A former Twitter employee, Gary Rooney, won about $600,000 for unfair dismissal after Twitter assumed he resigned by not responding to Elon Musk’s “hardcore” work email.
The case highlighted the importance of clear communication between employers and employees, especially regarding significant changes in employment terms.
Rooney’s private Slack messages, where he discussed leaving, were used as evidence by Twitter, underscoring that internal communication on platforms like Slack is not always private and can be used in legal disputes.
I would assume they have some basic stuff running 24x7. I can’t imagine a network which doesn’t have Endpoint Detection and Response (EDR) running 24x7 these days. There’s also things like firewall logs, which are almost certainly being captured (or at least netflow). Stuff like screen recording and mouse monitoring is probably saved for extreme cases. That said, my own experience has been pretty close to:
Quite frankly, no one’s got time for that shit. I work at an organization with a bit north of 25,000 employees, and we have less than a dozen security analysts. While I could run a search against our firewall logs and see evidence of folks dicking around. I have much better things to do, like running down abnormal processes and writing up reports on users who got their systems infected while dicking around. And that’s really the way it comes to our attention, most of the time. Someone is out trying to download movies or software on their work laptop (you’d think people would know better…) and they pickup malware. We get an alert and start investigating. While trying to determine the source, we pull browser history and see the user out on “SketchyMovieSite[.]xyz”. And then their dicking around becomes our problem, mostly because the site had a malicious redirect, which is where the infection came from.
So ya, they may not be looking, but I’d always bet they are recording. Logging isn’t useful if it isn’t recording at the time of the compromise.