As employee surveillance becomes more common, IT managers increasingly find themselves tasked with establishing and enforcing monitoring policies at their organizations, whether it makes them uneasy or not.

Despite their potential discomfort, IT managers may have a responsibility to help determine how tech surveillance policies are developed, communicated, and operationalized, ethics and surveillance experts told IT Brew.

For starters, the manager of an organization’s IT department should be involved before any monitoring policies are settled on, let alone enforced, said Nancy Flynn, founder and executive director of the ePolicy Institute.

“Putting together these policies is a huge job, and it’s really tough for one person to have to accomplish this,” Flynn told IT Brew. Ideally, she said, a policy team should be formed with representatives from senior management, human resources, and legal or compliance, along with the IT director or CIO.

Keep reading.—TM

Achieving compliance isn’t the most straightforward process. Secureframe helps businesses get there easily through a comprehensive automation platform—without all the twists and turns.

Secureframe uses 150+ integrations, built-in security training, vendor and risk management, and more to make compliance uncomplicated. And once you achieve it, they’ll help you keep it by continuously detecting and remediating misconfigurations across your tech stack.

In need of cloud remediation? Secureframe has your back. Secureframe’s Comply AI for remediation makes fixing failing controls simple and speedy so you can secure your cloud environment and get audit ready.

Whether you need SOC 2, ISO 27001, or anything in between, Secureframe’s experts can guide you through every step of the process. So don’t delay—book a demo.

Some companies are preparing for an AI future by valuing employees who have a more human attribute: EI, or emotional intelligence.

Recent job postings on LinkedIn suggest traits like critical thinking and communication skills could become more highly valued among IT professionals, demonstrating the importance of thoughtful, human consideration in an AI future, where tech-generated outputs must be carefully analyzed before prompting important business decisions.

And in a recent Microsoft-led survey of 31,000 full-time and self-employed global workers, which included business decision-makers, managers, and employees, the traits of “analytical judgment,” “flexibility,” and “emotional intelligence” ranked top on the skills list for an AI-powered future.

Seth Robinson, VP of industry research at the nonprofit trade organization CompTIA, told IT Brew that a language-learning model’s query responses must be carefully considered, especially when the answers are surprising ones.

“Some of the beauty of AI is that it can give you results that you would have never expected,” Robinson said. “You have to be able to have the awareness and some of the emotional intelligence and situational intelligence to understand…is that unexpected result actually a step in the right direction? Or do we need to do some more tweaking?”

Keep reading.—BH

Add schools to the growing list of airlines, federal agencies, media companies, and other orgs hit by a breach of the managed file transfer software MOVEit.

In a June 24 letter, Emma Vadehra, chief operating officer at the New York City Department of Education, announced that the records of 45,000 students, plus DOE staff and related service providers, were potentially compromised. Impacted data includes Social Security numbers and employee IDs, according to the DOE statement.

While the cyberattack is another hit to the heavily targeted education sector, the MOVEit hack is a cross-industry compromise and one whose impact is still being understood.

“Currently, we have no reason to believe there is any ongoing unauthorized access to DOE systems. We will provide impacted members of the DOE community with more information as soon as we are able,” DOE spokesperson Nathaniel Styer wrote in an email to IT Brew.

Keep reading.—BH

Today’s top IT reads.

Stat: 50%. That’s the percentage of surveyed IT, security, and engineering pros who experienced a data breach via unauthorized cloud access. (Permiso)

Quote: “This idea has been brewing in my head for a while, but I think the final straw was when a password box told me my password was too long. Like, apparently it’s possible for a password to be too secure?”—Neal Agarwal, software developer and creator of the Password Game, a kind of Passwordle that keeps stacking strict requirements for your login credential (Ars Technica)

Read: Government agencies break down ways to secure your constantly changing codebases. (CISA/NSA)

Curiosity, piqued: Dig into tons of award-winning, original documentary films, shows, and series on Curiosity Stream. New content drops weekly, and you can stream on any device. Brew readers get 25% off.*

^{*This is sponsored advertising content.}