• 0 Posts
  • 375 Comments
Joined 2 years ago
cake
Cake day: June 20th, 2023

help-circle




  • I guess it depends on the company and their policies. I’ve been an admin in Google Workspace, and it’s almost hard to avoid seeing some of the reports of the metadata of external incoming and outgoing email.

    I remember we even had a rule for external emails with a name that employee name. This was mostly to identify and block scammers impersonating the CEO, but would also inadvertently catch a whole bunch of other weird stuff people were doing as well, but that was mostly someone setting up a shadow IT service that would send email with the name of an employee, which we’d then have to chase and figure out.

    I’m less familiar with the MDM software running on laptops, it’s possible that each file copied to a thumb drive is logged, so that is totally a risk, but i imagine it would be harder to detect if that’s a common thing that people do at the org.


  • Yeah, that could depend on the level of monitoring and access they have, and what your risk level is. Since they say it’s a small company, the laptops might not be managed, but almost certainly they will have reports on incoming and outgoing emails, and a bcc to a gmail address would be a huge red flag. I would assume that small PDF files copied to a thumb drive wouldn’t raise suspicion, but you’d want to fly under the radar and not have the number of files be crazy or the file size be huge, since that would move you to the top of the list in an aggregated report, and have more eyes on you.



  • FYI, your employer will probably see these outgoing emails from your mailbox, it will turn up in logs and be very obvious for someone in IT who you don’t even know if they see emails going to a random gmail address. You probably signed something when you were hired about not doing this, and it might create an IT issue for you. Also, since it’s a bcc, your boss’s replies won’t be there, so it probably won’t do you as much good as you think in proving they told you so. I would not recommend doing this.

    Depending on how much control they can see into your work laptop, i would recommend printing the email threads as PDFs and copying them to a thumb drive if you need them. This would be harder to detect, but if your laptop is managed by the org, and someone does have it out for you, they could be watching your every movement, so it isn’t 100% safe.

    If you think you are being closely monitored, I guess your best course of action would be to get an HDMI capture device on a personal computer, and then record your monitor as you’re viewing the emails.