| ▲ | baxtr 4 days ago |
| In my humble experience company secrets are mostly useless for other companies. |
|
| ▲ | dataviz1000 4 days ago | parent | next [-] |
| This reminds me of that one time after working at a company for 4 months they informed me they were in a middle of an IP lawsuit which is part of the reason they hired me to rewrite the front end without knowing that was going on. That was f*(ked for reasons. Whatever the case, the only time people look at your social media history is to look for attacks and the only reason they will look at a company's slack messages and emails are to look for attacks during discovery. I would argue that company secrets are mostly useless for the company but very, very useful to other companies. For this reason, there should be retention policy of a day or two for almost all communication unless it is important, required by law, or documentation. And, definitely do not share that information with the public without good reason. |
|
| ▲ | simonw 4 days ago | parent | prev | next [-] |
| The bigger issue is around "material non‑public information" in stock market terms - things like unreported sales figures which someone could use to make trading decisions. Using that information for trading is illegal, but so is exposing that information outside of approved channels. |
|
| ▲ | bravesoul2 3 days ago | parent | prev | next [-] |
| Except when they aren't. Defence in depth and zero trust and short expiry makes them way less useful for sure. Startups are probably most vulnerable as they are likely to use more "pet" techniques for infra, like SSH open to any IP to make changes. |
| |
| ▲ | baxtr 3 days ago | parent [-] | | Can you provide an example of a revealed secret that had a significant financial impact on a company? | | |
| ▲ | brookst 3 days ago | parent | next [-] | | The Panama Papers killed one company and cost others hundreds of millions. The Uber hack. Cambridge Analytica. | |
| ▲ | bravesoul2 2 days ago | parent | prev [-] | | Ok I thought this was talking about secrets as in keys. |
|
|
|
| ▲ | SoftTalker 4 days ago | parent | prev | next [-] |
| Then why are they secret? |
| |
| ▲ | wkat4242 4 days ago | parent | next [-] | | Because its hard to define the parts that are really sensitive. At our work people must classify every document but a lot of people choose public for everything because it doesn't enforce any restrictions. So they can just dump it in a folder and share it with the whole company. This is not what we want them to do obviously but people are lazy, don't like to create access lists. But anyway it means we can't rely on the classification. And indicator detection like credit card and social security numbers is far from perfect. A lot of sensitive info will just be text, like about new products being developed. 3D models, code, strategy emails. Also, if people start rooting around in everything they can take things out of context. If I send a message to my boss that I think that something we're doing is stupid, if that were public it could make some waves even though internally it's inconsequential because I'm a nobody. Also, many documents might have one or two bits that hint to really important information and having them can help finding those As you probably know, there's tons of information in a multinational and the hardest part is finding the right stuff. This is one of the main tasks I use Copilot for. Also because outlook and SharePoint search are really terrible though. If those actually worked I wouldn't need copilot so much. | |
| ▲ | reaperducer 4 days ago | parent | prev | next [-] | | At most of the companies I've worked, low-grade managers love to hoard secrets. It makes them feel powerful. Someone gets promoted from Lower Level Manager Grade 4 to Lower Level Manager Grade 5 and they feel all "Oooh! Look at the new things I know!" My mother-in-law is like this with knowing what various relatives are doing. Being the gatekeeper of knowledge gives her imagined power. I guess it's just part of the human condition. | | |
| ▲ | SoftTalker 4 days ago | parent [-] | | Why limit it to low-grade managers? I know sysadmins and programmers who behave exactly they same way. They could give you permission or a script to do the thing you need to do but they'd rather have you come to them and ask them to do it. Gives them a sense of purpose, I guess. | | |
| ▲ | pastage 4 days ago | parent | next [-] | | Being such a person that fixes lots of stuff for other people nothing I do is secret but learning to do it seems too hard for most. What I do is try to delegate if I find people that do want to learn. If someone shows me they are good at something they are going to have to expect being sent trickier problems. Sometimes it might seem like I keep things a secret. I am probably just having a bad day. | |
| ▲ | dns_snek 4 days ago | parent | prev | next [-] | | That has an awful lot to do with what "the thing" is. I'm sure there are a few people out there doing it just to feel more important, but often there's a good reason for denying someone access - either it's just a terrible idea to begin with or they don't know you well enough to trust you without someone else (i.e. their boss) specifically requesting it. I could be off base here about your experience, but I know that some people made the same comments about me when I pushed back on sharing dangerous credentials with inexperienced coworkers. Damned if you do, damned if you don't. | |
| ▲ | jon_adler 3 days ago | parent | prev | next [-] | | It may depend on what the script is for or the system being used. Segregation of duties is a risk mitigation principle of ISO 27001 to reduce fraud, waste, and error. | |
| ▲ | arccy 3 days ago | parent | prev [-] | | i feel for sysadmins it's more a case of: we gave developers permissions and they made a mess of the system because they just copy / paste whatever drivel they saw from SO / an LLM, so unfortunately we have to limit your permissions. |
|
| |
| ▲ | kingofmen 4 days ago | parent | prev | next [-] | | Because "mostly" does a lot of work in that sentence. Companies, like militaries, keep secret a lot of information that would be safe to release because they don't know which bits are highly unsafe. | |
| ▲ | samastur 4 days ago | parent | prev [-] | | Paranoia and not knowing which ones fall into "mostly" category :) |
|
|
| ▲ | wkat4242 4 days ago | parent | prev [-] |
| That's why corporate espionage is a really lucrative industry? Of course it depends what secrets. 99% will just be internal process drivel and inter departmental bickering but there's some real important stuff in there too. |
