compliance status without immediate risk to security.
  • Info: Non-critical issues that provide basic information about the company’s technical environment and compliance efforts.

If specific risk levels are not specified in the README, they have been inferred based on typical severity assessments for cybersecurity findings.

Example Findings:

  1. “Data breach occurred due to unauthorized access.”
  2. “SOC 2 Type II certified but lacks detailed security protocols in public disclosures.”